WordPress OAuth1 returns "No OAuth parameters supplied"

[phamdacloc]

Description:

I'm running OAuth1 against wordpress but receiving 400 error code: "No OAuth parameters supplied"

requestError[Error Domain=NSURLErrorDomain Code=400 "HTTP Status 400: Bad Request, Response: No OAuth parameters supplied" UserInfo={NSErrorFailingURLKey=http://example.us/oauth1/request, NSLocalizedDescription=HTTP Status 400: Bad Request, Response: No OAuth parameters supplied, Response-Headers={
    "Access-Control-Allow-Headers" = Authorization;
    Connection = "keep-alive";
    "Content-Type" = "text/html; charset=UTF-8";
    Date = "Sat, 05 Nov 2016 14:13:54 GMT";
    "Keep-Alive" = "timeout=15";
    Server = nginx;
    "Transfer-Encoding" = Identity;
}, OAuthSwiftError.response=<NSHTTPURLResponse: 0x600000032320> { URL: http://example.us/oauth1/request } { status code: 400, headers {
    "Access-Control-Allow-Headers" = Authorization;
    Connection = "keep-alive";
    "Content-Type" = "text/html; charset=UTF-8";
    Date = "Sat, 05 Nov 2016 14:13:54 GMT";
    "Keep-Alive" = "timeout=15";
    Server = nginx;
    "Transfer-Encoding" = Identity;
} }, OAuthSwiftError.response.data=<4e6f204f 41757468 20706172 616d6574 65727320 73757070 6c696564>, Response-Body=No OAuth parameters supplied}]

Here is the test functions:

class ViewController: OAuthViewController {
    
    // oauth swift object (retain)
    var oauthswift: OAuthSwift?

    lazy var internalWebViewController: WebViewController = {
        let controller = WebViewController()
        controller.view = UIView(frame: UIScreen.main.bounds) // needed if no nib or not loaded from storyboard
        controller.delegate = self
        controller.viewDidLoad() // allow WebViewController to use this ViewController as parent to be presented
        return controller
    }() 
}

extension ViewController {
    
    override func viewDidLoad() {
        super.viewDidLoad()
        
        // init now web view handler
        let _ = internalWebViewController.webView
        
        self.navigationItem.title = "OAuth"
        let tableView: UITableView = UITableView(frame: self.view.bounds, style: .plain)
        tableView.delegate = self
        tableView.dataSource = self
        self.view.addSubview(tableView)
        
        self.doOAuthWordpress()
    }
    
    // MARK: Fitbit
    func doOAuthWordpress(){
        let oauthswift = OAuth1Swift(
            consumerKey:    "xxx", // Hard coded for now
            consumerSecret: "yyy", // Hard coded for now
            requestTokenUrl: "http://example.us/oauth1/request",
            authorizeUrl:    "http://example.us/oauth1/authorize",
            accessTokenUrl:  "http://example.us/oauth1/access"
        )
        
        self.oauthswift = oauthswift
        oauthswift.authorizeURLHandler = getURLHandler()
        
        let _ = oauthswift.authorize(
            withCallbackURL: URL(string: "oauth-swift://oauth-callback/wordpress")!,
            success: { credential, response, parameters in
                self.showTokenAlert(name: "WPTesting", credential: credential)
            },
            failure: { error in
                print(error.description)
            }
        )
    }
    
    // MARK: handler
    
    func getURLHandler() -> OAuthSwiftURLHandlerType {
        if internalWebViewController.parent == nil {
            self.addChildViewController(internalWebViewController)
        }
        return internalWebViewController
    }
    
    func showTokenAlert(name: String?, credential: OAuthSwiftCredential) {
        var message = "oauth_token:\(credential.oauthToken)"
        if !credential.oauthTokenSecret.isEmpty {
            message += "\n\noauth_toke_secret:\(credential.oauthTokenSecret)"
        }
        self.showAlertView(title: name ?? "Service", message: message)
        
    }
    
    func showAlertView(title: String, message: String) {
        let alert = UIAlertController(title: title, message: message, preferredStyle: UIAlertControllerStyle.alert)
        alert.addAction(UIAlertAction(title: "Close", style: UIAlertActionStyle.default, handler: nil))
        self.present(alert, animated: true, completion: nil)
    }
    
}

OAuth Provider (WordPress):

WP REST API - OAuth 1.0a Server

OAuth Version:

• Version 1
• Version 2

OS (Please fill the version) :

• iOS :
• OSX :
• TVOS :
• WatchOS :

Installation method:

• Carthage
• CocoaPods
• Manually

Library version:

• head
• v1.0.0
• v0.6
• other: (Please fill in the version you are using.)

Xcode version:

• 8.0 (Swift 3.0)

• 8.0 (Swift 2.3)

• 7.3.1

• other: (8.1)

• objective c

[phimage]

did you try with other API (python, php?)
are your wordpress well setup for oauth

try in a .htaccess file

RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

[phamdacloc]

No I haven't tried with other languages other than Swift. However, I did tried with Postman and it worked. On WordPress, I installed WP REST API and WP REST API - OAuth 1.0a Server plugins.

[phamdacloc]

How exactly do I edit .htaccess file? Here is the old .htaccess

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule> 
# END WordPress

With your suggestion, am I suppose to add it to the end like below?

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</IfModule> 
# END WordPress

[phimage]

332750b just tested now into the demo app
no problem...

using master head version (now oauthSwift >1.1.0)
after creating the "Application" into wordpress admin

[phamdacloc]

I tried the latest OAuthSwift tip 1.1.0 on my Wordpress site. The current demo project has both Allow Arbitrary Loads and Allow Arbitrary Loads in Web Content turned on under App Transport Security Settings. With those, I still received:
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
However, when I added NSExceptionAllowsInsecureHTTPLoads under the Exception Domains then the warning goes away. But i'm still struck with OAuthSwiftError error -11
What does -11 exception means in this case as I'm not able to get a success oauthswift.authorize() call.

/Users/phamdacloc/Library/Developer/CoreSimulator/Devices/61D233FA-25C2-4C5E-9267-B99D13804064/data/Containers/Data/Application/AB0C2D1D-B7FA-4C2A-B257-81123A780722/Documents/.oauth/Services.plist
2016-11-06 09:06:30.879261 OAuthSwiftDemo[8877:571269] [] nw_host_stats_add_src recv too small, received 24, expected 28
2016-11-06 09:06:30.881917 OAuthSwiftDemo[8877:571269] [] ____nwlog_simulate_crash_inner_block_invoke dlopen CrashReporterSupport failed
2016-11-06 09:06:30.882109 OAuthSwiftDemo[8877:571269] [] __nwlog_err_simulate_crash simulate crash failed "nw_socket_set_common_sockopts setsockopt SO_NOAPNFALLBK failed: [42] Protocol not available"
2016-11-06 09:06:30.882767 OAuthSwiftDemo[8877:571269] [] nw_socket_set_common_sockopts setsockopt SO_NOAPNFALLBK failed: [42] Protocol not available, dumping backtrace:
        [x86_64] libnetcore-856.20.4
    0   libsystem_network.dylib             0x00000001087ee682 __nw_create_backtrace_string + 123
    1   libnetwork.dylib                    0x0000000108acb932 nw_socket_add_input_handler + 3100
    2   libnetwork.dylib                    0x0000000108aa94f4 nw_endpoint_flow_attach_protocols + 3768
    3   libnetwork.dylib                    0x0000000108aa8511 nw_endpoint_flow_setup_socket + 563
    4   libnetwork.dylib                    0x0000000108aa7270 -[NWConcrete_nw_endpoint_flow startWithHandler:] + 2612
    5   libnetwork.dylib                    0x0000000108ac244d nw_endpoint_handler_path_change + 1261
    6   libnetwork.dylib                    0x0000000108ac1e7c nw_endpoint_handler_start + 570
    7   libnetwork.dylib                    0x0000000108ad9ae5 nw_endpoint_resolver_start_next_child + 2240
    8   libdispatch.dylib                   0x000000010856b980 _dispatch_call_block_and_release + 12
    9   libdispatch.dylib                   0x00000001085950cd _dispatch_client_callout + 8
    10  libdispatch.dylib                   0x0000000108572e6b _dispatch_queue_serial_drain + 236
    11  libdispatch.dylib                   0x0000000108573b9f _dispatch_queue_invoke + 1073
    12  libdispatch.dylib                   0x00000001085763b7 _dispatch_root_queue_drain + 720
    13  libdispatch.dylib                   0x000000010857608b _dispatch_worker_thread3 + 123
    14  libsystem_pthread.dylib             0x000000010893e4de _pthread_wqthread + 1129
    15  libsystem_pthread.dylib             0x000000010893c341 start_wqthread + 13
The operation couldn’t be completed. (OAuthSwiftError error -11.)

[phimage]

please read code to know -11 meaning
OAuthSwiftError => request error, with inside a cause NSError

Did you see your wordpress into webview to login? (please when you describe a problem, describe all the scenario...) have you access to it from simulator
try osx demo

[phamdacloc]

No I did not see any internal webview that would display the wordpress login. As described above, the code took the failure path on function authorize(withCallbackURL callbackURL: URL, success: @escaping TokenSuccessHandler, failure: FailureHandler?) -> OAuthSwiftRequestHandle?

I will try the osx demo.

[phamdacloc]

osx demo has the same request error: (OAuthSwiftError error -11.)
Do you mind share the .htaccess file you used that gave you a successful run?
Thanks

[phimage]

no .htaccess, it was a sugestion due to google result
just a fresh wordpress installation

try to update your wordpress and plugins...
I will stop to help without more information. I cannot reproduce your issue

[phamdacloc]

My site is a fresh install too. I've also installed the two plugins:
WordPress REST API (Version 2) <-- 2.0-beta15
WordPress REST API - OAuth 1.0a Server <-- 0.3.0

This still left me with OAuthSwiftError error -11.

Is anyone other than phimage had a successful authentication with their wordpress?

[phamdacloc]

Looking through OAuthSwift code, particularly OAuthSwiftClient.post() function, I noticed the OAuthSwift.Headers and body arguments were nil. I can't find anywhere in the code which actually sets OAuthSwift.Headers. Is that expected when you're trying to post a token request operation? If I understand correctly, OAuthSwiftClient.post() is only sending the oauth_callback but not the consumer key nor consumer secret.

One other note, in Postman, I have to tick Add empty params to signature for the request to be successful. Is that something required in OAuthSwift as well?

Thanks

[phimage]

If your are successfully logged , post request send the token and token secret (not consumer key and secret)

post functions have parameters, there is plenty of example into demo app
and it's work like other API.

You can fill body yourself or parameters with a dictionary , and parameters will be converted into an "application/x-www-form-urlencoded" body

[phamdacloc]

I never had a successful logged on, this is where I'm stuck at. OAuth1 protocol requires three steps:

1. request
2. authorize
3. access

OAuthSwift execute the first step by sending a POST request to /oauth1/request endpoint. When sending the POST request, the following info should be sent:

oauth_consumer_key
oauth_consumer_secret
oauth_timestamp
oauth_nonce
oauth_signature
oauth_signature_method
oath_callback
oauth_version (optional)

This is where i'm lost because when I set the breakpoint at OAuthSwiftClient.post() for the /oauth1/request endpoint, the only data is see is oath_callback while OAuthSwift.Headers and body were both nil.

[phimage]

you try to understand oauth1 to debug?

all flow is done in https://github.com/OAuthSwift/OAuthSwift/blob/master/Sources/OAuth1Swift.swift

there is

self.authorizeURLHandler.handle(queryURL)

this is where a view is presented to user to login and authorize app
put a breakpoint here

the signing process is done in request
https://github.com/OAuthSwift/OAuthSwift/blob/master/Sources/OAuthSwiftHTTPRequest.swift

[phamdacloc]

Could the OAuthSwiftError error -11 be related to my website being http and not https?

Also, I noticed when performing POST request via Postman for http://example.us/oauth/request endpoint, empty parameter must be added to the signature for it to work. If that option is left blank, I'd get OAuth signature does not match error. I'm wondering if that is related to my problem.
Thanks.

[phimage]

please refer -11 as requestError. This error could be many things, you have an underlying error for that...

[phamdacloc]

Eric, the Wordpress website that you had a success request before is http or https?

[phimage]

see demo app : http://localhost/wordpress

[phamdacloc]

Yep i saw the demo app. I wasn't sure if you entered in a different url in your services.plist file. So seems like we're having a totally different environment. Mine is on production site and yours is on a localhost development.

[kangho99]

I got into the same situation where the server returns "No OAuth parameters supplied".

If you made the same mistake I made, this should solve it:
Make sure the "callback" url in your wordpress application settings (where you get the key / secret from) and the oauth1swift.authorize() -> withCallbackURL parameter matches.

[phimage]

thanks @kangho99 for the advice

I will close (no activity since 20 day)

[torrelasley]

kangho99's answer was exactly my problem as well. You will get an OAuthSwiftError -11 if the "withCallbackURL" parameter does not match EXACTLY what is in WordPress under Users -> Applications -> App -> Callback

[richard-giantrobot]

I was having the same issue on Wordpress 4.7 with WP REST API OAuth server 1.0a

Solved it by adding this line before calling the authorize function:

oauthswift.client.paramsLocation = .requestURIQuery

Where oauthswift is a OAuth1Swift instance.

Hope this helps if somebody is having this issue.