cpr icon indicating copy to clipboard operation
cpr copied to clipboard
verified publisher icon libcpr

OAuth not working?

Open vmenezes599 opened this issue 2 years ago • 5 comments

Description

I am trying to autenticate using OAuth token and using cpr I get OAuth missing while trying to access twitch helix api. Manual call using curl works. I tried using the cpr::Bearer and cpr::Header

Here is the verbose reply:

*   Trying 199.232.150.214:80...
* Connected to api.twitch.tv (199.232.150.214) port 80 (#0)
> GET /helix/games?name=Path%20of%20Exile HTTP/1.1
Host: api.twitch.tv
User-Agent: curl/7.88.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
Authorization: Bearer REMOVED
Client-Id: REMOVED

< HTTP/1.1 301 Moved Permanently
< Connection: close
< Content-Length: 0
< Server: Varnish
< Retry-After: 0
< Location: https://api.twitch.tv/helix/games?name=Path%20of%20Exile
< Date: Tue, 14 Mar 2023 09:25:12 GMT
< X-Served-By: cache-ams12770-AMS
< X-Cache: HIT
< X-Cache-Hits: 0
< X-Timer: S1678785913.843561,VS0,VE0
< Strict-Transport-Security: max-age=300
<
* Closing connection 0
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://api.twitch.tv/helix/games?name=Path%20of%20Exile'
*   Trying 199.232.150.214:443...
* Connected to api.twitch.tv (199.232.150.214) port 443 (#1)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* ALPN: server accepted http/1.1
*  0 Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2022 Q4
*    Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
*    Version: 3 (0x2)
*    Serial Number: 7c:c1:74:ce:fc:9d:bd:76:21:e9:a6:9f:ff:32:6b:ed:
*    Signature Algorithm: sha256WithRSAEncryption
*    Start Date: 2022-07-20 03:25:39 GMT
*    Expire Date: 2024-07-20 00:00:00 GMT
*    Public Key Algorithm: rsaEncryption
*    RSA Public Key (2048 bits)
*    rsa(n): REMOVED
*    rsa(e): 0x10001
*    Signature: REMOVED
* -----BEGIN CERTIFICATE-----
REMOVED
-----END CERTIFICATE-----

* using HTTP/1.1
> GET /helix/games?name=Path%20of%20Exile HTTP/1.1
Host: api.twitch.tv
User-Agent: curl/7.88.1-DEV
Accept: */*
Accept-Encoding: deflate, gzip
Client-Id: htic3bhjo9i5cl1wkg6r6lju4y47av

* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
*  0 Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2022 Q4
*    Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
*    Version: 3 (0x2)
*    Serial Number: 7c:c1:74:ce:fc:9d:bd:76:21:e9:a6:9f:ff:32:6b:ed:
*    Signature Algorithm: sha256WithRSAEncryption
*    Start Date: 2022-07-20 03:25:39 GMT
*    Expire Date: 2024-07-20 00:00:00 GMT
*    Public Key Algorithm: rsaEncryption
*    RSA Public Key (2048 bits)
*    rsa(n): REMOVED
*    rsa(e): 0x10001
*    Signature: REMOVED
* -----BEGIN CERTIFICATE-----
REMOVED
-----END CERTIFICATE-----

* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 401 Unauthorized
< Connection: keep-alive
< Content-Length: 72
< Content-Type: application/json; charset=utf-8
< Access-Control-Allow-Origin: *
< Timing-Allow-Origin: https://www.twitch.tv
< Date: Tue, 14 Mar 2023 09:25:13 GMT
< X-Served-By: cache-bfi-krnt7300067-BFI, cache-ams12778-AMS
< X-Cache: MISS, MISS
< X-Cache-Hits: 0, 0
< X-Timer: S1678785913.889819,VS0,VS0,VE144
< Vary: Accept-Encoding
< Strict-Transport-Security: max-age=300
<
* Connection #1 to host api.twitch.tv left intact

Example/How to Reproduce

  1. Create a cpr::Session to url http://api.twitch.tv/helix/games
  2. set Header{{"Authorization","Bearer " + oauth_token},{"Client-Id", client_id}}
  3. set Parameter for the correct game, eg: {{"name", "Path of Exile"}}
  4. sent get request
  5. Error 401 OAuth missing

Possible Fix

No response

Where did you get it from?

GitHub (branch 1.10.0 & 1.9.x)

Additional Context/Your Environment

  • OS: Windows
  • Version: 11

vmenezes599 avatar Mar 14 '23 09:03 vmenezes599

Please try the following:

Url url{"https://example.com"};
#if CPR_LIBCURL_VERSION_NUM >= 0x073D00
    Response response = cpr::Get(url, Bearer{"the_token"});
#else
    Response response = cpr::Get(url, Header{{"Authorization", "Bearer the_token"}});
#endif

Since you are using either 1.10.x or 1.9.x, Response response = cpr::Get(url, Bearer{"the_token"}); should also be enough.

COM8 avatar Mar 17 '23 18:03 COM8

That is exacly what I am already doing. The code is:

cpr::Response response = cpr::Get(
      cpr::Url{url}, cpr::Parameters{{"name", content_name}},
      cpr::Header{
          {"Authorization", "Bearer " + oauth_token},
          {"Client-Id", client_id}});

And

cpr::Response response = cpr::Get(
      cpr::Url{url}, cpr::Parameters{{"name", content_name}},
      cpr::Header{{"Client-Id", client_id}, cpr::Bearer{oauth_token}});

The return is 401 OAuth missing. The same code works with same version of cpr on linux. The difference is curl in windows is 7.83.1 and on linux 7.68.0.

Even if I chose to use the build-in curl I get same result on windows (OAuth missing) and works under linux.

Best,

vmenezes599 avatar Mar 17 '23 23:03 vmenezes599

I was trying to look into this and failed to obtain a bearer token for the Twitch API. Can you provide a link to some kind of docs detailing how I get one? I already registered an application and I have a Client-Id

COM8 avatar Aug 03 '23 12:08 COM8