OAuth 1.0 -

[alonagokhler]

trafficstars

Trying to send

curl --request POST --verbose
"https://abc.openbankproject.com/oauth/initiate"
-d "oauth_callback=https://yolion.com"
-d "oauth_version=1.0"
-d "oauth_signature_method=HMAC-SHA256"
-d "oauth_consumer_key=au0rkyvoimds03j3f3tivLLwytzsgobcavddj15m"
-d "oauth_signature=misqvavm1zy5udgtdfe2xrfgic2p2jeslxixw4ed%26"

getting response

the following parameters are missing : oauth_signature_method, oauth_signature, oauth_consumer_key, oauth_callback, oauth_timestamp, oauth_nonce

The full response

• Trying 52.59.75.91...

• TCP_NODELAY set
• Connected to abc.openbankproject.com (52.59.75.91) port 443 (#0)
• ALPN, offering http/1.1
• Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
• successfully set certificate verify locations:
• CAfile: /usr/local/php5/ssl/cert.pem CApath: none
• TLSv1.2 (OUT), TLS header, Certificate Status (22):
• TLSv1.2 (OUT), TLS handshake, Client hello (1):
• TLSv1.2 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (IN), TLS handshake, Server key exchange (12):
• TLSv1.2 (IN), TLS handshake, Server finished (14):
• TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
• TLSv1.2 (OUT), TLS change cipher, Client hello (1):
• TLSv1.2 (OUT), TLS handshake, Finished (20):
• TLSv1.2 (IN), TLS change cipher, Client hello (1):
• TLSv1.2 (IN), TLS handshake, Finished (20):
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN, server accepted to use http/1.1
• Server certificate:
• subject: CN=*.openbankproject.com
• start date: Jul 25 00:00:00 2016 GMT
• expire date: Aug 15 23:59:59 2018 GMT
• subjectAltName: host "abc.openbankproject.com" matched cert's "*.openbankproject.com"
• issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA
• SSL certificate verify ok.

POST /oauth/initiate HTTP/1.1 Host: abc.openbankproject.com User-Agent: curl/7.54.0 Accept: / Content-Length: 206 Content-Type: application/x-www-form-urlencoded

• upload completely sent off: 206 out of 206 bytes < HTTP/1.1 400 Bad Request < Server: nginx/1.10.3 < Date: Thu, 10 May 2018 11:19:31 GMT < Content-Type: application/x-www-form-urlencoded < Content-Length: 144 < Connection: keep-alive < Expires: Thu, 10 May 2018 11:19:31 GMT < Cache-Control: no-cache, private, no-store < Pragma: no-cache < X-Frame-Options: DENY <
• Connection #0 to host abc.openbankproject.com left intact the following parameters are missing : oauth_signature_method, oauth_signature, oauth_consumer_key, oauth_callback, oauth_timestamp, oauth_nonce

what do I do wrong?

[deepak26v]

Is there an update on this issue ? I am getting the same error.

Here is my command:

curl -X POST
https://apisandbox.openbankproject.com/oauth/initiate
-H 'authorization: OAuth'
-H 'cache-control: no-cache'
-H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW'
-H 'postman-token: aef25921-93af-d324-a8f2-f8832b9065a4'
-F oauth_callback="http://example.com"
-F oauth_consumer_key=<consumer_key_after_registration_of_app>
-F oauth_token=
-F oauth_signature_method=HMAC-SHA1
-F oauth_timestamp=1527993927
-F oauth_nonce=A1qIG4
-F oauth_version=1.0
-F oauth_signature=fzMGee7ssZoPtxgdjSWKue9x7oI=

Output: the following parameters are missing : oauth_signature_method, oauth_signature, oauth_consumer_key, oauth_callback, oauth_timestamp, oauth_nonce

[simonredfern]

I have assigned Marko (@constantine2nd )

[oscarAmarello]

Is there any workaround for this issue?

I'm trying both

curl --verbose \
"https://apisandbox.openbankproject.com/oauth/initiate" \
-d "oauth_callback=oob" \
-d "oauth_version=1.0" \
-d "oauth_signature_method=HMAC-SHA256" \
-d "oauth_consumer_key=[my_valid_consumer_key]" \
-d "oauth_signature=ijHzKnsoJ1X/h5ng5I1UOyHXJNV7drjYmrhWOrhsnk0=" \
-d "oauth_timestamp=1602128587306" \
-d "oauth_nonce=qgv0hp39flgoevi0m2aqwnse100w2zlg"

and

curl --location --request POST 'https://apisandbox.openbankproject.com/oauth/initiate?oauth_consumer_key=[my_valid_consumer_key]&oauth_signature_method=HMAC-SHA256&oauth_timestamp=1602129375293&oauth_nonce=infmxjk1a5r6tlwx39mabob4twkd0cva&oauth_version=1.0&oauth_callback=oob&oauth_signature=qMrE6PQOLUf83RCgUglpRM2c2paCWQHK0toXE4VScFU='

And the result is the same:

*   Trying 63.32.207.78...
* Connected to apisandbox.openbankproject.com (63.32.207.78) port 443 (#0)
* found 127 certificates in /etc/ssl/certs/ca-certificates.crt
* found 508 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: apisandbox.openbankproject.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=apisandbox.openbankproject.com
*        start date: Wed, 19 Aug 2020 00:00:00 GMT
*        expire date: Tue, 17 Nov 2020 00:00:00 GMT
*        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*        compression: NULL
* ALPN, server accepted to use http/1.1
> POST /oauth/initiate?oauth_consumer_key=[my_valid_consumer_key]&oauth_token=eyJhbGciOiJIUzI1NiJ9.eyIiOiIifQ.0w5gM6Sxyf3pxmG84ovTxWhGdc0I2M_eRG88kB4uNzs&oauth_signature_method=HMAC-SHA256&oauth_timestamp=1602128587306&oauth_nonce=qgv0hp39flgoevi0m2aqwnse100w2zlg&oauth_version=1.0&oauth_callback=oob&oauth_signature=ijHzKnsoJ1X/h5ng5I1UOyHXJNV7drjYmrhWOrhsnk0= HTTP/1.1
> Host: apisandbox.openbankproject.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.10.3
< Date: Thu, 08 Oct 2020 03:55:11 GMT
< Content-Type: application/x-www-form-urlencoded
< Content-Length: 144
< Connection: keep-alive
< Expires: Thu, 8 Oct 2020 03:55:11 GMT
< Cache-Control: no-cache, private, no-store
< Pragma: no-cache
< X-Frame-Options: DENY
<
* Connection #0 to host apisandbox.openbankproject.com left intact
the following parameters are missing : oauth_signature_method, oauth_signature, oauth_consumer_key, oauth_callback, oauth_timestamp, oauth_nonce

[constantine2nd]

@oscarAmarello Please take a look at this page: https://github.com/OpenBankProject/OBP-API/wiki/OAuth-1.0-Server#step-1--obtaining-a-request-token-

[oscarAmarello]

Hi @constantine2nd . I was actually following that guide. I'm trying to connect using Postman filing all the fields required in the link you provided to me. I'm getting that respons that says that those parameters are missing, but they are being sent. Is there any aditional configuration needed, or is it no compatible with postman?

[constantine2nd]

The client adds the protocol parameters to the request using the OAuth HTTP "Authorization" header field:

Authorization: OAuth oauth_callback="http%3A%2F%2Fprinter.example.com%2Fready", oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456", oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D", oauth_signature_method="HMAC-SHA256", oauth_timestamp="1318467427", oauth_version="1.0"

[oscarAmarello]

I see, i thought the values were on the query parameters (that's where postman puts them when using the "authorization functionality" by default). Now i see these values go on the header. I did misunderstood that and i was able to set postman to put the values on the header.

All working perfectly

Thanks for your help

[akshayd02]

Here is reference screenshot for those who are new to this and would like to initiate a Oauth 1.0. In postman, we just need to fill in the details in "Authorization" tab