rename grant_type=authorization_code&access_code=
to grant_type=authorization_code&code=
Also add &redirect_uri
Note that redirect_uri must match redirect_uri from the previous step.
yshteinm your explanation above was perfect! Turns out my only problem was that my base 64 encoding didn't have the ':' between client ID and client secret! Thanks so much!
Any help/hints would be appreciated...I guess I'm unclear on exactly how the ReadAuthorizationStatus endpoint works. The guidance document instructs to use GET and to include the access_token in the authorization. I'm having the same problem as unclek, but I'm not clear on what it could be.
please verify that access_token you received and sent are the same. Some people had problem with SQL cutting it or similar. Can you provide capture of you packet when you receive token and then send token for authorization request?
yshteinm, I haven't quite figured it out yet. I don't save the token anywhere, instead I immediately drop it into the ReadAuthorizationStatus authorization header.... So, I can't blame it on SQL... If I figure it out I will definitely post.
When I tossed the access_token in (without encoding it), it was throwing an error, but if I cast it first [ (String)$access_token ]
it worked fine.
I've actually got most of the Green Button API working (I can get and parse data off of the UsagePoint endpoint). I'm building something off of PHP's Codeigniter framework and an existing OAuth 2.0 library. I've dumped it on github ( github.com/bianca/ontariogreenbuttonincodeigniter/ ) as an open project if anyone wants to use it or keep developing it with me. Let me know!
Can you post full Uri request captured in http level? It is not clear how you request lloks from provided. For example what is request.args['code']
Also I am not sure where "&" is added between parameters
params are wrapped in urlib.urlencode but they look like this:
state=0%2Fa7fcb34d-271f-4910-a886-2ad617021cfe&code=eyJhbGciOiJSUzI1NiJ9.NWFlNDE1NDMtZmFmMy00ZGJkLWE4ZjItZjBlZDA0YjUyMDgzMTM4NjUzMzg4MzI3MA.G-r3LmAHZb1NFumHkRA7lEp3DeJwfcr5ZsRTgowq2woNy1E86BTmKpCKcsEh5TSsFiVmwAj5sH2o6Nv-_mqKI1djFYD4ljKWvhKwJ9rwbvlRemrmUBqq0qg-h-r0aZps-LCICCZ4mjykHDOabxHGv6GYevlNef26LHASJ_kpagti3dD8S9qnC9NqEwhP7WxutOYx6jc8uMXT42GVnt_KG9zXW6ZdtEWSpXAQfptOmcGyIqVMZZ4LbHPuyJ_6R9-Vzp7wbrv_u6Q4cGfrR_b89OT6BJg2aFaaHkhHRkjvwO3TIqrYcseOpQSc4wtiuO-1y3R31xZSarCpw8p9UMfwfw&redirect_uri=http%3A%2F%2Fxxx.com%2Flistening_to_requests&grant_type=authorization_code
so there are 2 problems:
1. certificate - Test lab uses self-signed certificates so you might have problem with SSL. Depending on platform you are using you might need some workaround. But that seems strange if the first request (you published earlier) returns 200. But if you changed the library that might happen, some libraries accept such certs.
2. I noticed that you put grant_type and other parameters into "body". They should be part of uri.
114 comments
Bianca Sayan • about 10 years ago
Redirect url:
ItYTY1MDExYmQ4YzUwMTM4NTQ5Njc2ODQ4MA.JDFWlGSBsOZLzySVS1vkNh98Q3pUCxdjFiABxOITGNEdS6gLGpoHd78py6DLedmEeiRb7ay8ucXnyiNaEUCl7-TlvNMhtm00DIIB8ciTdoDMlN6UyDz_bIIewm5JwCdi2szaquqB-VSWMe15IGiLJWzzMh95wYlZlzmo5rudI0E&state=99f9e5de894e893b3a812119b427705e
* About to connect() to greenbutton.affsys.com port 443 (#0)
* Trying 158.106.71.90... * connected
* Connected to greenbutton.affsys.com (158.106.71.90) port 443 (#0)
* SSL connection using EDH-RSA-DES-CBC3-SHA
* Server certificate:
* subject: C=Unknown; ST=Unknown; L=Unknown; O=Server; OU=Server; CN=Server
* start date: 2012-11-08 01:30:37 GMT
* expire date: 2013-11-08 01:30:37 GMT
* issuer: C=US; ST=Massachusetts; L=Boston; O=Resteasy; OU=REST; CN=Skeleton Key; emailAddress=bburke@redhat.com
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> POST /auth/j_oauth_resolve_access_code?grant_type=authorization_code&access_code=eyJhbGciOiJSUzI1NiJ9.MTdiMmQzNjgtMDIxOC00YTE5LTk4MGItYTY1MDExYmQ4YzUwMTM4NTQ5Njc2ODQ4MA.JDFWlGSBsOZLzySVS1vkNh98Q3pUCxdjFiABxOITGNEdS6gLGpoHd78py6DLedmEeiRb7ay8ucXnyiNaEUCl7-TlvNMhtm00DIIB8ciTdoDMlN6UyDz_bIIewm5JwCdi2szaquqB-VSWMe15IGiLJWzzMh95wYlZlzmo5rudI0E&redirect_uri=http%3A%2F%2Fmgn.dev%2Fgreenbutton%2Fapi HTTP/1.1
Host: greenbutton.affsys.com
Accept: */*
Content-type: application/atom+xml
Authorization: Basic aWQtNDBjZGVkMjEtZTU4OS00ZTg1LWJiZWUtNThkMWU2YzNjZGI4OnNlY3JldC1lYWE3NWEzNy1hNGUxLTQ5MzAtOTE0Ni0wZWY1ODlkNTM4NWY=
Content-Length: 355
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Transfer-Encoding: chunked
< Date: Tue, 26 Nov 2013 20:24:39 GMT
<
* Connection #0 to host greenbutton.affsys.com left intact
* Closing connection #0
Yuri Shteinman • about 10 years ago
rename grant_type=authorization_code&access_code=
to grant_type=authorization_code&code=
Also add &redirect_uri
Note that redirect_uri must match redirect_uri from the previous step.
Bianca Sayan • about 10 years ago
Holy crap, yshteinm, it worked! What a silly thing to slip up on... +++karma for you!
Yuri Shteinman • about 10 years ago
If I don't win that competition (which I will not) at least I should get a prize for support :-) but there is no such prize, is it? lol
George Lifchits • about 10 years ago
yshteinm your explanation above was perfect! Turns out my only problem was that my base 64 encoding didn't have the ':' between client ID and client secret! Thanks so much!
Bianca Sayan • about 10 years ago
Hey all,
Any help/hints would be appreciated...I guess I'm unclear on exactly how the ReadAuthorizationStatus endpoint works. The guidance document instructs to use GET and to include the access_token in the authorization. I'm having the same problem as unclek, but I'm not clear on what it could be.
I've:
- used GET
- used "https://greenbutton.affsys.com/ldc/api/v1/ReadAuthorizationStatus" as an endpoint
- used Bearer and base 64 encoded the access_token for the authorization
I get a 200 OK response but empty body...
Request/Response is as follows...
GET https://greenbutton.affsys.com/ldc/api/v1/ReadAuthorizationStatus
* About to connect() to greenbutton.affsys.com port 443 (#0)
* Trying 158.106.71.90... * connected
* Connected to greenbutton.affsys.com (158.106.71.90) port 443 (#0)
* SSL connection using EDH-RSA-DES-CBC3-SHA
* Server certificate:
* subject: C=CA; ST=Ontario; L=Toronto; O=Affinity Systems; OU=Development; CN=ca.on.gov.energy
* start date: 2013-11-28 02:18:14 GMT
* expire date: 2023-11-26 02:18:14 GMT
* issuer: C=CA; ST=Ontario; L=Toronto; O=Affinity Systems; OU=Development; CN=ca.on.gov.energy
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /ldc/api/v1/ReadAuthorizationStatus HTTP/1.1
Host: greenbutton.affsys.com
Accept: */*
Authorization: Bearer ZXlKaGJHY2lPaUpTVXpJMU5pSjkuZXlKcWRHa2lPaUl4TURRdU56UTFaRE5tTldVdE5tWTJZeTAwWkdJekxXSmtNV010TXpWaVptTTRNREk1TVdNNUlpd2lZWFZrSWpvaVkyOXRiV1Z5WTJVaUxDSndjbTRpT2lKcGRtRnVZVUJrWVhSaFkzVnpkRzlrYVdGdUxtTnZiU0lzSW5KbFlXeHRYMkZqWTJWemN5STZleUp5YjJ4bGN5STZXeUoxYzJWeUlsMTlmUS5DTEtOOHFIaHlQT210LVVkWWNvN1hjTDhwd2NxendyaTljM3NleWFXMXFQNDlfdmRTaHlFVzB6alhodFRyV0pKOEdNVFNHSERlQzA4UDhHdDljX1JNNFNqVTlZaVBKbExyb0s4V2lkZk9hMENPdERiclU0TlY1dE1SaHlhTmtvZGNpa0Q0Q1pMb1phYThsRFQzZFdyZGFSSUtXdjYtQjVLd3BfakptejljQjdPazExS1BtaWYtOG5LczhQdWxRVTM5dUVLb0VYdm4zNVRaaGpaQmVWNnZJNWlfQkpyYjhnc0hoeWZQWkhaSDFXQ3Zvc2dkRVBwVW04N1daM2Y3c2Zxd0g4T3VrRXUyckNBM2JKS2ZOZEVKd1dCVXo0RFdVdzJxU0xmOWdmcm9iQkpGUWNJVGNLai00SDF0M3A1Y2ZLUmdDUzdXWHdKcXZ1R1pLcTBtZFh3SlE=
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Pragma: No-cache
< Cache-Control: no-cache
< Expires: Wed, 31 Dec 1969 19:00:00 EST
< Transfer-Encoding: chunked
< Date: Thu, 28 Nov 2013 19:32:01 GMT
<
* Connection #0 to host greenbutton.affsys.com left intact
* Closing connection #0
Yuri Shteinman • about 10 years ago
Try to set access_token without encoding as you got it from previous step
Bianca Sayan • about 10 years ago
Hi yshteinm,
That causes it to give a 401 response. hmph...
Yuri Shteinman • about 10 years ago
please verify that access_token you received and sent are the same. Some people had problem with SQL cutting it or similar. Can you provide capture of you packet when you receive token and then send token for authorization request?
Yuri Shteinman • about 10 years ago
did you figure this out? You can publish what was the problem if you like, that helps to others.
Bianca Sayan • about 10 years ago
yshteinm, I haven't quite figured it out yet. I don't save the token anywhere, instead I immediately drop it into the ReadAuthorizationStatus authorization header.... So, I can't blame it on SQL... If I figure it out I will definitely post.
Luan Ngo • about 10 years ago
Hi there, I'm having trouble with with authorizing my app. I'm using a website call hurl.it to send the request so that I could track it easier.
I get a bad request 400 error, with a reply that says that "The request sent by the client was syntactically incorrect ()."
Any help would be greatly appreciated!
POST: https://greenbutton.affsys.com/auth/j_oauth_resolve_access_code
HEADERS
Accept: */*
Accept-Encoding: gzip, deflate, compress
Authorization: Basic aWQtNGVhMTA5NDgtYWRmNi00MTViLTliYmMtYjAzOGYyOTk1NTI2OnNlY3JldC00NWY2Nzc0My01MzY5LTRjOGItODljZi1kZGFkNGMwYWQyNjM=
Content-Length: 530
Content-Type: application/x-www-form-urlencoded
User-Agent: runscope/0.1
PARAMETERS
code: eyJhbGciOiJSUzI1NiJ9.MWYxMWYwOGQtYzExMC00MTUyLTg3YTItOWRjNTYwNjcxODE3MTM4NTc2NTU3MTAwOQ.SaWkMr31wxFbGGWDLcDmk5vaQXFJX3uWmzeRQtSI-LFhuTqpE0Arrd98EC2Ku1NUFNIcPHHahZswR6r0g77asYG0r2aT6GfU-ZrqYkWtRarxhOmAueJUAqHWdBSu7zGqLQSetEbCLJ03KK1O3bhdfbRWnVXmuOxsGVobiy7YnMwyndXl1kARVUXoINlzO6w0z1Mg9SgLCGOkt3t4_YLaR78eAESN49jpWWons6Vss16zpGvOEgCIrQJ3AQzY0dbAqJPeZ2wpUe2vRoCM9fhFeOgT4a2OZeYC1Onf4FvrZ3eGteyRX6d_0XkyKFDy77mzlaASmUIhUX6K_m9nzD_JDg
grant_type: authorization_code
redirect_uri: xxxx
code=eyJhbGciOiJSUzI1NiJ9.MWYxMWYwOGQtYzExMC00MTUyLTg3YTItOWRjNTYwNjcxODE3MTM4NTc2NTU3MTAwOQ.SaWkMr31wxFbGGWDLcDmk5vaQXFJX3uWmzeRQtSI-LFhuTqpE0Arrd98EC2Ku1NUFNIcPHHahZswR6r0g77asYG0r2aT6GfU-ZrqYkWtRarxhOmAueJUAqHWdBSu7zGqLQSetEbCLJ03KK1O3bhdfbRWnVXmuOxsGVobiy7YnMwyndXl1kARVUXoINlzO6w0z1Mg9SgLCGOkt3t4_YLaR78eAESN49jpWWons6Vss16zpGvOEgCIrQJ3AQzY0dbAqJPeZ2wpUe2vRoCM9fhFeOgT4a2OZeYC1Onf4FvrZ3eGteyRX6d_0XkyKFDy77mzlaASmUIhUX6K_m9nzD_JDg&grant_type=authorization_code&redirect_uri=xxxxx
Yuri Shteinman • about 10 years ago
I don't see big problems unless they expect certain parameters order. Try to move "code=xxx" to the second parameter and let us know if that helped.
Yuri Shteinman • about 10 years ago
@biancasayan and @luan_ngo
Did you fix your problems? What was it?
Bianca Sayan • about 10 years ago
yshteinm, I haven't figured it out yet. Will post again by friday either way.
Bianca Sayan • about 10 years ago
I figured out my issue, ya'll.
When I tossed the access_token in (without encoding it), it was throwing an error, but if I cast it first [ (String)$access_token ]
it worked fine.
I've actually got most of the Green Button API working (I can get and parse data off of the UsagePoint endpoint). I'm building something off of PHP's Codeigniter framework and an existing OAuth 2.0 library. I've dumped it on github ( github.com/bianca/ontariogreenbuttonincodeigniter/ ) as an open project if anyone wants to use it or keep developing it with me. Let me know!
Syed Shaheer Aziz • almost 10 years ago
Hello we are having the same problem as luan_ngo. Any advice??
Syed Shaheer Aziz • almost 10 years ago
To give further details on our problem:
We are getting a 200 OK when we request with the following (Python code follows):
encoded_string = base64.b64encode(client_id + ':' + client_secret)
params = urllib.urlencode({'grant_type': 'authorization_code',
'code': request.args['code'], 'state': request.args['state'], 'redirect_uri': 'http://xxx.com/listening_to_requests'})
headers = {"Content-type": "application/atom+xml", "Authorization": 'Basic ' + encoded_string, "Connection": "Keep-Alive", "Host":"greenbutton.affsys.com"}
conn = httplib.HTTPSConnection("greenbutton.affsys.com:443")
conn.request("POST", "/auth/j_oauth_resolve_access_code", params, headers)
We get nothing in the body, and are never able to see a token. The redirect URI is the same as the one we provided earlier.
Yuri Shteinman • almost 10 years ago
Can you post full Uri request captured in http level? It is not clear how you request lloks from provided. For example what is request.args['code']
Also I am not sure where "&" is added between parameters
Luan Ngo • almost 10 years ago
Still haven't found the solution yet yshteinm. Will retry later this week and report back.
Syed Shaheer Aziz • almost 10 years ago
@yshteinm:
params are wrapped in urlib.urlencode but they look like this:
state=0%2Fa7fcb34d-271f-4910-a886-2ad617021cfe&code=eyJhbGciOiJSUzI1NiJ9.NWFlNDE1NDMtZmFmMy00ZGJkLWE4ZjItZjBlZDA0YjUyMDgzMTM4NjUzMzg4MzI3MA.G-r3LmAHZb1NFumHkRA7lEp3DeJwfcr5ZsRTgowq2woNy1E86BTmKpCKcsEh5TSsFiVmwAj5sH2o6Nv-_mqKI1djFYD4ljKWvhKwJ9rwbvlRemrmUBqq0qg-h-r0aZps-LCICCZ4mjykHDOabxHGv6GYevlNef26LHASJ_kpagti3dD8S9qnC9NqEwhP7WxutOYx6jc8uMXT42GVnt_KG9zXW6ZdtEWSpXAQfptOmcGyIqVMZZ4LbHPuyJ_6R9-Vzp7wbrv_u6Q4cGfrR_b89OT6BJg2aFaaHkhHRkjvwO3TIqrYcseOpQSc4wtiuO-1y3R31xZSarCpw8p9UMfwfw&redirect_uri=http%3A%2F%2Fxxx.com%2Flistening_to_requests&grant_type=authorization_code
Header Values:
{'Host': 'greenbutton.affsys.com', 'Content-type': 'application/atom+xml', 'Connection': 'Keep-Alive', 'Authorization': 'Basic aWQtYzc5NjY4YmUtZjY5OS00YTY4LTk4ZjEtMDY4NTY0NDYzNDIxOnNlY3JldC1lNWMzOTlmMy1mMTI0LTQxYTgtOGI3OS0yNGY2NDQyMmM4YmQ='}
And it should be making a request to:
greenbutton.affsys.com:443/auth/j_oauth_resolve_access_code
Thanks again for the help! :)
Yuri Shteinman • almost 10 years ago
Can you try without urlib.urlencode?
Syed Shaheer Aziz • almost 10 years ago
Hi, yes tried without the urlib.encode and it putting & and = for the url params, but still getting the same issue... :(
Tried modifying the request with a different library so it is easier to use and now am getting the following error:
raise SSLHandshakeError(e)
2013-12-09T05:58:05.225657+00:00 app[web.1]: !! SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
The new request is as follows:
http = httplib2.Http()
url = 'https://greenbutton.affsys.com/auth/j_oauth_resolve_access_code'
body = {'grant_type': 'authorization_code', 'code': request.args['code'], 'state':request.args['state'], 'redirect_uri': 'http://xxx.com/listening_to_requests'}
headers = {'Content-type': 'application/x-www-form-urlencoded', 'Authorization':'Basic ' + encoded_string, 'Connection': 'Keep-Alive', 'Host':'greenbutton.affsys.com'}
response = http.request(url, 'POST', headers=headers, body=urllib.urlencode(body))
code and state is:
code: eyJhbGciOiJSUzI1NiJ9.NWFlNDE1NDMtZmFmMy00ZGJkLWE4ZjItZjBlZDA0YjUyMDgzMTM4NjUzMzg4MzI3MA.G-r3LmAHZb1NFumHkRA7lEp3DeJwfcr5ZsRTgowq2woNy1E86BTmKpCKcsEh5TSsFiVmwAj5sH2o6Nv-_mqKI1djFYD4ljKWvhKwJ9rwbvlRemrmUBqq0qg-h-r0aZps-LCICCZ4mjykHDOabxHGv6GYevlNef26LHASJ_kpagti3dD8S9qnC9NqEwhP7WxutOYx6jc8uMXT42GVnt_KG9zXW6ZdtEWSpXAQfptOmcGyIqVMZZ4LbHPuyJ_6R9-Vzp7wbrv_u6Q4cGfrR_b89OT6BJg2aFaaHkhHRkjvwO3TIqrYcseOpQSc4wtiuO-1y3R31xZSarCpw8p9UMfwfw
state: 0/a7fcb34d-271f-4910-a886-2ad617021cfe
Is there a certificate problem somewhere along the line? Should we be creating / generating certs?
Yuri Shteinman • almost 10 years ago
so there are 2 problems:
1. certificate - Test lab uses self-signed certificates so you might have problem with SSL. Depending on platform you are using you might need some workaround. But that seems strange if the first request (you published earlier) returns 200. But if you changed the library that might happen, some libraries accept such certs.
2. I noticed that you put grant_type and other parameters into "body". They should be part of uri.
Yuri Shteinman • almost 10 years ago
Did you move parameters to URI instead of body? Did it help?
Kind of
http = httplib2.Http()
url = 'https://greenbutton.affsys.com/auth/j_oauth_resolve_access_code'
body = {'grant_type': 'authorization_code', 'code': request.args['code'], 'state':request.args['state'], 'redirect_uri': 'http://xxx.com/listening_to_requests'}
headers = {'Content-type': 'application/x-www-form-urlencoded', 'Authorization':'Basic ' + encoded_string, 'Connection': 'Keep-Alive', 'Host':'greenbutton.affsys.com'}
response = http.request(url+'?'+body, 'POST', headers=headers, body='')
Of course all ':' should be '=' and & between pairs