[GH-ISSUE #59] Uber Authentication failed "HTTP Status 401: Unauthorized, Response: {"error": "invalid_client"}"

Author

Owner

@kittrCZ commented on GitHub (Jul 6, 2015):

Hi @alikazim I have the exact same issue. I think that encoding is somehow mixed and that the redirect_uri sent to Uber is not correct. I have found that the code which generates queryString is returning following value for redirect_uri:

redirect_uri=oauth-swift%3A%2F%2Foauth-callback%2Fuber

Which is encoded value and it does not correspond with registered value on Uber Developers Portal. I don't believe that this library is working with Uber OAuth2 flow, or I haven't found solution in all these parameters to enhance encoding. If someone knows how to fix this, I'm here and listen.

Update 1: I found the method which is used to encode URL query string:

    func urlEncodedQueryStringWithEncoding(encoding: NSStringEncoding) -> String {
        var parts = [String]()

        for (key, value) in self {
            let keyString = "\(key)".urlEncodedStringWithEncoding(encoding)
            let valueString = "\(value)".urlEncodedStringWithEncoding(encoding)
            let query = "\(keyString)=\(valueString)" as String
            parts.append(query)
        }

        return "&".join(parts) as String
    }

Which is for some reason taken from Swifty framework

Update 2: Can't make it work with Uber API:( Dunno what is wrong there, but my suspicion is on the encoding.

Update 3: I also found bug in Uber API, when you pass parameter redirect_uri to the https://login.uber.com/oauth/authorize, you will get INVALID REQUEST PARAMETERS all the time.

@kittrCZ commented on GitHub (Jul 6, 2015): Hi @alikazim I have the exact same issue. I think that encoding is somehow mixed and that the redirect_uri sent to Uber is not correct. I have found that the code which generates `queryString` is returning following value for redirect_uri: ``` redirect_uri=oauth-swift%3A%2F%2Foauth-callback%2Fuber ``` Which is encoded value and it does not correspond with registered value on Uber Developers Portal. I don't believe that this library is working with Uber OAuth2 flow, or I haven't found solution in all these parameters to enhance encoding. If someone knows how to fix this, I'm here and listen. --- **Update 1:** I found the method which is used to encode URL query string: ``` func urlEncodedQueryStringWithEncoding(encoding: NSStringEncoding) -> String { var parts = [String]() for (key, value) in self { let keyString = "\(key)".urlEncodedStringWithEncoding(encoding) let valueString = "\(value)".urlEncodedStringWithEncoding(encoding) let query = "\(keyString)=\(valueString)" as String parts.append(query) } return "&".join(parts) as String } ``` Which is for some reason taken from [Swifty framework](https://github.com/mattdonnelly/Swifter/blob/master/Swifter/Dictionary%2BSwifter.swift#L55) --- **Update 2:** Can't make it work with Uber API:( Dunno what is wrong there, but my suspicion is on the encoding. --- **Update 3:** I also found bug in Uber API, when you pass parameter `redirect_uri` to the `https://login.uber.com/oauth/authorize`, you will get `INVALID REQUEST PARAMETERS` all the time.

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 1, 2015):

Did you figure any of this out? I'm looking for how to authorize users in swift / ios. I can't figure out what the redirect_uri is supposed to be, I have my app name set in url types and identity and schemes, etc, but myapp:// isn't working and i'm not sure what comes after the // or what I tell uber to set my redirect uri to. Plus I have no idea what to do after I get that set right. It's asking for scope and state and params and all that and I don't know what to put there.

@sephethus commented on GitHub (Aug 1, 2015): Did you figure any of this out? I'm looking for how to authorize users in swift / ios. I can't figure out what the redirect_uri is supposed to be, I have my app name set in url types and identity and schemes, etc, but myapp:// isn't working and i'm not sure what comes after the // or what I tell uber to set my redirect uri to. Plus I have no idea what to do after I get that set right. It's asking for scope and state and params and all that and I don't know what to put there.

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 2, 2015):

I'm to this point in the code. I have figured out how to get it to try and authorize my app using OAuth2Swift but now it's giving me the same error it's giving you: Invalid Request Parameters

@sephethus commented on GitHub (Aug 2, 2015): I'm to this point in the code. I have figured out how to get it to try and authorize my app using OAuth2Swift but now it's giving me the same error it's giving you: Invalid Request Parameters

kerem commented

Author

Owner

@kittrCZ commented on GitHub (Aug 3, 2015):

@sephethus I contacted Uber support regarding this issue and pointed out this thread. I will try to resolve it with them.

@kittrCZ commented on GitHub (Aug 3, 2015): @sephethus I contacted Uber support regarding this issue and pointed out this thread. I will try to resolve it with them.

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 3, 2015):

Thanks I've posted this in a new, separate issue as well, here, since the description on this issue is for a different error. Mine has more details I think. https://github.com/dongri/OAuthSwift/issues/88

@sephethus commented on GitHub (Aug 3, 2015): Thanks I've posted this in a new, separate issue as well, here, since the description on this issue is for a different error. Mine has more details I think. https://github.com/dongri/OAuthSwift/issues/88

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 6, 2015):

Any progress with this @kittrCZ

@sephethus commented on GitHub (Aug 6, 2015): Any progress with this @kittrCZ

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 7, 2015):

They're telling me the redirect is wrong. My app name is set in the plist URL schema and should use the format: MyAppName://whatever but they're saying it has to redirect to https:// which is not going to work with iOS. WTF?

@sephethus commented on GitHub (Aug 7, 2015): They're telling me the redirect is wrong. My app name is set in the plist URL schema and should use the format: MyAppName://whatever but they're saying it has to redirect to https:// which is not going to work with iOS. WTF?

kerem commented

Author

Owner

@kittrCZ commented on GitHub (Aug 7, 2015):

Hi @sephethus, I think that there is problem on Uber side. This is what I got from their support:

Hi Tomas, Thank you for the report. Currently, the redirect_url only supports the https scheme. I opened a feature request for us to be more lenient on this. In the meantime, are you able to use an https URI? Thanks, Alec

I seriously think that this is a joke. Why the hell they don't support URL schemes? For this you have to do proxy/server app for doing these redirections. There is no wonder, I haven't seen Uber integrated in many iOS apps.

@kittrCZ commented on GitHub (Aug 7, 2015): Hi @sephethus, I think that there is problem on Uber side. This is what I got from their support: > Hi Tomas, Thank you for the report. Currently, the redirect_url only supports the https scheme. I opened a feature request for us to be more lenient on this. In the meantime, are you able to use an https URI? Thanks, Alec I seriously think that this is a joke. Why the hell they don't support URL schemes? For this you have to do proxy/server app for doing these redirections. There is no wonder, I haven't seen Uber integrated in many iOS apps.

kerem commented

Author

Owner

@phimage commented on GitHub (Aug 7, 2015):

For https, you can also provide to oauthswift an authentification handler with webview and (navigation) delegate. The delegate could call directly the handlexXX method of oauthswift2, no need to go out from app, to re-enter then, with the application url scheme

@phimage commented on GitHub (Aug 7, 2015): For https, you can also provide to oauthswift an authentification handler with webview and (navigation) delegate. The delegate could call directly the handlexXX method of oauthswift2, no need to go out from app, to re-enter then, with the application url scheme

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 7, 2015):

That sounds like yet more stuff I gotta learn how to do. Ugh. Have you tried the embedded webview? Does that work?

@sephethus commented on GitHub (Aug 7, 2015): That sounds like yet more stuff I gotta learn how to do. Ugh. Have you tried the embedded webview? Does that work?

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 7, 2015):

I found this tutorial (skip to oauthswift with webview) but it's saying that there's some kind of webview property in OAuth2Swift but I don't see it and it's complaining that it isn't there, the tutorial is likely radically out of date: http://www.raywenderlich.com/99431/oauth-2-with-swift-tutorial#comments

@sephethus commented on GitHub (Aug 7, 2015): I found this tutorial (skip to oauthswift with webview) but it's saying that there's some kind of webview property in OAuth2Swift but I don't see it and it's complaining that it isn't there, the tutorial is likely radically out of date: http://www.raywenderlich.com/99431/oauth-2-with-swift-tutorial#comments

kerem commented

Author

Owner

@phimage commented on GitHub (Aug 7, 2015):

@sephethus this tutorial is outdated
don't follow tutorial to learn, read and eat codes

(You loose time, I understand how work OAuthSwift in 30 minutes, just with debug mode)
If you don't want to read the framework codes, read the example, the demo provided at least...

see WebViewController file in demo, function webView....shouldStartLoadWithRequest.... to handle the url
and call OAuth2Swift.handleOpenURL(url) in case of your url

webViewController become authorize_url_handler (after my own PR merged) because we could handle url with other way (webview and segue from storyboard)

@phimage commented on GitHub (Aug 7, 2015): @sephethus this tutorial is outdated don't follow tutorial to learn, read and eat codes (You loose time, I understand how work OAuthSwift in 30 minutes, just with debug mode) If you don't want to read the framework codes, read the example, the demo provided at least... see `WebViewController` file in demo, function `webView....shouldStartLoadWithRequest....` to handle the url and call `OAuth2Swift.handleOpenURL(url)` in case of your url `webViewController` become `authorize_url_handler` (after my own PR merged) because we could handle url with other way (webview and segue from storyboard)

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 7, 2015):

I'm probably not as good as you at "reading and eating" code, but what in the world would I use as the redirect_uri when launching within a webview?

@sephethus commented on GitHub (Aug 7, 2015): I'm probably not as good as you at "reading and eating" code, but what in the world would I use as the redirect_uri when launching within a webview?

kerem commented

https://yourAppNameOrWebsiteORfakewebsite/callback

Author

Owner

@phimage commented on GitHub (Aug 7, 2015):

then check url host equal to yourAppNameOrWebsiteORfakewebsite

@phimage commented on GitHub (Aug 7, 2015): https://yourAppNameOrWebsiteORfakewebsite/callback then check url host equal to yourAppNameOrWebsiteORfakewebsite

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 7, 2015):

So that doesn't actually go anywhere but you can just capture what it's trying to call?

@sephethus commented on GitHub (Aug 7, 2015): So that doesn't actually go anywhere but you can just capture what it's trying to call?

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 8, 2015):

In the demos, the only ones not using URL schemas are pointing to an http heroku site, which I have no idea what that site is doing or handling or what is set up on that end. Even if I change my redirect_uri to https://oauthswift.herokuapp.com/myappname it still gets "Invalid Request Parameters".

@sephethus commented on GitHub (Aug 8, 2015): In the demos, the only ones not using URL schemas are pointing to an http heroku site, which I have no idea what that site is doing or handling or what is set up on that end. Even if I change my redirect_uri to https://oauthswift.herokuapp.com/myappname it still gets "Invalid Request Parameters".

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 8, 2015):

Further examination when using println(request) in the shouldStartLoadWithRequest method shows that the uber site itself is redirecting me to this address once I log in and it gives me the Invalid Request Parameters error, I don't know if that matters:

https://login.uber.com/oauth/authorize?client_id=*****hidden&redirect_uri=https:%2F%2Foauthswift.herokuapp.com%2Fcallback%2FMyAppName&response_type=code&scope=profile%20history

@sephethus commented on GitHub (Aug 8, 2015): Further examination when using println(request) in the shouldStartLoadWithRequest method shows that the uber site itself is redirecting me to this address once I log in and it gives me the Invalid Request Parameters error, I don't know if that matters: https://login.uber.com/oauth/authorize?client_id=**********hidden*****&redirect_uri=https:%2F%2Foauthswift.herokuapp.com%2Fcallback%2FMyAppName&response_type=code&scope=profile%20history

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 9, 2015):

Another update, you know what? I still get invalid request parameters if I just paste the url into a browser with the required client_id and redirect_uri. Something is wrong on their end or this is not how it's supposed to be done.

@sephethus commented on GitHub (Aug 9, 2015): Another update, you know what? I still get invalid request parameters if I just paste the url into a browser with the required client_id and redirect_uri. Something is wrong on their end or this is not how it's supposed to be done.

kerem commented

https://login.uber.com/oauth/authorize?client_id=fOjVtVqKhu-zUQclUfY2joB14VEAEN9V&response_type=code&scope=history

Author

Owner

@sephethus commented on GitHub (Aug 9, 2015):

Experimenting further: just with the authorize url in a browser, outside of swift, I discovered that it is requiring the optional response_code and scope. Once I include that it works, but if I also include the redirect_uri, it fails again. It doesn't want the redirect_uri, it wants the response_code, scope, and client_id. Why doesn't it take the redirect_uri?

@sephethus commented on GitHub (Aug 9, 2015): Experimenting further: just with the authorize url in a browser, outside of swift, I discovered that it is requiring the optional response_code and scope. Once I include that it works, but if I also include the redirect_uri, it fails again. It doesn't want the redirect_uri, it wants the response_code, scope, and client_id. Why doesn't it take the redirect_uri? https://login.uber.com/oauth/authorize?client_id=fOjVtVqKhu-zUQclUfY2joB14VEAEN9V&response_type=code&scope=history

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 9, 2015):

I think I have solved the problem with Uber, this will require modification of OAuth2Swift.swift, just comment out the line that says:

urlString += "&redirect_uri=\(callbackURL.absoluteString!)"

Therefore:

var urlString = String()
        urlString += self.authorize_url
        urlString += (self.authorize_url.has("?") ? "&" : "?") + "client_id=\(self.consumer_key)"
        //urlString += "&redirect_uri=\(callbackURL.absoluteString!)"
        urlString += "&response_type=\(self.response_type)"

        if (scope != "") {
          urlString += "&scope=\(scope)"
        }

        if (state != "") {
            urlString += "&state=\(state)"
        }

        for param in params {
            urlString += "&\(param.0)=\(param.1)"
        }

        if let q = urlString.stringByAddingPercentEscapesUsingEncoding(NSUTF8StringEncoding) {

            if let queryURL = NSURL(string: q) {
                self.authorize_url_handler.handle(queryURL)
            }
        }
}

Also, use the following URL for your callback:

https://oauthswift.herokuapp.com/callback/YourAppNameHere

I can see the code coming back to me when it returns me to my app, I'm using appdelegate openURL to run oauth2swift.handleopenurl(url). It crashes at this point, so on with the next problem.

@sephethus commented on GitHub (Aug 9, 2015): I think I have solved the problem with Uber, this will require modification of OAuth2Swift.swift, just comment out the line that says: ``` urlString += "&redirect_uri=\(callbackURL.absoluteString!)" ``` Therefore: ``` var urlString = String() urlString += self.authorize_url urlString += (self.authorize_url.has("?") ? "&" : "?") + "client_id=\(self.consumer_key)" //urlString += "&redirect_uri=\(callbackURL.absoluteString!)" urlString += "&response_type=\(self.response_type)" if (scope != "") { urlString += "&scope=\(scope)" } if (state != "") { urlString += "&state=\(state)" } for param in params { urlString += "&\(param.0)=\(param.1)" } if let q = urlString.stringByAddingPercentEscapesUsingEncoding(NSUTF8StringEncoding) { if let queryURL = NSURL(string: q) { self.authorize_url_handler.handle(queryURL) } } } ``` Also, use the following URL for your callback: ``` https://oauthswift.herokuapp.com/callback/YourAppNameHere ``` I can see the code coming back to me when it returns me to my app, I'm using appdelegate openURL to run oauth2swift.handleopenurl(url). It crashes at this point, so on with the next problem.

kerem commented

Author

Owner

@phimage commented on GitHub (Aug 9, 2015):

redirect_uri is needed for access_token_url (last step), not really for authorize_url
uber is just too strict and don't want extra parameters

I don't know if other api need redirect_uri for access_token_url and why it is added to authorize_url

@phimage commented on GitHub (Aug 9, 2015): redirect_uri is needed for access_token_url (last step), not really for authorize_url uber is just too strict and don't want extra parameters I don't know if other api need redirect_uri for access_token_url and why it is added to authorize_url

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 9, 2015):

Now I'm getting the error this thread is about: HTTP Status 401: Unauthorized, Response: {"error": "invalid_client"}

My client_id and client_secret are correct. I don't know where it's trying to post them though. I am trying to follow through the entire process of what happens during the postOAuthAccessTokenWithRequestTokenByCode method and I keep getting lost through it. I think the client_id or secret or both are getting dropped somewhere, not sure. I think it's in the makeRequest method in OAuthSwiftHTTPRequest. It's still there when I println(parameters["client_secret"]).

if (encodeParameters) {
        let queryString = nonOAuthParameters.urlEncodedQueryStringWithEncoding(dataEncoding)
        //request.URL = URL.URLByAppendingQueryString(queryString)
        request.setValue("application/x-www-form-urlencoded; charset=\(charset)", forHTTPHeaderField: "Content-Type")
        request.HTTPBody = queryString.dataUsingEncoding(NSUTF8StringEncoding, allowLossyConversion: true)
 }

Even here the client key and secret are still there as nonOAuthParameters["client_key"], etc..., being set to this queryString constant. I uncommented that line, it's not working if I append it rather than adding it to the httpbody.

@sephethus commented on GitHub (Aug 9, 2015): Now I'm getting the error this thread is about: HTTP Status 401: Unauthorized, Response: {"error": "invalid_client"} My client_id and client_secret are correct. I don't know where it's trying to post them though. I am trying to follow through the entire process of what happens during the postOAuthAccessTokenWithRequestTokenByCode method and I keep getting lost through it. I think the client_id or secret or both are getting dropped somewhere, not sure. I think it's in the makeRequest method in OAuthSwiftHTTPRequest. It's still there when I println(parameters["client_secret"]). ``` if (encodeParameters) { let queryString = nonOAuthParameters.urlEncodedQueryStringWithEncoding(dataEncoding) //request.URL = URL.URLByAppendingQueryString(queryString) request.setValue("application/x-www-form-urlencoded; charset=\(charset)", forHTTPHeaderField: "Content-Type") request.HTTPBody = queryString.dataUsingEncoding(NSUTF8StringEncoding, allowLossyConversion: true) } ``` Even here the client key and secret are still there as nonOAuthParameters["client_key"], etc..., being set to this queryString constant. I uncommented that line, it's not working if I append it rather than adding it to the httpbody.

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 10, 2015):

Here's the headers in terms of key/value:

Key: Authorization 

Value: OAuth oauth_consumer_key="<so-my-client-key-is-valid-here>", oauth_nonce="03A0CB93", oauth_signature="f2Lb2CGrS2TX4AE2Xe3U0JLx0X0%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1439168007", oauth_version="1.0"

Maybe it's here that things go wrong? I don't see the secret.

@sephethus commented on GitHub (Aug 10, 2015): Here's the headers in terms of key/value: ``` Key: Authorization Value: OAuth oauth_consumer_key="<so-my-client-key-is-valid-here>", oauth_nonce="03A0CB93", oauth_signature="f2Lb2CGrS2TX4AE2Xe3U0JLx0X0%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1439168007", oauth_version="1.0" ``` Maybe it's here that things go wrong? I don't see the secret.

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 10, 2015):

I finally figured the whole thing out, the solution is nothing to do with OAuthSwift. You have to have a privacy page url on a website somewhere, and you have to check off the scope you're going to use. This is all on the manage app page of the developer site.

@sephethus commented on GitHub (Aug 10, 2015): I finally figured the whole thing out, the solution is nothing to do with OAuthSwift. You have to have a privacy page url on a website somewhere, and you have to check off the scope you're going to use. This is all on the manage app page of the developer site.

kerem commented

Author

Owner

@sephethus commented on GitHub (Aug 23, 2015):

I'm getting the { "error": Invalid_Client } again and this time it's not because of any setting on my Uber developer page. I'm requesting only "profile" in the scope. The key is getting all the way to the NSURLConnection request made in the OAuthSwiftHTTPRequest.swift file. It makes no sense why I'm getting this error now. I see that it sent back the authorization token so that much worked, but when it sends the request to the token request URL it fails. I can't see beyond this point so I have no idea what's happening after this.

@sephethus commented on GitHub (Aug 23, 2015): I'm getting the { "error": Invalid_Client } again and this time it's not because of any setting on my Uber developer page. I'm requesting only "profile" in the scope. The key is getting all the way to the NSURLConnection request made in the OAuthSwiftHTTPRequest.swift file. It makes no sense why I'm getting this error now. I see that it sent back the authorization token so that much worked, but when it sends the request to the token request URL it fails. I can't see beyond this point so I have no idea what's happening after this.

kerem commented

https://github.com/dongri/OAuthSwift/pull/96/files

Author

Owner

@dongri commented on GitHub (Aug 26, 2015):

Hi @sephethus @phimage @kittrCZ @alikazim

I Resolved Uber OAuth problem

Thanks!

@dongri commented on GitHub (Aug 26, 2015): Hi @sephethus @phimage @kittrCZ @alikazim I Resolved Uber OAuth problem https://github.com/dongri/OAuthSwift/pull/96/files Thanks!

kerem commented

Author

Owner

@dongri commented on GitHub (Aug 26, 2015):

Uber Wiki
https://github.com/dongri/OAuthSwift/wiki/Uber

@dongri commented on GitHub (Aug 26, 2015): Uber Wiki https://github.com/dongri/OAuthSwift/wiki/Uber

kerem commented

Author

Owner

@kittrCZ commented on GitHub (Aug 26, 2015):

@dongri this is awesome! Thank you for your contribution. I will test it.

@kittrCZ commented on GitHub (Aug 26, 2015): @dongri this is awesome! Thank you for your contribution. I will test it.

kerem commented

Author

Owner

@ivishal3258 commented on GitHub (Oct 13, 2016):

Object {message: "No authentication provided.", code: "unauthorized"}
code
:
"unauthorized"
message
:
"No authentication provided."

When i trying to hit the uber api i'll error mention above. Please help me out here.

@ivishal3258 commented on GitHub (Oct 13, 2016): Object {message: "No authentication provided.", code: "unauthorized"} code : "unauthorized" message : "No authentication provided." When i trying to hit the uber api i'll error mention above. Please help me out here.

kerem commented

Author

Owner

@phimage commented on GitHub (Oct 13, 2016):

@vishu3258 please open a new issue with details
I will help and comment in it

@phimage commented on GitHub (Oct 13, 2016): @vishu3258 please open a new issue with details I will help and comment in it

kerem commented