Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
TIdHTTP REST OAuth2
#1
Dear Reader;
in my 1st attempt to connect to a REST server with TIdHTTP all I was told to do is to POST an HTTP request in the form:
"https://www.server.com/api/authentication/oauth2/token?grant_type=password&username=***&password=***&client_id=***&client_secret=***"
with server-side generated usernamepasswordclient_id and client_secret:

Code:
TIdHTTP *IdHTTP;
TIdSSLIOHandlerSocketOpenSSL *IdSSLIOHandlerSocketOpenSSL1;
TIdLogFile *IdLogFile1;
AnsiString sURL0, sResp;
IdHTTP->IOHandler = IdSSLIOHandlerSocketOpenSSL1;
IdHTTP->Intercept = IdLogFile1;
TStringList *slHttpRspns;
//...
  sURL0 = "https://www.someserver.com/api/authentication/oauth2/token?grant_type=password&username=nome_de_usuário%40oldshoes.com&password=metellno1&client_id=wqeqweqwewqwewq&client_secret=qwewqewewqe";
  try{
    slHttpRspns = new TStringList;
    IdLogFile1->Active = true;
    sResp = IdHTTP->Post( sURL0, slHttpRspns );
    Memo1->Lines->Add( "IdHTTP->ResponseCode="+IntToStr(IdHTTP->ResponseCode) );//500
    //if succeeded the server should come back with a token in JSON form
  }catch( Exception &e ){
    //...
  }

IdHTTP->ResponseCode==500;

IdLogFile has the following:

Stat Connected.
Sent DateTime: POST /api/authentication/oauth2/token?grant_type=password&username=nome_de_usuário%40someclient.com&password=metellno1&client_id=wqeqweqweqewqwewq&client_secret=qwewqewqewqewqe HTTP/1.1
Content-Type: application/json
Content-Length: 0
Host: www.someserver.com
Accept: text/html,application/xhtml+xml,application/xml,application/json;q=0.9,*/*;q=0.8
User-Agent: Mozilla/3.0 (compatible; Indy Library)

Recv DateTime: HTTP/1.1 500 Server Error
Content-Length: 347
Content-Type: application/json
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Security-Policy: default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-SL-Proxy: false
X-XSS-Protection: 1; mode=block
Date: DateTime

{
  "failure" : "Pipeline execution failed while waiting for output",
  "reason" : "Snap errors: {ruuid=<***some guid***>, label=Decode JSON, failure=Failed to read from binary input view, reason=No content to map due to end-of-input, resolution=Please address the reported issue.}",
  "resolution" : "Fix the reported errors"
}


JSON at the bottom of IdLogFile is the server Error detailed.

I have no idea what all that is about, so I ran that same request with PostMan ver.9.31 - it came back with no error and new token in its response.

What do I need to change on VCL/Indy side in order to mimic the PostMan's behaviour? Is this information enough to correct the error?

Please help. Thanks in advance. Boba TC.
Reply
#2
(03-19-2023, 11:56 PM)Boba TC Wrote: in my 1st attempt to connect to a REST server with TIdHTTP all I was told to do is to POST an HTTP request in the form...

Told by whom? Do you have a link to such documentation?

(03-19-2023, 11:56 PM)Boba TC Wrote: "https://www.server.com/api/authentication/oauth2/token?grant_type=password&username=***&password=***&client_id=***&client_secret=***"
with server-side generated usernamepasswordclient_id and client_secret:

Have you tried sending the OAuth fields in the POST body instead of in the URL query string?

Code:
...
sURL0 = "https://www.someserver.com/api/authentication/oauth2/token";
TStringList *slHttpReq = new TStringList;
slHttpReq->Add("grant_type=password");
slHttpReq->Add("username=nome_de_usuário@oldshoes.com");
slHttpReq->Add("password=metellno1");
slHttpReq->Add("client_id=wqeqweqwewqwewq");
slHttpReq->Add("client_secret=qwewqewewqe");

IdHTTP->Request->ContentType = "application/x-www-form-urlencoded";
sResp = IdHTTP->Post( sURL0, slHttpReq );
delete slHttpReq;
...

(03-19-2023, 11:56 PM)Boba TC Wrote: IdLogFile has the following:

Your Content-Type header is telling the server that you are sending JSON, but you are not actually sending any JSON. The server's error message is reporting a JSON decoding failure due to end-of-input.

(03-19-2023, 11:56 PM)Boba TC Wrote: I have no idea what all that is about, so I ran that same request with PostMan ver.9.31 - it came back with no error and new token in its response.

What does Postman's actual HTTP request look like compared to TIdHTTP's request? Anything you can do in Postman can be replicated in TIdHTTP with the correct parameters.

(03-19-2023, 11:56 PM)Boba TC Wrote: What do I need to change on VCL/Indy side in order to mimic the PostMan's behaviour? Is this information enough to correct the error?

Can't answer that without seeing the working Postman request.

Reply
#3
(03-20-2023, 07:20 PM)rlebeau Wrote:
(03-19-2023, 11:56 PM)Boba TC Wrote: in my 1st attempt to connect to a REST server with TIdHTTP all I was told to do is to POST an HTTP request in the form...

Told by whom?  Do you have a link to such documentation?

(03-19-2023, 11:56 PM)Boba TC Wrote: "https://www.server.com/api/authentication/oauth2/token?grant_type=password&username=***&password=***&client_id=***&client_secret=***"
with server-side generated usernamepasswordclient_id and client_secret:

Have you tried sending the OAuth fields in the POST body instead of in the URL query string?

Code:
...
sURL0 = "https://www.someserver.com/api/authentication/oauth2/token";
TStringList *slHttpReq = new TStringList;
slHttpReq->Add("grant_type=password");
slHttpReq->Add("username=nome_de_usuário@oldshoes.com");
slHttpReq->Add("password=metellno1");
slHttpReq->Add("client_id=wqeqweqwewqwewq");
slHttpReq->Add("client_secret=qwewqewewqe");

IdHTTP->Request->ContentType = "application/x-www-form-urlencoded";
sResp = IdHTTP->Post( sURL0, slHttpReq );
delete slHttpReq;
...

(03-19-2023, 11:56 PM)Boba TC Wrote: IdLogFile has the following:

Your Content-Type header is telling the server that you are sending JSON, but you are not actually sending any JSON.  The server's error message is reporting a JSON decoding failure due to end-of-input.

(03-19-2023, 11:56 PM)Boba TC Wrote: I have no idea what all that is about, so I ran that same request with PostMan ver.9.31 - it came back with no error and new token in its response.

What does Postman's actual HTTP request look like compared to TIdHTTP's request?  Anything you can do in Postman can be replicated in TIdHTTP with the correct parameters.

(03-19-2023, 11:56 PM)Boba TC Wrote: What do I need to change on VCL/Indy side in order to mimic the PostMan's behaviour? Is this information enough to correct the error?

Can't answer that without seeing the working Postman request.

Told by whom?  Do you have a link to such documentation?
this is a paid service; they (provider) are not talkative at all; their help docs are as bad as it gets  Angry

> ... but you are not actually sending any JSON
you're right, this is what I just corrected and everything is quite well for now at least.

Thank you very much, Remy, for such a fast response. I am glad you are able to keep this forum alive, thanks.  Boba.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)