cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

single use token

satish_kandi
Explorer

on ‎03-12-2015 3:35 PM

0 Kudos

I'm trying to setup the feed widget(group) on one of our customer's portal pages. They are passing the single use token for authentication.

The feed widget works but there is an issue when the single use token passed to the script is generated by a second user. The widget posts comments by the 2nd user with the 1st user's Name on the group feed.

Steps :

1) Generate access token using saml for user 1.

2) use the access token to generate single use token for user 1.

3) Pass it to the script. Page now shows the widget. Post comments.

Repeat steps for a second user. The widget still shows that the comments were posted by user 1.

Thanks,

Satish

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-26-2015 9:36 AM
0 Kudos

Thank you for the great support, Rüdiger!

I will look into it. A search feature in API Docs would be helpful 🙂

Best,
Anton

Show replies
Show replies
robert_horne
Employee
Employee
‎03-12-2015 6:07 PM
0 Kudos

Hi Satish

Are you sure you are authenticating a new user when you ask for the single use token. This functionality is very well validated so I'm not expecting a bug here.

Here's what I would suggest.

Call /Self before you request a single use token. This OData call will validate you are properly logged in as user2 before you retrieve the token for the feed widget. My guess is you still have the assertion for the first user.

Show replies
Show replies
satish_kandi
Explorer
‎03-12-2015 6:59 PM
0 Kudos

I have 2 different access codes generated from 2 different saml assertion and I generate the single use tokens separately.

robert_horne
Employee
Employee
‎03-12-2015 7:02 PM
0 Kudos

Did you try calling /Self against the OData API to ensure you had two different users. /Self will tell you about the currently authenticated user.

satish_kandi
Explorer
‎03-12-2015 7:42 PM
0 Kudos

Hi Robert,

When I call self, I need to pass the access token associated with the user and the system determines the user correctly.

It is only when I use the widget the issue is occurring.

Can we please have a quick 10 min webex show I can show you what I mean?

I’ll send the invite after you confirm.

Thanks,

Satish

robert_horne
Employee
Employee
‎03-13-2015 4:02 PM
0 Kudos

I believe what is happening here Satish is that you are using the same browser to test the two different users. The first session over riding the second attempted session. This generally would not be a normal end user workflow thus not a valid test.

Former Member
‎03-26-2015 9:27 AM
0 Kudos

Hi Robert.

I am also working on a JAM-based application.

I build the OAuth 1.0a authorization and it is up an running. I need information (e.g. email, id) of the particular user that, I am holding the access_token for. So I just came across your "/self"

Do you have any documentation link for this API? I cannot find it in the offical docs.

I tried https://jam<no>.sapjam.com/v1/self and https://jam<no>.sapjam.com/self with a authorized request...both came back with a 404.

Any help is highly appreciated.

Best,

Anton

robert_horne
Employee
Employee
‎03-26-2015 9:54 AM
0 Kudos

Anything that doesn't necessarily fit into our OData model is generally in the OData Service operation calls. Also Anton you should be thinking about wether other users with use the same browser on the same machine. The other developer on this topic had a shared desktop scenario so he had to worry about logout of the feed widget to allow switching between different users.

It is just the UI based logout:

GET https://jam4.sapjam.com/auth/logout

(on jam4) a POST also works.

Former Member
‎08-28-2015 4:23 PM
0 Kudos

Hello Anton,

could you kidly share how did you implement the oAuth 1.0a authentication?

I tried to call JAM API by proceeding with the following steps:

  1. https://#jam#.sapjam.com/oauth/request_token
  2. https://#jam#.sapjam.com/oauth/authorize  and allowing from jam portal.
  3. https://#jam#.sapjam.com/oauth/access_token
  4. https://#jam#.sapjam.com/api/v1/OData/Groups

All the calls above are ok except for the 4th, where I got always 500 error.I don't know if the error is on the server (but I cannot access Jam servers to verify) or it could be caused by a client error call.My questions about are:

  1. Am I using the correct process to autheticate users to JAM via oAuth ?
  2. Is there a different and quicker way to do authentication instead of making at least 3 calls before obtain data from JAM?

I also add info that the Sigle sign on is already configured for me, if could help to support me about this topic.

Thank you in advance for the help you will provide!

Max

Adam_Stone
Active Contributor
‎08-28-2015 6:23 PM
0 Kudos

A 500 error is stating that there was an internal server error.  Is this actually what is being returned by the call, or is it your application that is returning a 500 error itself?  This shouldn't be related to the authorization, and is likely best to be posted as a separate question so it doesn't get lost in here.

You would want to include more details specifically about that last call, whether you are doing a GET, a POST, an example of a payload that you are passing, and what headers that you are setting.

Former Member
‎08-30-2015 9:25 PM
0 Kudos

Hi Max,

yes, as Adam states, a 500 error is probably due to some error in your request call to JAM...otherwise it would be a 404 or something. Do you have a screenshot?

Did you sign your request correctly with the key?

I could share some code with you...it is written in PHP and quite complicated due to some different libraries I am using. But if your steps 1 to 3 are fine, then the 4. should be a breeze.

Cheers

Former Member
‎08-31-2015 8:57 AM
0 Kudos

Following are my requests:

1)POST:

https://jam12.sapjam.com/oauth/request_token/?oauth_consumer_key=jSANISzyt3rHnon8Ye0e&oauth_signatur...

2)Navigate to:

https://jam12.sapjam.com/oauth/authorize?oauth_token=skm1JCwQ8NdSQrTchcITkxsDKeDLmw4IytIqYDMj

And manually allow from JAM Portal and got the following verifier

oauth_verifier=kCUOHsR5zT7t2qfURiJH

3)POST:

https://jam12.sapjam.com/oauth/access_token?oauth_consumer_key=jSANISzyt3rHnon8Ye0e&oauth_token=skm1...

4)GET:

https://jam12.sapjam.com/api/v1/OData/Groups?oauth_consumer_key=jSANISzyt3rHnon8Ye0e&oauth_token=q4k...

Here I got 500 error.

Could you please help and check the requests above, are they correct?

One more question from my hand: is there a way to by pass/avoid the user manually allow the request (point 2 above) or use a different way to authenticate, since my environment in Single-Sign-on enabled?

Thanks a lot guys!

Former Member
‎08-31-2015 9:18 AM
0 Kudos

Hi There!

Can you try to check your Request with [GET] /oauth/test_request ?

Yes. There is a way to build true SSO with SAML (SAP Jam Developer Guide). But I was unable to implement it and stayed with OAuth 1.0a so far.

Cheers

Former Member
‎08-31-2015 9:48 AM
0 Kudos

Hi Anton,

the request to the test service is returning 200 OK

this is the request

https://#jam#.sapjam.com/oauth/test_request?oauth_consumer_key=#con_key#&oauth_token=KvXrtjlqDoDotuM...

Result of the call is:

oauth_consumer_key=#cons_key#&oauth_token=KvXrtjlqDoDotuMmlYPifXWtv5CzdzREux5GIyF1&oauth_signature_method=PLAINTEXT&oauth_signature=#sign_key#&7VMkRoG5V1oqMayEDMedmcv0oKhBwO1t

So it's strange that other webservices like GetGroups, Self, ecc.. calls fail.

Using the oAuth 1.0 means to force user to allow manully the request? Did you implemented this way?

Since I will implement some batch operation I should avoid this step.

More tips and help will be appreciated.

thanks!

Ask a Question