Application Links
  1. Application Links
  2. APL-1001

When creating a Generic Application Link the OAuth Access Token Request is not signed properly

    Details

    • Type: Bug Bug
    • Status: Under Review
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.10.6
    • Fix Version/s: 3.10.8
    • Component/s: None
    • Labels:
      None

      Description

      I am trying to create an application link to Bitbucket, however when retrieving the Access Token from Bitbucket the request is denied, with Bitbucket responding Could not verify request.

      This was due to the request for the access token not being properly signed. The reason that it was not being properly signed was that when the request_token and secret were retrieved they were not persisted. Therefore when they try and sign the access token request with the request token and secret it is done wrong as they are null.

      UPDATE: After fixing the previous example it was found that the ThreeLeggedOAuthRequest did not sign it using the ConsumerToken that it was storing and instead signed it with the host consumer key.

      Fixing both of these allowed the proper OAuth connection to a Generic Application Link.

        Activity

        Hide
        Jaiden Ashmore added a comment -

        So far the actual fixes have been merged into 3.10.x, 3.11.x and master. The Integration tests however have still not been merged, this is being blocked by a failure in the testing process on bamboo. The tests work correctly when you go mvn cargo:run and run the test through IntelliJ. Once this is fixed merging these tests from issue/APL-1001 to those branches are necessary.

        Show
        Jaiden Ashmore added a comment - So far the actual fixes have been merged into 3.10.x, 3.11.x and master. The Integration tests however have still not been merged, this is being blocked by a failure in the testing process on bamboo. The tests work correctly when you go mvn cargo:run and run the test through IntelliJ. Once this is fixed merging these tests from issue/ APL-1001 to those branches are necessary.

          People

          • Assignee:
            Jaiden Ashmore
            Reporter:
            Jaiden Ashmore
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Who's Looking?