Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication issues when introducing create asset usage call. #22

Open
SamDenHaerynck opened this issue Feb 3, 2020 · 2 comments
Open

Comments

@SamDenHaerynck
Copy link

Hi,

We came across this authentication issue when we were adding the asset usage calls to release version 1.3 of this SDK.

We are using OAuth 1.0 for authentication and all calls under the api/v4 version of the Bynder API are working with the current setup. When implementing the create asset usage call which uses an unversioned endpoint (/api/media/usage/) we keep getting a 401 error.

When contacting Bynder support they claim you can't add the payload for the post request to both the body and the query string which is the case for all post calls included in the Bynder SDK. The create asset usage call only works with the payload included in the body and not in the query string.

But the authentication OAuthMessageHandler.GenerateSignature method requires the query string payload in order to generate a correct signature.

So this is quite inconsistent behavior between the existing SDK and the Bynder API.
Can someone from the team please take a look at it and give some useful feedback?

Thanks!

Kind regards,
Sam Den Haerynck
delaware

@WouterToering
Copy link

Hey @SamDenHaerynck,

Unfortunately the people who built this SDK have left the company, so I'll try to assist as best as I can with my limited knowledge.

It seems like 1.3 and older versions send the Query always as query parameters and also as body (form submission) on POST requests. Although sending it as query parameters is useless on POST requests, it doesn't break anything since like you noticed it's always included in the OAuth1 signature as well.

I've tried the create asset usage API call using a HTTP client and as long as the query params are part of the signature when in the URL, it works as expected.

@SamDenHaerynck
Copy link
Author

Hi @WouterToering

We added the create usage calls to the SDK ourselves and were not able to perform a successful call without changing the way a post request is handled in the SDK.

Like I said it seems that the authentication part needs the parameters also in the query string but the API endpoint can't handle a query string because when we don't remove the query string we get an a 401 that is caused by an incorrect format of the request (explanation Bynder support).

I could send you the fiddler requests that show you this behavior.

Kind regards,
Sam Den Haerynck
delaware

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants