I'm currently trying to create a document and upload it to the SP-API sandbox environment using ruby and HTTP.rb gem. My steps are:
Request the LWA access token by a refresh token
Assume the role and request the STS token
Sign the request header using AWS::SignV4 SDK
Send the POST request to the endpoint /feeds/2020-09-04/documents with body json: { 'contentType' => 'text/tab-separated-values; charset=UTF-8' }
However, SP-API keeps returning "code": "InvalidSignature" to me. But all my other 'GET' requests like get_orders, get_order_items are working correctly.
Here is how I send my request:
#url = '/feeds/2020-09-04/documents'
#body = if sandbox
{ 'contentType' => 'text/tab-separated-values; charset=UTF-8' }
else
{ 'contentType' => 'text/xml; charset=UTF-8' }
end
#request_type = 'POST'
response = http.headers(headers).send(#request_type.downcase.to_sym, request_url, json: #body)
I checked the AWS::Signer::V4 document, turns out I should pass the body into the signer as well.
signer.sign_request(http_method: #request_type, url: request_url, body: #body)
I published the amz_sp_api rubygem that does this, but I would welcome a contribution of the ruby code for encrypting the feed submissions as required by SP-API: https://github.com/ericcj/amz_sp_api/issues/1
Related
Following the Amazon Selling Partner API Doc, I was able to get the LWA access token.
However, I'm getting blocked in making request to the REST API.
https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#connecting-to-the-selling-partner-api
I tried to use aws-sdk-signer to create a signed request
access_token = 'LWA access token'
signer = Aws::Sigv4::Signer.new(
access_key_id: 'my access id',
region: 'us-east-1',
secret_access_key: 'my access key,
service: 'execute-api',
)
signature = signer.sign_request(
http_method: 'GET',
url: 'https://sellingpartnerapi-na.amazon.com/orders/v0/orders',
headers: {
'host' => 'sellingpartnerapi-na.amazon.com',
'user_agent' => 'test (Language=Ruby)',
'x-amz-access-token' => access_token
})
response = HTTParty.send(:get, 'https://sellingpartnerapi-na.amazon.com/orders/v0/orders', headers: {
'host' => signature.headers['host'],
'user_agent' => 'test (Language=Ruby)',
'x-amz-access-token' => access_token,
'x-amz-content-sha256' => signature.headers['x-amz-content-sha256'],
'x-amz-date' => signature.headers['x-amz-date'],
'Authorization' => signature.headers['authorization'],
})
resposne
{"errors"=>[{"message"=>"Access to requested resource is denied.", "code"=>"Unauthorized", "details"=>"Access token is missing in the request header."}]}
It looks like I'm not signing the LWA access token correctly, but I have no idea what's going on since this is a new API and there's not much implementation especially in ruby.
Would anyone give some directions?
Update: I followed the Singer document
https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Sigv4/Signer.html
Aws::Sigv4::Signer
For anyone stumbling across this:
Your problem likely stems from HTTParty (or other HTTP client gems) using Ruby's Net::HTTPHeader behind the scenes.
Net::HTTPHeader capitalizes all request headers before the request is sent and the x-amz-access-token header is case-sensitive.
If you're populating x-amz-access-token with a valid value and still receiving the following error:
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"details": "Access token is missing in the request header."
}
...then you're likely running into this issue.
You can bypass this by overloading Net:HTTPHeader.capitalize like so:
module Net::HTTPHeader
def capitalize(name)
name
end
private :capitalize
end
see also: https://github.com/amzn/selling-partner-api-docs/issues/292#issuecomment-759904882
"Access token is missing in the request header" sounds like something is wrong with your x-amz-access-token. Are you retrieving it like this? https://github.com/ericcj/amz_sp_api/blob/main/lib/sp_api_client.rb#L40
I'm new to using the rest-client. I know I'm missing something, but I am trying to do the following:
Post to a login endpoint to authenticate
After authentication, post csv text to another endpoint that requires a logged in user
The authentication portion is successful, however, I am getting a 401 Unauthorized when step 2 occurs.
rest_client = RestClient
login_response = #global_rest_client.post(
host + 'LOGIN ENDPOINT',
{ userName: 'user', password: 'password'},
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
)
import_response = rest_client.post(
host + 'IMPORT DATA ENDPOINT',
headers: { 'X-System-Name': 'AndroidMobile', 'Content-Type': 'multipart/form-data },
csv: csv_string
)
My understanding of how authentication works could be wrong. My assumption is that as long as the same instance of the client has a successful login, then the post of csv data would also be successful.
I appreciate any input.
HTTP (1.1) is stateless so a request does not contain any information about previous requests unless that information is encoded and added to the request in some way (e.g. cookies or headers). So when you make your import request the server does not know if/that you are authenticated even though you just made a login request.
You'll have to include the token you receive from your login request in subsequent requests. This should go in the 'Authorization' header.
For example:
auth_token = login_response["success"]["token"] # or whatever the key is for the token
import_response = rest_client.post(
host + 'IMPORT DATA ENDPOINT',
headers: { 'Authorization': "Bearer #{auth_token}", 'X-System-Name': 'AndroidMobile', 'Content-Type': 'multipart/form-data },
csv: csv_string
)
The way authentication works depends on the server and can be different in different cases. So the site you are accessing might expect the Authorization header to be like "Token #{auth_token}" or anything else, but they should mention it in their documentation.
I have a mobile app that is signin in with google and sending a server auth code to my backend app.
I want to use this code, along with the client secrets from the google developer console, to retrieve a refresh code for retrieving data from google drive when the user is offline.
Google provides an client for auth calls in ruby, but it seems not to be maintained lately and I could not see a way to do this kind of authorisation in the docs.
In the documentation, I could find an example of how to do this on python:
from oauth2client import client
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code)
I would like to do this in ruby through a post to their https://www.googleapis.com/oauth2/v4/token endpoint. Here is what I've tried so far:
require 'uri'
require 'net/http'
require 'json'
url = URI("https://www.googleapis.com/oauth2/v4/token")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
headers = {'Content-Type': 'application/json'}
request = Net::HTTP::Post.new(url.request_uri, headers)
request.body = {
code: "#{server_auth_code_sent_to_api}",
client_id: "#{client_id_from_developer_console}",
client_secret: "#{client_secret_from_developer_console}",
grant_type: 'authorization_code',
redirect_url: '',
}.to_json
response = http.request(request)
puts JSON.parse(response.read_body)
But I keep getting the following error:
{
"error": "unsupported_grant_type",
"error_description": "Invalid grant_type: "
}
Does anybody has an idea on what I'm doing wrong, or has a working example on how to do this kind of authorisation?
Thanks in advance.
In case somebody stumbles here with a similar problem, what caused the request to fail was the Content-Type, and not the grant_type parameter.
Digging around in the code for the client library I saw that they use application/x-www-form-urlencoded the endpoint expects a application/x-www-form-urlencoded content type. I adjusted my code accordingly and was able to get a successful response with the valid credentials and token.
Here follows the resulting code:
require 'uri'
require 'net/http'
require 'json'
url = URI("https://www.googleapis.com/oauth2/v4/token")
params = {
"code" => "#{server_auth_code_sent_to_api}",
"client_id" => "#{client_id_from_developer_console}",
"client_secret" => "#{client_secret_from_developer_console}",
"grant_type" => "authorization_code",
"redirect_url" => "#{redirect_url_from_developer_console}",
}
response = Net::HTTP.post_form(url, params)
puts JSON.parse(response.read_body)
I'm trying to get my GPS data from the Waze app using the rest-client lib. I'm basicly trying to fake a login via the website https://www.waze.com/. After login (you can use JohnDoeSpeedy228:gre#tStory92) when you visit https://www.waze.com/editor/, click on "Drives" after review the the network calls you'll get to see the raw JSON data.
I seem to have succesfully logged in but when making the request to return the list of all my drives it returns the following
{"users"=>{"objects"=>[]}, "archives"=>{"totalSessions"=>0, "objects"=>[]}}
It should return something like this:
{
"users":{
"objects":[
]
},
"archives":{
"totalSessions":1,
"objects":[
{
"id":<REDACTED>,
"userID":<REDACTED>,
"existingRoadMeters":2839,
"newRoadMeters":0,
"totalRoadMeters":2839,
"startTime":1456996197000,
"endTime":1456996636000,
"hasFullSession":true
}
]
}
}
Here's what I'm trying:
require 'rest-client'
require 'json'
GET_CSRF_URL = "https://www.waze.com/login/get"
SESSION_URL = "https://www.waze.com/login/create"
SESSION_LIST_URL = "https://www.waze.com/Descartes-live/app/Archive/List"
SESSON_DATA_URL = "https://www.waze.com/Descartes-live/app/Archive/Session"
AUTH = {'user_id'=>'JohnDoeSpeedy228','password'=>'gre#tStory92'}
req = RestClient.get(GET_CSRF_URL)
csrfhash = req.cookies
csrfhash['editor_env'] = 'row'
headers = {'X-CSRF-Token'=>csrfhash['_csrf_token']}
log = RestClient::Request.execute(
method: :post,
url: SESSION_URL,
cookies: csrfhash,
headers: headers,
payload: AUTH
)
ses = RestClient::Request.execute(
method: :get,
url: SESSION_LIST_URL,
cookies: log.cookies,
payload: {'minDistance'=>1000,'count'=>50, 'offset'=>0}
)
puts JSON.parse(ses)
Am I doing something wrong?
My guess is that you are confusing two accounts. Are you sure you logged a drive while logged in as JohnDoeSpeedy228? If there are no sessions from that user when logged into the site manually, I wouldn't expect the code to work either.
We can't find any of your drives.
Have you started driving with the Waze app yet? If so, please make sure you logged into the Map Editor with the same credentials you use in the app.
I am trying to implement facebook authentication for an app with warden, after the user allows facebook auth and redirects to my app callback with the token I get a 400 while consuming the api. My warden strategy is this:
class Facebook < Warden::Strategies::Base
def client
#client ||= OAuth2::Client.new MyApp::Facebook::AppID, MyApp::Facebook::AppSecret, :site => 'https://graph.facebook.com'
end
def params
#params ||= Rack::Utils.parse_query(request.query_string)
end
def authorize_url
client.web_server.authorize_url :redirect_uri => request.url, :scope => 'email,publish_stream'
end
def authenticate!
throw(:halt, [302, {'Location' => authorize_url}, []]) unless params['code']
facebook = client.web_server.get_access_token params['code'], :redirect_uri => request.url
rescue OAuth2::HTTPError => e
puts e.response.body
end
end
Strategies.add :facebook, Facebook
The result of printing the response body is this:
{"error":{"type":"OAuthException","message":"Error validating client secret."}}
I am pretty shure the app id and app secret are the ones provided by FB.
Thanks.
I've seen that error message many times. Here are the things I would double check:
your domain is the same as what you listed in the facebook callback url
the app id is correct (actually print this out on a page, sometimes y
the app secret is correct
Add redirect_uri while creating the object of facebook that will fix the issue.
Redirect the user to https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
After user click allow, it'll hit our Redirect Uri
At that point we'll get the code and we need to do a server side HTTP Get to the following Url to exchange the code with our oAuth access token:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
Now at step 3, I kept on getting Http 400 response back.
So after some research, I found out that on that redirect_uri that we submitted on step 3 doesn't do anything but validate the request. Thus, the value need to match with step 2.
I also get the same error and i resolved by doing as below:
double check your client_id, client_secret, redirect_uri.
Add Accept: "application/json" header to thye request
fetch(
`https://graph.facebook.com/v15.0/oauth/access_token?client_id=${process.env.FACEBOOK_APP_ID}&redirect_uri=${process.env.FACEBOOK_REDIRECT_URI}&client_secret=${process.env.FACEBOOK_APP_SECRET}&code=${code}`,
{
method: "GET",
headers: {
Accept: "application/json",
},
}
)