Uploaded image for project: 'Application Links'
  1. APL-1001

When creating a Generic Application Link the OAuth Access Token Request is not signed properly


    • Type: Bug
    • Status: Under Review
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.10.6
    • Fix Version/s: 3.10.8
    • Component/s: None
    • Labels:


      I am trying to create an application link to Bitbucket, however when retrieving the Access Token from Bitbucket the request is denied, with Bitbucket responding Could not verify request.

      This was due to the request for the access token not being properly signed. The reason that it was not being properly signed was that when the request_token and secret were retrieved they were not persisted. Therefore when they try and sign the access token request with the request token and secret it is done wrong as they are null.

      UPDATE: After fixing the previous example it was found that the ThreeLeggedOAuthRequest did not sign it using the ConsumerToken that it was storing and instead signed it with the host consumer key.

      Fixing both of these allowed the proper OAuth connection to a Generic Application Link.




            • Assignee:
              jashmore Jaiden Ashmore
              jashmore Jaiden Ashmore
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created:

                Who's Looking?