Giters

bitbucket-rest-api / bitbucket

BitBucket API gem - bitbucket_rest_api

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OAuth not working

lpeabody opened this issue · comments

commented

Howdy.

I've seen the other OAuth issue and I can definitely guarantee that my key and secret are what they should be.

Here's the code I have...

require 'bitbucket_rest_api'

ENV['DEBUG'] = 'wtf'

bitbucket = BitBucket.new do |config|
    config.oauth_token = "<redacted>"
    config.oauth_secret = "<redacted>"
    config.adapter = :net_http
end

pp bitbucket.repos.list

And here's the debug info...

EXECUTED: get - /user/repositories with {} and {}
OPTIONS:{:headers=>{"User-Agent"=>"BitBucket Ruby Gem 0.1.1"}, :ssl=>{:verify=>false}, :url=>"https://bitbucket.org/api/1.0"}
I, [2013-01-31T20:14:26.168358 #18994]  INFO -- : get https://bitbucket.org/api/1.0/user/repositories
D, [2013-01-31T20:14:26.168490 #18994] DEBUG -- request: User-Agent: "BitBucket Ruby Gem 0.1.1"
Authorization: "OAuth oauth_nonce=\"cea1a1e17bad92529dd2ce92ea12c68c\", oauth_signature=\"C9LPWYfXaMNIoenrD2R3BviX6PU%3D\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1359681266\", oauth_token=\"<redacted>\", oauth_version=\"1.0\""
I, [2013-01-31T20:14:26.665307 #18994]  INFO -- Status: 302
D, [2013-01-31T20:14:26.665494 #18994] DEBUG -- response: server: "nginx/1.2.4"
date: "Fri, 01 Feb 2013 01:14:26 GMT"
content-type: "text/html; charset=utf-8"
transfer-encoding: "chunked"
connection: "close"
x-served-by: "bitbucket05"
x-version: "908585ddfd1f"
location: "https://bitbucket.org/account/signin/?next=/api/1.0/user/repositories"
x-static-version: "e2e3e99aa1fa"
x-request-count: "333"
strict-transport-security: "max-age=2592000"

The pp line simply outputs nil because bitbucket.repos.list returns nil. Does the gem need to be updated or something?

commented

+1 for solving this

commented

Ok, I've been scratching my head on this one for a while trying to make it fail myself and I think I realized what is going on here (and it's totally my fault!)

I think it's bad documentation on my part (which I will update right now):
oauth_token and oauth_secret should actually be your request tokens, not your consumer tokens. See: https://confluence.atlassian.com/display/BITBUCKET/oauth+Endpoint

commented

The full API docs were more clear than the readme, so I've updated the readme to make it clear the difference between the two in the config block.

commented

Sorry for the ignorance,

But BitBucket website only shows consumer key and secret, what about the other values?
Should I put consumer key and secret in client_id and client_secret? Or oauht_token, oauth_secret?

Thanks

commented

The other values are generated per-user by BitBucket during an OAuth authorization. I personally use Devise to do that since I'm allowing OAuth login with devise.

The consumer key and secret do belong in client_id and client_secret

commented

Okay, I thought that the gem would do all the auth flow for me. So, there is no way to do all the flow without user intervention?

Thanks for taking time to answer.

commented

No, OAuth requires user interaction to authorize the token generation. Though, that token generation only has to occur once so long as you store the request tokens.

commented

Hey Mike, you've been super helpful today.

So the way I'm reading this, I feel as if I should only have to specify the oauth key and secret generated by Bitbucket in the client_id and client_secret fields respectively. I'm a bit confused as to what needs to happen after that, because shouldn't obtaining the oauth request token and secret at that point be completely automated?

commented

Obtaining the request token and secret really can't be automated because it requires the end user to approve the authorization request from the app (via the BitBucket website). An authorization URL can be generated that the user is directed to on the BitBucket website, where the user is asked for approval, once they approve the access then BitBucket redirects the user back to a URL you specify as the callback with the request token and secret attached (which you would then store somewhere, such as a database).

commented

Thanks Mike.

Les Peabody, to use the gem, you will need to use any library or Oauth playground (http://googlecodesamples.com/oauth_playground/) where you could obtain the access token. This means that part of the OAuth flow will be done manually, but just one time, because the access token doesn't expire.

commented

So prior to doing anything with this gem I need to get that request and access token first? Okay cool, this is a good start.

All of this info has been extremely helpful. I'm planning a massive, automated migration of our Subversion repositories over to Git on Bitbucket and was hoping to use this awesome gem to do so. I'll play around later, but assuming I can somehow automate everything in a script my goal should be doable :) Thanks guys.

commented

If it's a local script and not a web service that you are building then you might find it easier to use HTTP Basic Auth instead, where you can just specify to connect as "user:password", rather than the more complicated OAuth method. Just be careful about the security of the script. Of course, this supposes that all of the repositories would be owned by the same user on BitBucket.

commented

Les Peabody, I found a well documented way to obtain the access token. I've tested locally and it worked.

http://wiki.openstreetmap.org/wiki/OAuth_ruby_examples

Section "Registering and Authorizing your application"

commented

Money. Thanks dude!