Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-42893

OAuth plugin returns oauth_problem="nonce_used" to consumer

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 6.1.20 EE GA2, 6.1.30 EE GA3, 6.1.X EE
    • Fix Version/s: 6.1.X EE
    • Component/s: Security Vulnerability
    • Labels:

      Description

      To keep things simple I am trying to invoke a service which requires no parameters, because these would complicate the request signing.

      I am sending requests to: http://127.0.0.1:8080/api/secure/jsonws/portal/get-build-number

      With headers like the following:

      Authorization: OAuth realm="http%3A%2F%2F127.0.0.1", oauth_consumer_key="788f3eac-52bd-4f08-9116-4fb8736bc001", oauth_token="7273397d78a8aeba92dab3887d9271ed", oauth_signature_method="HMAC-SHA1", oauth_signature="NN%2BCuYEDJAXM2ebi5rWjKUw0g1A%3D", oauth_timestamp="1373238929", oauth_nonce="9ece7ca255aa3e66bb3ac75f160dff646f28b829", oauth_version="1.0"

      That's the correct parameters for the header isn't it?

      The response I am getting is:

      WWW-Authenticate: OAuth realm="http%3A%2F%2F127.0.0.1", oauth_problem="nonce_used"

      This is very odd because I am certain that the nonce I am sending has not been sent before (I've intercepted all HTTP traffic to verify this). I've restarted Liferay many times to clear it's memory too (just to be on the extra safe side). Are you aware of any issues with the OAuth implementation for resource URLs in regards to nonce? I could not find any such issues logged on JIRA.

      Any thoughts you can offer would be much appreciated!

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  5 years, 30 weeks, 5 days ago

                  Packages

                  Version Package
                  6.1.X EE