Uber Authentication failed "HTTP Status 401: Unauthorized, Response: {"error": "invalid_client"}"

[alikazim]

i am using this library for Uber Authetication
https://developer.uber.com/v1/auth/

I have done like this

func doOAuthUber(){

    let oauthswift = OAuth2Swift(
        consumerKey:    "fXfXXXXXXXUo9vtKzobXXXXXUDO",
        consumerSecret: "e5XXXXXXXq2w63qz9szEx7uXXXXXXo03W",
        authorizeUrl:   "https://login.uber.com/oauth/authorize",
        accessTokenUrl: "https://login.uber.com/oauth/token",
        responseType:   "code"
    )

    var originalString = "jamesappv2://oauth/callback"
    var encodedCallBackUrl = originalString.stringByAddingPercentEncodingWithAllowedCharacters(.URLHostAllowedCharacterSet())

    println("encodedCallBackUrl: \(encodedCallBackUrl)")


    let state: String = ""
    oauthswift.authorizeWithCallbackURL( NSURL(string: encodedCallBackUrl!)!, scope: "request%20history", state: state, success: {
        credential, response in

        println(credential.oauth_token)
        self.personalDriverLoader.stopAnimating()



        }, failure: {(error:NSError!) -> Void in

            self.personalDriverLoader.stopAnimating()
            println(error.localizedDescription)
    })


}

but getting this response
HTTP Status 401: Unauthorized, Response: {"error": "invalid_client"}

I have triple checked that my client_id (consumerKey) and secret (consumerSecret) are correct.
What I have done wrong here

Please help

[kittrCZ]

Hi @alikazim I have the exact same issue. I think that encoding is somehow mixed and that the redirect_uri sent to Uber is not correct. I have found that the code which generates queryString is returning following value for redirect_uri:

redirect_uri=oauth-swift%3A%2F%2Foauth-callback%2Fuber

Which is encoded value and it does not correspond with registered value on Uber Developers Portal. I don't believe that this library is working with Uber OAuth2 flow, or I haven't found solution in all these parameters to enhance encoding. If someone knows how to fix this, I'm here and listen.

---

Update 1: I found the method which is used to encode URL query string:

    func urlEncodedQueryStringWithEncoding(encoding: NSStringEncoding) -> String {
        var parts = [String]()

        for (key, value) in self {
            let keyString = "\(key)".urlEncodedStringWithEncoding(encoding)
            let valueString = "\(value)".urlEncodedStringWithEncoding(encoding)
            let query = "\(keyString)=\(valueString)" as String
            parts.append(query)
        }

        return "&".join(parts) as String
    }

Which is for some reason taken from Swifty framework

---

Update 2: Can't make it work with Uber API:( Dunno what is wrong there, but my suspicion is on the encoding.

---

Update 3: I also found bug in Uber API, when you pass parameter redirect_uri to the https://login.uber.com/oauth/authorize, you will get INVALID REQUEST PARAMETERS all the time.

[sephethus]

Did you figure any of this out? I'm looking for how to authorize users in swift / ios. I can't figure out what the redirect_uri is supposed to be, I have my app name set in url types and identity and schemes, etc, but myapp:// isn't working and i'm not sure what comes after the // or what I tell uber to set my redirect uri to. Plus I have no idea what to do after I get that set right. It's asking for scope and state and params and all that and I don't know what to put there.

[sephethus]

I'm to this point in the code. I have figured out how to get it to try and authorize my app using OAuth2Swift but now it's giving me the same error it's giving you: Invalid Request Parameters

[kittrCZ]

@sephethus I contacted Uber support regarding this issue and pointed out this thread. I will try to resolve it with them.

[sephethus]

Thanks I've posted this in a new, separate issue as well, here, since the description on this issue is for a different error. Mine has more details I think. #88

[sephethus]

Any progress with this @kittrCZ

[sephethus]

They're telling me the redirect is wrong. My app name is set in the plist URL schema and should use the format: MyAppName://whatever but they're saying it has to redirect to https:// which is not going to work with iOS. WTF?

[kittrCZ]

Hi @sephethus, I think that there is problem on Uber side. This is what I got from their support:

Hi Tomas, Thank you for the report. Currently, the redirect_url only supports the https scheme. I opened a feature request for us to be more lenient on this. In the meantime, are you able to use an https URI? Thanks, Alec

I seriously think that this is a joke. Why the hell they don't support URL schemes? For this you have to do proxy/server app for doing these redirections. There is no wonder, I haven't seen Uber integrated in many iOS apps.

[phimage]

For https, you can also provide to oauthswift an authentification handler with webview and (navigation) delegate. The delegate could call directly the handlexXX method of oauthswift2, no need to go out from app, to re-enter then, with the application url scheme

[sephethus]

That sounds like yet more stuff I gotta learn how to do. Ugh. Have you tried the embedded webview? Does that work?

[sephethus]

I found this tutorial (skip to oauthswift with webview) but it's saying that there's some kind of webview property in OAuth2Swift but I don't see it and it's complaining that it isn't there, the tutorial is likely radically out of date: http://www.raywenderlich.com/99431/oauth-2-with-swift-tutorial#comments

[phimage]

@sephethus this tutorial is outdated
don't follow tutorial to learn, read and eat codes

(You loose time, I understand how work OAuthSwift in 30 minutes, just with debug mode)
If you don't want to read the framework codes, read the example, the demo provided at least...

see WebViewController file in demo, function webView....shouldStartLoadWithRequest.... to handle the url
and call OAuth2Swift.handleOpenURL(url) in case of your url

webViewController become authorize_url_handler (after my own PR merged) because we could handle url with other way (webview and segue from storyboard)

[sephethus]

I'm probably not as good as you at "reading and eating" code, but what in the world would I use as the redirect_uri when launching within a webview?

[phimage]

https://yourAppNameOrWebsiteORfakewebsite/callback

then check url host equal to yourAppNameOrWebsiteORfakewebsite

[sephethus]

So that doesn't actually go anywhere but you can just capture what it's trying to call?

[sephethus]

In the demos, the only ones not using URL schemas are pointing to an http heroku site, which I have no idea what that site is doing or handling or what is set up on that end. Even if I change my redirect_uri to https://oauthswift.herokuapp.com/myappname it still gets "Invalid Request Parameters".

[sephethus]

Further examination when using println(request) in the shouldStartLoadWithRequest method shows that the uber site itself is redirecting me to this address once I log in and it gives me the Invalid Request Parameters error, I don't know if that matters:

https://login.uber.com/oauth/authorize?client_id=**********hidden*****&redirect_uri=https:%2F%2Foauthswift.herokuapp.com%2Fcallback%2FMyAppName&response_type=code&scope=profile%20history

[sephethus]

Another update, you know what? I still get invalid request parameters if I just paste the url into a browser with the required client_id and redirect_uri. Something is wrong on their end or this is not how it's supposed to be done.

[sephethus]

Experimenting further: just with the authorize url in a browser, outside of swift, I discovered that it is requiring the optional response_code and scope. Once I include that it works, but if I also include the redirect_uri, it fails again. It doesn't want the redirect_uri, it wants the response_code, scope, and client_id. Why doesn't it take the redirect_uri?

https://login.uber.com/oauth/authorize?client_id=fOjVtVqKhu-zUQclUfY2joB14VEAEN9V&response_type=code&scope=history

[sephethus]

I think I have solved the problem with Uber, this will require modification of OAuth2Swift.swift, just comment out the line that says:

urlString += "&redirect_uri=\(callbackURL.absoluteString!)"

Therefore:

var urlString = String()
        urlString += self.authorize_url
        urlString += (self.authorize_url.has("?") ? "&" : "?") + "client_id=\(self.consumer_key)"
        //urlString += "&redirect_uri=\(callbackURL.absoluteString!)"
        urlString += "&response_type=\(self.response_type)"

        if (scope != "") {
          urlString += "&scope=\(scope)"
        }

        if (state != "") {
            urlString += "&state=\(state)"
        }

        for param in params {
            urlString += "&\(param.0)=\(param.1)"
        }

        if let q = urlString.stringByAddingPercentEscapesUsingEncoding(NSUTF8StringEncoding) {

            if let queryURL = NSURL(string: q) {
                self.authorize_url_handler.handle(queryURL)
            }
        }
}

Also, use the following URL for your callback:

https://oauthswift.herokuapp.com/callback/YourAppNameHere

I can see the code coming back to me when it returns me to my app, I'm using appdelegate openURL to run oauth2swift.handleopenurl(url). It crashes at this point, so on with the next problem.

[phimage]

redirect_uri is needed for access_token_url (last step), not really for authorize_url
uber is just too strict and don't want extra parameters

I don't know if other api need redirect_uri for access_token_url and why it is added to authorize_url

[sephethus]

Now I'm getting the error this thread is about: HTTP Status 401: Unauthorized, Response: {"error": "invalid_client"}

My client_id and client_secret are correct. I don't know where it's trying to post them though. I am trying to follow through the entire process of what happens during the postOAuthAccessTokenWithRequestTokenByCode method and I keep getting lost through it. I think the client_id or secret or both are getting dropped somewhere, not sure. I think it's in the makeRequest method in OAuthSwiftHTTPRequest. It's still there when I println(parameters["client_secret"]).

if (encodeParameters) {
        let queryString = nonOAuthParameters.urlEncodedQueryStringWithEncoding(dataEncoding)
        //request.URL = URL.URLByAppendingQueryString(queryString)
        request.setValue("application/x-www-form-urlencoded; charset=\(charset)", forHTTPHeaderField: "Content-Type")
        request.HTTPBody = queryString.dataUsingEncoding(NSUTF8StringEncoding, allowLossyConversion: true)
 }

Even here the client key and secret are still there as nonOAuthParameters["client_key"], etc..., being set to this queryString constant. I uncommented that line, it's not working if I append it rather than adding it to the httpbody.

[sephethus]

Here's the headers in terms of key/value:

Key: Authorization 

Value: OAuth oauth_consumer_key="<so-my-client-key-is-valid-here>", oauth_nonce="03A0CB93", oauth_signature="f2Lb2CGrS2TX4AE2Xe3U0JLx0X0%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1439168007", oauth_version="1.0"

Maybe it's here that things go wrong? I don't see the secret.

[sephethus]

I finally figured the whole thing out, the solution is nothing to do with OAuthSwift. You have to have a privacy page url on a website somewhere, and you have to check off the scope you're going to use. This is all on the manage app page of the developer site.

[sephethus]

I'm getting the { "error": Invalid_Client } again and this time it's not because of any setting on my Uber developer page. I'm requesting only "profile" in the scope. The key is getting all the way to the NSURLConnection request made in the OAuthSwiftHTTPRequest.swift file. It makes no sense why I'm getting this error now. I see that it sent back the authorization token so that much worked, but when it sends the request to the token request URL it fails. I can't see beyond this point so I have no idea what's happening after this.

[dongri]

Hi @sephethus @phimage @kittrCZ @alikazim

I Resolved Uber OAuth problem

https://github.com/dongri/OAuthSwift/pull/96/files

Thanks!

[dongri]

Uber Wiki
https://github.com/dongri/OAuthSwift/wiki/Uber

[kittrCZ]

@dongri this is awesome! Thank you for your contribution. I will test it.

[ivishal3258]

Object {message: "No authentication provided.", code: "unauthorized"}
code
:
"unauthorized"
message
:
"No authentication provided."

When i trying to hit the uber api i'll error mention above. Please help me out here.

[phimage]

@vishu3258 please open a new issue with details
I will help and comment in it

[ivishal3258]

Getting error 401 while hitting the uber api in AngularJS. Please help me out here.
Object {message: "No authentication provided.", code: "unauthorized"}
code
:
"unauthorized"
message
:
"No authentication provided."

When i trying to hit the uber api i'll error mention above. Please help me out here.