• 114 comments

  •   •   about 9 years ago

    Redirect url:
    ItYTY1MDExYmQ4YzUwMTM4NTQ5Njc2ODQ4MA.JDFWlGSBsOZLzySVS1vkNh98Q3pUCxdjFiABxOITGNEdS6gLGpoHd78py6DLedmEeiRb7ay8ucXnyiNaEUCl7-TlvNMhtm00DIIB8ciTdoDMlN6UyDz_bIIewm5JwCdi2szaquqB-VSWMe15IGiLJWzzMh95wYlZlzmo5rudI0E&state=99f9e5de894e893b3a812119b427705e

    * About to connect() to greenbutton.affsys.com port 443 (#0)
    * Trying 158.106.71.90... * connected
    * Connected to greenbutton.affsys.com (158.106.71.90) port 443 (#0)
    * SSL connection using EDH-RSA-DES-CBC3-SHA
    * Server certificate:
    * subject: C=Unknown; ST=Unknown; L=Unknown; O=Server; OU=Server; CN=Server
    * start date: 2012-11-08 01:30:37 GMT
    * expire date: 2013-11-08 01:30:37 GMT
    * issuer: C=US; ST=Massachusetts; L=Boston; O=Resteasy; OU=REST; CN=Skeleton Key; emailAddress=bburke@redhat.com
    * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
    > POST /auth/j_oauth_resolve_access_code?grant_type=authorization_code&access_code=eyJhbGciOiJSUzI1NiJ9.MTdiMmQzNjgtMDIxOC00YTE5LTk4MGItYTY1MDExYmQ4YzUwMTM4NTQ5Njc2ODQ4MA.JDFWlGSBsOZLzySVS1vkNh98Q3pUCxdjFiABxOITGNEdS6gLGpoHd78py6DLedmEeiRb7ay8ucXnyiNaEUCl7-TlvNMhtm00DIIB8ciTdoDMlN6UyDz_bIIewm5JwCdi2szaquqB-VSWMe15IGiLJWzzMh95wYlZlzmo5rudI0E&redirect_uri=http%3A%2F%2Fmgn.dev%2Fgreenbutton%2Fapi HTTP/1.1
    Host: greenbutton.affsys.com
    Accept: */*
    Content-type: application/atom+xml
    Authorization: Basic aWQtNDBjZGVkMjEtZTU4OS00ZTg1LWJiZWUtNThkMWU2YzNjZGI4OnNlY3JldC1lYWE3NWEzNy1hNGUxLTQ5MzAtOTE0Ni0wZWY1ODlkNTM4NWY=
    Content-Length: 355

    < HTTP/1.1 200 OK
    < Server: Apache-Coyote/1.1
    < Transfer-Encoding: chunked
    < Date: Tue, 26 Nov 2013 20:24:39 GMT
    <
    * Connection #0 to host greenbutton.affsys.com left intact
    * Closing connection #0

  •   •   about 9 years ago

    rename grant_type=authorization_code&access_code=
    to grant_type=authorization_code&code=
    Also add &redirect_uri
    Note that redirect_uri must match redirect_uri from the previous step.

  •   •   about 9 years ago

    Holy crap, yshteinm, it worked! What a silly thing to slip up on... +++karma for you!

  •   •   about 9 years ago

    If I don't win that competition (which I will not) at least I should get a prize for support :-) but there is no such prize, is it? lol

  •   •   about 9 years ago

    yshteinm your explanation above was perfect! Turns out my only problem was that my base 64 encoding didn't have the ':' between client ID and client secret! Thanks so much!

  •   •   about 9 years ago

    Hey all,

    Any help/hints would be appreciated...I guess I'm unclear on exactly how the ReadAuthorizationStatus endpoint works. The guidance document instructs to use GET and to include the access_token in the authorization. I'm having the same problem as unclek, but I'm not clear on what it could be.

    I've:
    - used GET
    - used "https://greenbutton.affsys.com/ldc/api/v1/ReadAuthorizationStatus" as an endpoint
    - used Bearer and base 64 encoded the access_token for the authorization

    I get a 200 OK response but empty body...

    Request/Response is as follows...
    GET https://greenbutton.affsys.com/ldc/api/v1/ReadAuthorizationStatus
    * About to connect() to greenbutton.affsys.com port 443 (#0)
    * Trying 158.106.71.90... * connected
    * Connected to greenbutton.affsys.com (158.106.71.90) port 443 (#0)
    * SSL connection using EDH-RSA-DES-CBC3-SHA
    * Server certificate:
    * subject: C=CA; ST=Ontario; L=Toronto; O=Affinity Systems; OU=Development; CN=ca.on.gov.energy
    * start date: 2013-11-28 02:18:14 GMT
    * expire date: 2023-11-26 02:18:14 GMT
    * issuer: C=CA; ST=Ontario; L=Toronto; O=Affinity Systems; OU=Development; CN=ca.on.gov.energy
    * SSL certificate verify result: self signed certificate (18), continuing anyway.
    > GET /ldc/api/v1/ReadAuthorizationStatus HTTP/1.1
    Host: greenbutton.affsys.com
    Accept: */*
    Authorization: Bearer ZXlKaGJHY2lPaUpTVXpJMU5pSjkuZXlKcWRHa2lPaUl4TURRdU56UTFaRE5tTldVdE5tWTJZeTAwWkdJekxXSmtNV010TXpWaVptTTRNREk1TVdNNUlpd2lZWFZrSWpvaVkyOXRiV1Z5WTJVaUxDSndjbTRpT2lKcGRtRnVZVUJrWVhSaFkzVnpkRzlrYVdGdUxtTnZiU0lzSW5KbFlXeHRYMkZqWTJWemN5STZleUp5YjJ4bGN5STZXeUoxYzJWeUlsMTlmUS5DTEtOOHFIaHlQT210LVVkWWNvN1hjTDhwd2NxendyaTljM3NleWFXMXFQNDlfdmRTaHlFVzB6alhodFRyV0pKOEdNVFNHSERlQzA4UDhHdDljX1JNNFNqVTlZaVBKbExyb0s4V2lkZk9hMENPdERiclU0TlY1dE1SaHlhTmtvZGNpa0Q0Q1pMb1phYThsRFQzZFdyZGFSSUtXdjYtQjVLd3BfakptejljQjdPazExS1BtaWYtOG5LczhQdWxRVTM5dUVLb0VYdm4zNVRaaGpaQmVWNnZJNWlfQkpyYjhnc0hoeWZQWkhaSDFXQ3Zvc2dkRVBwVW04N1daM2Y3c2Zxd0g4T3VrRXUyckNBM2JKS2ZOZEVKd1dCVXo0RFdVdzJxU0xmOWdmcm9iQkpGUWNJVGNLai00SDF0M3A1Y2ZLUmdDUzdXWHdKcXZ1R1pLcTBtZFh3SlE=

    < HTTP/1.1 200 OK
    < Server: Apache-Coyote/1.1
    < Pragma: No-cache
    < Cache-Control: no-cache
    < Expires: Wed, 31 Dec 1969 19:00:00 EST
    < Transfer-Encoding: chunked
    < Date: Thu, 28 Nov 2013 19:32:01 GMT
    <
    * Connection #0 to host greenbutton.affsys.com left intact
    * Closing connection #0

  •   •   about 9 years ago

    Try to set access_token without encoding as you got it from previous step

  •   •   about 9 years ago

    Hi yshteinm,

    That causes it to give a 401 response. hmph...

  •   •   about 9 years ago

    please verify that access_token you received and sent are the same. Some people had problem with SQL cutting it or similar. Can you provide capture of you packet when you receive token and then send token for authorization request?

  •   •   about 9 years ago

    did you figure this out? You can publish what was the problem if you like, that helps to others.

  •   •   about 9 years ago

    yshteinm, I haven't quite figured it out yet. I don't save the token anywhere, instead I immediately drop it into the ReadAuthorizationStatus authorization header.... So, I can't blame it on SQL... If I figure it out I will definitely post.

  •   •   almost 9 years ago

    Hi there, I'm having trouble with with authorizing my app. I'm using a website call hurl.it to send the request so that I could track it easier.

    I get a bad request 400 error, with a reply that says that "The request sent by the client was syntactically incorrect ()."

    Any help would be greatly appreciated!

    POST: https://greenbutton.affsys.com/auth/j_oauth_resolve_access_code

    HEADERS

    Accept: */*
    Accept-Encoding: gzip, deflate, compress
    Authorization: Basic aWQtNGVhMTA5NDgtYWRmNi00MTViLTliYmMtYjAzOGYyOTk1NTI2OnNlY3JldC00NWY2Nzc0My01MzY5LTRjOGItODljZi1kZGFkNGMwYWQyNjM=
    Content-Length: 530
    Content-Type: application/x-www-form-urlencoded
    User-Agent: runscope/0.1
    PARAMETERS

    code: eyJhbGciOiJSUzI1NiJ9.MWYxMWYwOGQtYzExMC00MTUyLTg3YTItOWRjNTYwNjcxODE3MTM4NTc2NTU3MTAwOQ.SaWkMr31wxFbGGWDLcDmk5vaQXFJX3uWmzeRQtSI-LFhuTqpE0Arrd98EC2Ku1NUFNIcPHHahZswR6r0g77asYG0r2aT6GfU-ZrqYkWtRarxhOmAueJUAqHWdBSu7zGqLQSetEbCLJ03KK1O3bhdfbRWnVXmuOxsGVobiy7YnMwyndXl1kARVUXoINlzO6w0z1Mg9SgLCGOkt3t4_YLaR78eAESN49jpWWons6Vss16zpGvOEgCIrQJ3AQzY0dbAqJPeZ2wpUe2vRoCM9fhFeOgT4a2OZeYC1Onf4FvrZ3eGteyRX6d_0XkyKFDy77mzlaASmUIhUX6K_m9nzD_JDg
    grant_type: authorization_code
    redirect_uri: xxxx

    code=eyJhbGciOiJSUzI1NiJ9.MWYxMWYwOGQtYzExMC00MTUyLTg3YTItOWRjNTYwNjcxODE3MTM4NTc2NTU3MTAwOQ.SaWkMr31wxFbGGWDLcDmk5vaQXFJX3uWmzeRQtSI-LFhuTqpE0Arrd98EC2Ku1NUFNIcPHHahZswR6r0g77asYG0r2aT6GfU-ZrqYkWtRarxhOmAueJUAqHWdBSu7zGqLQSetEbCLJ03KK1O3bhdfbRWnVXmuOxsGVobiy7YnMwyndXl1kARVUXoINlzO6w0z1Mg9SgLCGOkt3t4_YLaR78eAESN49jpWWons6Vss16zpGvOEgCIrQJ3AQzY0dbAqJPeZ2wpUe2vRoCM9fhFeOgT4a2OZeYC1Onf4FvrZ3eGteyRX6d_0XkyKFDy77mzlaASmUIhUX6K_m9nzD_JDg&grant_type=authorization_code&redirect_uri=xxxxx

  •   •   almost 9 years ago

    I don't see big problems unless they expect certain parameters order. Try to move "code=xxx" to the second parameter and let us know if that helped.

  •   •   almost 9 years ago

    @biancasayan and @luan_ngo
    Did you fix your problems? What was it?

  •   •   almost 9 years ago

    yshteinm, I haven't figured it out yet. Will post again by friday either way.

  •   •   almost 9 years ago

    I figured out my issue, ya'll.

    When I tossed the access_token in (without encoding it), it was throwing an error, but if I cast it first [ (String)$access_token ]
    it worked fine.

    I've actually got most of the Green Button API working (I can get and parse data off of the UsagePoint endpoint). I'm building something off of PHP's Codeigniter framework and an existing OAuth 2.0 library. I've dumped it on github ( github.com/bianca/ontariogreenbuttonincodeigniter/ ) as an open project if anyone wants to use it or keep developing it with me. Let me know!

  •   •   almost 9 years ago

    Hello we are having the same problem as luan_ngo. Any advice??

  •   •   almost 9 years ago

    To give further details on our problem:

    We are getting a 200 OK when we request with the following (Python code follows):

    encoded_string = base64.b64encode(client_id + ':' + client_secret)
    params = urllib.urlencode({'grant_type': 'authorization_code',
    'code': request.args['code'], 'state': request.args['state'], 'redirect_uri': 'http://xxx.com/listening_to_requests'})
    headers = {"Content-type": "application/atom+xml", "Authorization": 'Basic ' + encoded_string, "Connection": "Keep-Alive", "Host":"greenbutton.affsys.com"}
    conn = httplib.HTTPSConnection("greenbutton.affsys.com:443")
    conn.request("POST", "/auth/j_oauth_resolve_access_code", params, headers)

    We get nothing in the body, and are never able to see a token. The redirect URI is the same as the one we provided earlier.

  •   •   almost 9 years ago

    Can you post full Uri request captured in http level? It is not clear how you request lloks from provided. For example what is request.args['code']
    Also I am not sure where "&" is added between parameters

  •   •   almost 9 years ago

    Still haven't found the solution yet yshteinm. Will retry later this week and report back.

  •   •   almost 9 years ago

    @yshteinm:

    params are wrapped in urlib.urlencode but they look like this:
    state=0%2Fa7fcb34d-271f-4910-a886-2ad617021cfe&code=eyJhbGciOiJSUzI1NiJ9.NWFlNDE1NDMtZmFmMy00ZGJkLWE4ZjItZjBlZDA0YjUyMDgzMTM4NjUzMzg4MzI3MA.G-r3LmAHZb1NFumHkRA7lEp3DeJwfcr5ZsRTgowq2woNy1E86BTmKpCKcsEh5TSsFiVmwAj5sH2o6Nv-_mqKI1djFYD4ljKWvhKwJ9rwbvlRemrmUBqq0qg-h-r0aZps-LCICCZ4mjykHDOabxHGv6GYevlNef26LHASJ_kpagti3dD8S9qnC9NqEwhP7WxutOYx6jc8uMXT42GVnt_KG9zXW6ZdtEWSpXAQfptOmcGyIqVMZZ4LbHPuyJ_6R9-Vzp7wbrv_u6Q4cGfrR_b89OT6BJg2aFaaHkhHRkjvwO3TIqrYcseOpQSc4wtiuO-1y3R31xZSarCpw8p9UMfwfw&redirect_uri=http%3A%2F%2Fxxx.com%2Flistening_to_requests&grant_type=authorization_code

    Header Values:
    {'Host': 'greenbutton.affsys.com', 'Content-type': 'application/atom+xml', 'Connection': 'Keep-Alive', 'Authorization': 'Basic aWQtYzc5NjY4YmUtZjY5OS00YTY4LTk4ZjEtMDY4NTY0NDYzNDIxOnNlY3JldC1lNWMzOTlmMy1mMTI0LTQxYTgtOGI3OS0yNGY2NDQyMmM4YmQ='}

    And it should be making a request to:
    greenbutton.affsys.com:443/auth/j_oauth_resolve_access_code

    Thanks again for the help! :)

  •   •   almost 9 years ago

    Can you try without urlib.urlencode?

  •   •   almost 9 years ago

    Hi, yes tried without the urlib.encode and it putting & and = for the url params, but still getting the same issue... :(

    Tried modifying the request with a different library so it is easier to use and now am getting the following error:

    raise SSLHandshakeError(e)
    2013-12-09T05:58:05.225657+00:00 app[web.1]: !! SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    The new request is as follows:
    http = httplib2.Http()
    url = 'https://greenbutton.affsys.com/auth/j_oauth_resolve_access_code'
    body = {'grant_type': 'authorization_code', 'code': request.args['code'], 'state':request.args['state'], 'redirect_uri': 'http://xxx.com/listening_to_requests'}
    headers = {'Content-type': 'application/x-www-form-urlencoded', 'Authorization':'Basic ' + encoded_string, 'Connection': 'Keep-Alive', 'Host':'greenbutton.affsys.com'}
    response = http.request(url, 'POST', headers=headers, body=urllib.urlencode(body))

    code and state is:

    code: eyJhbGciOiJSUzI1NiJ9.NWFlNDE1NDMtZmFmMy00ZGJkLWE4ZjItZjBlZDA0YjUyMDgzMTM4NjUzMzg4MzI3MA.G-r3LmAHZb1NFumHkRA7lEp3DeJwfcr5ZsRTgowq2woNy1E86BTmKpCKcsEh5TSsFiVmwAj5sH2o6Nv-_mqKI1djFYD4ljKWvhKwJ9rwbvlRemrmUBqq0qg-h-r0aZps-LCICCZ4mjykHDOabxHGv6GYevlNef26LHASJ_kpagti3dD8S9qnC9NqEwhP7WxutOYx6jc8uMXT42GVnt_KG9zXW6ZdtEWSpXAQfptOmcGyIqVMZZ4LbHPuyJ_6R9-Vzp7wbrv_u6Q4cGfrR_b89OT6BJg2aFaaHkhHRkjvwO3TIqrYcseOpQSc4wtiuO-1y3R31xZSarCpw8p9UMfwfw

    state: 0/a7fcb34d-271f-4910-a886-2ad617021cfe

    Is there a certificate problem somewhere along the line? Should we be creating / generating certs?

  •   •   almost 9 years ago

    so there are 2 problems:
    1. certificate - Test lab uses self-signed certificates so you might have problem with SSL. Depending on platform you are using you might need some workaround. But that seems strange if the first request (you published earlier) returns 200. But if you changed the library that might happen, some libraries accept such certs.
    2. I noticed that you put grant_type and other parameters into "body". They should be part of uri.

  •   •   almost 9 years ago

    Did you move parameters to URI instead of body? Did it help?
    Kind of
    http = httplib2.Http()
    url = 'https://greenbutton.affsys.com/auth/j_oauth_resolve_access_code'
    body = {'grant_type': 'authorization_code', 'code': request.args['code'], 'state':request.args['state'], 'redirect_uri': 'http://xxx.com/listening_to_requests'}
    headers = {'Content-type': 'application/x-www-form-urlencoded', 'Authorization':'Basic ' + encoded_string, 'Connection': 'Keep-Alive', 'Host':'greenbutton.affsys.com'}
    response = http.request(url+'?'+body, 'POST', headers=headers, body='')

    Of course all ':' should be '=' and & between pairs

Comments are closed.