Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Calculate time offset #1

Open
m0rg0t opened this Issue · 12 comments

2 participants

@m0rg0t
Anton - That makes a lot more sense.
Our OAuth timestamp window is currently 5 minutes. Our SDK's
actually calculate a time offset based on the returned "Date" header
in the first response to handle any differences in device time vs UTC time
 Since you are building an SDK you should do the same. You'll notice the
date header in your http response for the 401.

Originally:
Get strange behaviour:
at emulator client works well, but at real device same code return "The remote server returned an error: NotFound" exception.

   at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
   at System.Net.Browser.ClientHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at StackMob.StackMobClient.<>c__DisplayClass60.<Execute>b__5e(IAsyncResult resResult)
   at System.Net.Browser.ClientHttpWebRequest.<>c__DisplayClassa.<InvokeGetResponseCallback>b__8(Object state2)
   at System.Threading.ThreadPool.WorkItem.WaitCallback_Context(Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadPool.WorkItem.doWork(Object o)
   at System.Threading.Timer.ring()
@ermau
Owner

What APIs were you using?

@m0rg0t

Usign GET method (to recive objects from schema at stckmob).

Example code:

tackMobClient client = new StackMobClient(StackMobKey, StackMobSecret, StackMobAppname, 0);
            Action<IEnumerable<string>> success;
            success = ShowWindowsMessage;
            Action<Exception> failure;
            failure = ErrorMessage;
            client.Get<string>("user", success, failure);

and

        private static void ErrorMessage(Exception message)
        {
            Deployment.Current.Dispatcher.BeginInvoke(() =>
                    {
                        MessageBox.Show(message.ToString());
                    });
        }
        private static void ShowWindowsMessage(IEnumerable<string> message)
        {
            Deployment.Current.Dispatcher.BeginInvoke(() =>
                    {
                        foreach (var item in message)
                        {
                            MessageBox.Show(item.ToString());
                        };
                    });
        }

P.S. Also get same behaviour (work at emulator, notFound at device) using my own code

@ermau
Owner

Can you put the device on WiFi, monitor it's HTTP traffic and see what the response actually is? (It's not 404, despite what it says.) You'll need to modify the class so it uses only http instead of https.

@m0rg0t

Will try collect this data.

Also headers for emulator:

[Accept] => application/vnd.stackmob+json; version=0
[Referer] => file:///Applications/Install/A4B64CDA-F0AF-4892-B03E-79EA98D2A077/Install/
[Accept-Encoding] => identity
[Authorization] => OAuth realm="", oauth_consumer_key="-snip-", oauth_nonce="306427199", oauth_timestamp="1337197959", oauth_signature_method="HMAC-SHA1", oauth_signature="FWzvjhszLJ5ocy1OcWln44u%2Bvac%3D"
[User-Agent] => StackMob Platform

And headers for device:

[Accept] => application/vnd.stackmob+json; version=0
[Referer] => file:///Applications/Install/A4B64CDA-F0AF-4892-B03E-79EA98D2A077/Install/
[Accept-Encoding] => identity
[Authorization] => OAuth realm="", oauth_consumer_key="-snip-", oauth_nonce="533151324", oauth_timestamp="1337199206", oauth_signature_method="HMAC-SHA1", oauth_signature="AdedC039rt2fDMOm6YJ3gRyfIyo%3D"
[User-Agent] => StackMob Platform
@m0rg0t

Request from emulator to service:

GET /test HTTP/1.1
Accept: application/vnd.stackmob+json; version=0
Referer: file:///Applications/Install/A4B64CDA-F0AF-4892-B03E-79EA98D2A077/Install/
Accept-Encoding: identity
Authorization: OAuth realm="", oauth_consumer_key="-snip-", oauth_nonce="174580700", oauth_timestamp="1337199581", oauth_signature_method="HMAC-SHA1", oauth_signature="AeJm%2BveLTSiuPpdWwcl2vGbu8Hs%3D"
User-Agent: StackMob Platform
Host: api.mob1.stackmob.com
Connection: Keep-Alive

Response:

HTTP/1.1 200 OK
Content-Type: application/vnd.stackmob+json; version=0
Content-Length: 206
Date: Wed, 16 May 2012 20:19:53 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: 0

[{"name":"Record1","lastmoddate":1337160304679,"rel2":["1"],"createddate":1337160304679,"test_id":"1"},{"createddate":1337194449665,"test_id":"6e09f69860b34b4e8a2f76a6e889a36d","lastmoddate":1337194449665}]

@m0rg0t

Can you put the device on WiFi, monitor it's HTTP traffic and see what the response actually is?

Any advice what instrument better to use it?

@ermau
Owner

I edited your key out of your previous comments.

@ermau
Owner

Any advice what instrument better to use it?

You can use something like Wireshark.

@m0rg0t

Seems to find what happens:

Time on device was incorrect (near +5-10 minutes more then real time), that's why timestamp and authorization header calculated incorrect.

GET /test HTTP/1.1
Accept: application/vnd.stackmob+json; version=0
Referer: file:///Applications/Install/A4B64CDA-F0AF-4892-B03E-79EA98D2A077/Install/
Accept-Encoding: identity
Authorization: OAuth realm="", oauth_consumer_key="-key-", oauth_nonce="161056569", oauth_timestamp="1337286101", oauth_signature_method="HMAC-SHA1", oauth_signature="LOAsWD3SM9nF3LS5EAr8PYDlqyA%3D"
User-Agent: StackMob Platform
Host: api.mob1.stackmob.com
Connection: Keep-Alive

And response:

HTTP/1.1 401 Unauthorized
Content-Type: application/vnd.stackmob+json; version=0
Content-Length: 69
Date: Thu, 17 May 2012 20:12:32 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: 0
WWW-Authenticate: OAuth realm=api.mob1.stackmob.com

{"error":"Invalid OAuth credentials or signature: timestamp_refused"}

@ermau
Owner

Sounds like this is resolved then? I haven't figured out why WP gives 404 for 40* sadly.

@m0rg0t

Yes, it's resolved (auhorization wasn't accepted case incorrect time on device).

Here ticket from stackmob:

data for device.

Request:

GET /test HTTP/1.1
Accept: application/vnd.stackmob+json; version=0
Referer: file:///Applications/Install/A4B64CDA-F0AF-4892-B03E-79EA98D2A077/Install/
Accept-Encoding: identity
Authorization: OAuth realm="", oauth_consumer_key="-key-", oauth_nonce="161056569", oauth_timestamp="1337286101", oauth_signature_method="HMAC-SHA1", oauth_signature="LOAsWD3SM9nF3LS5EAr8PYDlqyA%3D"
User-Agent: StackMob Platform
Host: api.mob1.stackmob.com
Connection: Keep-Alive

And response:

HTTP/1.1 401 Unauthorized
Content-Type: application/vnd.stackmob+json; version=0
Content-Length: 69
Date: Thu, 17 May 2012 20:12:32 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: 0
WWW-Authenticate: OAuth realm=api.mob1.stackmob.com

{"error":"Invalid OAuth credentials or signature: timestamp_refused"}

May 17, 2012 01:17 pm
User photo
Anton Lenev

Seems to find where was error - time on device was incorrect (near +5-10 minutes then real time)

May 17, 2012 01:24 pm
User photo
Anton Lenev

What difference in timestamp from stackmob server time is acceptable?

May 17, 2012 01:42 pm
User photo
Taylor Leese
StackMob

Anton - That makes a lot more sense. Our OAuth timestamp window is currently 5 minutes. Our SDK's actually calculate a time offset based on the returned "Date" header in the first response to handle any differences in device time vs UTC time. Since you are building an SDK you should do the same. You'll notice the date header in your http response for the 401.

- Taylor
@ermau
Owner

What if headers refer, Accept-Encoding, is set, would service return data or return notFound?

I'm not sure I follow what you mean here.

I'll look into the advice Taylor gives in your last response. Also your pasted conversation contains your keys.

@ermau ermau was assigned
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.