I'm trying to authenticate with OAuth and am having trouble getting an auth token. I keep getting the following response.
400 Bad Request
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Headers: Authorization, Accept, Content-Type
Access-Control-Expose-Headers: x-rate-limit-api-key-interval-ms, x-rate-limit-api-key-max, x-rate-limit-api-key-remaining, x-rate-limit-api-token-interval-ms, x-rate-limit-api-token-max, x-rate-limit-api-token-remaining
Content-Type: text/plain; charset=utf-8
Date: Mon, 04 Jan 2021 03:34:24 GMT
Expect-Ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/trello-edge", max-age=86400
Strict-Transport-Security: max-age=63072000; preload
X-Xss-Protection: 1; mode=block
I'm using a language (AHK) that does NOT have a pre built library for Authorizing with Trello so have built my own.
I don't see it anywhere specified in the Trello docs as to what parameters will be used to generate the signature that will be checked on Trellos end. I believe I am using the correct data as laid out in OAuth 1.0 as specified on the developer page .
The signatutre_base_string I'm generating my signature for is as follows (personal info masked)
which generated the following Authorization Header
(personal info masked and added line breaks for readability)
I'm sure that I'm generating the signature correctly as I get the exact same signature when using any of the online HMAC-SHA1 signature generators.
I'm thinking that I might be missing some kind of required parameter that Trello is including when they generate the signature for verification.
Is there any document that lays out exactly what parameters need to be returned for the authorization? or what the header is expected to look like/contain?
I was able to figure out my issue, and hope this might help someone.
It turns out that I had an error in the generation of my Authorization header, which gave me an different signature than Trello calculated. I had failed to percent encode my callback url twice. It needs to be percent encoded when initially adding it to the parameter sting, and then a second time when the entire parameter string is percent encoded.
I was able to figure this out while using the authorization header generator located here.
Hello Community! My name is Brittany Joiner and I am a Trello enthusiast and Atlassian Community Leader. In this video, I'll share my favorite Trello templates. Templates mentioned in ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events