WIP Initial attempt at fetching oAuth1 and oAuth2 tokens #69
Conversation
There was a problem hiding this comment.
Make sure you're signing the requests to obtain the OAuth1 and OAuth2 keys with the correct consumer key and secret.
Here's what ChatGPT recommends on how to do it:
https://chat.openai.com/share/c6bdefea-a9e0-4c6e-b261-2aa0a73fa4cd
| // Get oauth v1 token | ||
| HttpGet getOauth1 = new HttpGet(GET_OAUTH1_URL + ticket); | ||
| getOauth1.setParams(params); | ||
| HttpEntity oauth1Entity = httpclient.execute(getOauth1).getEntity(); |
There was a problem hiding this comment.
This request needs to be signed with the OAuth1 consumer keys
There was a problem hiding this comment.
Ah this is the missing piece no doubt! Not sure how I scanned over that in your walk-through :)
| post.addHeader(HttpHeaders.ACCEPT_ENCODING, "gzip, deflate"); | ||
| post.addHeader(HttpHeaders.ACCEPT, "/"); | ||
| post.addHeader(HttpHeaders.AUTHORIZATION, "OAuth " + oauth1Token); | ||
| HttpEntity oauth2Entity = httpclient.execute(post).getEntity(); |
There was a problem hiding this comment.
This request needs to be signed with the OAuth1 keys provided in the earlier request.
There was a problem hiding this comment.
Agreed - hopefully that will be the easy bit once I get hold of OAuth1 :)
…r/LinkedIn etc). signpost seems to be a nice simple implementation. However, it expects apache HttpRequests when signing: java.lang.IllegalArgumentException: This consumer expects requests of type org.apache.http.HttpRequest Will see if cz.msebera.android has helper classes for doing the conversion. Cannot use directly http commons httpclient since Android requires async/non-main thread httpclient calls. cz.msebera.android takes care of that behind the scenes
…ting 401 on line 173 but this suggests the ticket is invalid. Going via the browser and I get wrong nonce as expected. So the oauth signing does *appear* successful. So need to investigate the invalid ticket number error
|
I recommend looking at this successful login session as a reference. The last two requests show the OAuth1 requests. |
|
I have built upon the changes in this PR. My changes can be found on the following branch: https://github.com/louisjennings/WeightLogger/tree/unable-to-upload-to-garmin-%2368 Thanks to @matin for the clear code in garth. With commit 6c5cdb9, I am successfully able to upload data to Garmin (but only if MFA is disabled for the account). In my mind, the next steps (either for this PR or a separate PR) will be:
I had to remove the redirection logic that was present after the ticket is obtained. For some reason this invalidated the ticket. I don't know if this is unneeded legacy code or whether it covers a case that my configuration doesn't replicate. As I didn't see similar logic in the garth login flow, I dropped it. |
This is a draft PR and requires further coding
I have added the steps to fetch the v1 and v2 oAuth tokens. However, getting a 400 when attempting to retrieve v1 using the "ticket". I have a feeling this is to do with missing cookies that need to be passed so need to fetch those from the sign-in -> ticket call return entity.
This is based on the great insights by matin and referencing https://github.com/matin/garth/blob/6aeb0faaf0d6b473d8dc161373068d2f5413fdfe/garth/sso.py#L21.
I'm in and out over the Christmas period but will pick this up when I can. The foundational logic flow has been typed up at least :)