I have a Magento 1.9 CE install which I am trying to access via the REST API.
I keep getting the 'oauth_problem=nonce_used' error when I start the process by calling the oauth/initiate URL.
I have added some logging into the /Mage/Oauth/Model/Server.php _validateNonce method and despite what nonce I supply in the Postman request, the same nonce gets logged out. In other words, the nonce in the request disappears somehow and a previous nonce is retrieved from somewhere.
And it isn't just the nonce from the previous request. I called the oauth/initiate URL several times and the logged nonce was the same for all of them (and never the nonce passed in the request).
I'm not sure if this is a Magento thing or Apache/mod_rewrite is doing something as well.
Any thoughts much appreciated.
It was an issue with Postman rather than Magento. It wasn't updating the post data correctly.
Related
Maybe this is not possible...
I have one site, we'll call it club.com
And I have another site called store.com
I have control of both domains. club.com is powered by a Django project, and store.com is a shopify site.
If you're a member of club.com, you get a discount on store.com
We want to do it so that integration is seamless. No need to enter your club.com credentials to store.com, we want the page to do that for you.
How do I implement this?
I already tried simply putting an ajax call on store.com pointing to club.com, and it seems to work with one exception: The browser is not sending the proper cookies along with the request, so when club.com gets this ajax request it can't authenticate it.
You should consider OAuth2 to achieve what you need.
I am a beginner to magento REST API, how i will get token and token secret to be fill in Postman REST resquest. I have only consumer key and consumer secret.
Please provide me the steps to follow.
First, you want to request a valid OAuth token and secret. Do this by hitting the /oauth/initiate URL of your Magento store with a GET parameter for oauth_callback. We're going to use httpbin so that we can echo anything that is passed to our callback. Make sure you have "Auto add parameters" checked on the OAuth 1.0 settings for Postman.
That will give you an oauth_token and oauth_token_secret, which are only temporary. These are referred to as a "request token" and secret. Save these values somewhere because you will need them later.
Now, assemble a new regular HTTP request to the /admin/oauth_authorize URL of your Magento store. This will return a login form where you can accept the oauth token and authorize your app, however since we're using Postman we aren't able to interact with the form.
Instead, view the source and pull out the form_key hidden input value. Then assemble a new HTTP request to fake the submission of the authorization form. Make sure it is a POST request. Your new HTTP request should look like this.
Now, you need to actually confirm the authorization. Simply issue a GET to the /admin/oauth_authorize/confirm URL of your Magento store with the oauth_token as your parameter. When you send this request it will redirect to your oauth_callback from the first step. Now, you can see why we used httpbin as our callback in the first step.
OK. So, we're almost home. The last piece of the puzzle is to use the oauth_token, oauth_secret, and oauth_verifier all together to get a valid and persistent "access token". So, take the oauth_token_secret from the first step, and combine and assemble a new OAuth request like so.
You should get a returned token and secret. These will never expire! You can use them to query products and stuff.
Now, you can assemble your OAuth requests like this. Edit: Note, you must check the "Add params to header" checkbox in order for Magento REST calls to work properly.
Example request in Postman version 6.x.x
And response of this request is
You can get this credentials from Magento Admin. Click on edit icon in Integrations page.
#Franklin P Strube Unfortunately, I don't have enough reputations to add a comment.
I would like to add the following. The Magento REST API does not require both outh params on the URL AND Oauth headers. This is not actually stated above. See the last note where it says you need to "add params to header". You do need to do this, but when you do you will find it sends both url params and oauth headers. You don't need the url parms, it will work fine without them.
btw: the franklin response worked great!
We're running an install of Magento Enterprise which has built-in support for using Redis as a session handler.
For context: We're having with a module that implements PayPal payment method as an option for our users.
The module generates a lightbox with the PayPal form in it so that the user doesn't have to be redirected away from the page.
To do this, we have to generate a token, and save it to the session. The lightbox loads in the PayPal page with the token in the URL parameter.
When the user completes the form, the user is redirected to a confirm order page with the same token in the URL.
The URL token has to match the session token, or else the process fails.
This works fine when we disable redis and use normal file sessions (which we cannot do in our production environment).
Here is what we don't understand:
When we step through the code with xdebug with breakpoints, we see the token being set in the session in redis. The payment processing works fine.
When we don't step through the code, the process fails due to a token mismatch, and when we inspect the token key throughout the process, it originally sets it correctly, and then at the end, the token is we see is a token that was set several sessions ago.
The TTL on the session key is 24 minutes but don't think that should be an issue because it should be overwriting the value. Not sure why it works fine when we pause through the process with breakpoints.
Any ideas?
Is it the standard Magento PayPal module?
My first thought is that something else is storing an object to redis (and it should not do it) and later requests receive a cached value because this object is cached.
Maybe do a simple test:
Clear redis cache
Place an order and proceed to PayPal
Is at this point everything ok?
Check the token stored in Redis for this particular session and write it down
Place another order & proceed to Paypal
Verify whether the received token is the same as the previous one
I've been trying to authenticate my oAuth consumer to the Magento application for 2 weeks now. I just can't seem to get a break through.
I've configured the REST roles and attributes to make everything accessible. Now the next step is to get a request token.
I've been trying to authenticate using Google Chrome's REST client at the url - /oauth/initiate. I've entered all the parameters needed to authenticate the app namely -
consumer key, consumer secret, oauth version, timestamp, nonce, signature method.
But the error I get is this -
{
messages: {
error: [1]
0: {
code: 401
message: "oauth_problem=parameter_absent&oauth_parameters_absent=oauth_token"
}
}
}
Which seems very strange to me, cause there are no parameters absent from what I can make out. Someone please help me out. I've been stuck on this badly.
It means that Magento isn't returning the parameter oauth_token.
So there is something else wrong with your request. The first time I ran into this, it was because I wasn't providing an oauth_callback parameter.
I am not able to get a request token from the oauth/initiate page because it says page not found. What could be the problem?
I have created an oAuth customer, given the appropriate REST roles and attributes. Also, appended the consumer key, secret, nonce etc. in the authorization for the oAuth request.
What am I missing?
Oauth will give you page not found if the request params are incorrect. It's likely your client isn't sending the parameters correctly, or your signature doesn't match the one Magento is calculating.
I added some temporary logging to the OAuth server to try and track down the issue.
Add this to file app/code/core/Mage/Oauth/Model/Server.php after line 594, it will help you see what specific oauth error is being raised
Mage::log($response, Zend_Log::DEBUG, 'oauth.log');
Try your initiate request again, and then check var/log/oauth.log to see what the error is.
Don't even think about doing this on a production system, and ensure you roll back your changes afterwards. You should never modify core files other than for temporary debugging.