OAuth::Problem - parameter_absent

[jhaagmans]

Hi,

I'm new to this gem. I have setup oauth authentication in my Sinatra app and am trying to connect to our hosted instance of JIRA. I've created the application link, generated the key and certificate (couldn't get your rake tasks to work in my Sinatra app btw, so I ran them manually) and I've created an oauth dance (your words, not mine), based on the examples in your documentation.

The thing is, when I trigger the init_access_token method (where I pass oauth_verifier: params[:oauth_verifier], which is present, as the only argument), it raises an OAuth::Problem with the message parameter_absent. The parameter it says it's missing is the oauth_token, I've tried passing that to the init_access_token method (as it's the second param and it's used nowhere in your example), to no avail.

Does anyone know where to look?

[davidalpert]

this is still an issue; I am getting the same error today.

[SimonMiaou]

I would guess it come from somewhere in https://github.com/sumoheavy/jira-ruby/blob/d6a061475ff599b534cb1f9c52916c642831fc7b/lib/jira/oauth_client.rb

Sadly I have no experience with that so if someone feel like debugging it, it would be really helpful for the community

[davidalpert]

thank you I'm taking a run at debugging this.

I have extracted and replicated the access token request:

curl --request POST -H 'OAuth oauth_consumer_key="oauth_test", oauth_nonce="NONCE_VALUE", oauth_signature="SIGNATURE_VALUE", oauth_signature_method="RSA-SHA1", oauth_timestamp="1611420382", oauth_token="OAUTH_TOKEN_FROM_REQUEST_TOKEN_ENDPOINT", oauth_verifier="VERIFIER_FROM_JIRA_ACCEPT_RESPONSE", oauth_version="1.0"' https://my.jira.com/plugins/servlet/oauth/access-token
oauth_parameters_absent=oauth_token&oauth_problem=parameter_absent

so the problem appears to be that the /oauth/access-token endpoint requires an oauth_token parameter and/or value, as the original issue poster stated.

[davidalpert]

I think the implementation of the OauthClient.init_access_token is not quite right. will offer a PR if I can get this to work.

[davidalpert]

after digging in the implementation of the OAuthClient.init_access_token method appears correct to me; the request seems to include all the required parameters.

I found an issue on the jira developer wiki ([Oauth Jira authentication client issue when requesting token with OAuthTutorialClient-1.0.jar](jira https://community.developer.atlassian.com/t/oauth-jira-authentication-client-issue-when-requesting-token-with-oauthtutorialclient-1-0-jar/16612/5)) which claims that error is not very descriptive and should not be taken literally:

fabiobarretoNA Sep '20
The message error from JIRA is very poor. It’s says “oauth_parameters_absent=oauth_consumer_key&oauth_problem=parameter_absent” for almost anything you configure wrong in the call. not just if forget to pass the consumer key.

Some problems that I came across and resulted in that error:
1- Wrong private key
2- Spaces in private key
3- Wrong consumer key
4- Wrong url
5- The public key configured in the application link and the private key sent doesn’t match

maybe the jira-client library could include that guidance in it's error output to double-check all the parameter and application link configuration values.

[davidalpert]

found it!

the exchange of the request token for the access token was completing successfully; the failure was during the request for issues using the access token.

server logs were complaining about the oauth_token parameter but showed the value as

2021-01-23 10:38:06,033-0800 http-nio-8080-exec-13 WARN anonymous 638x268779x1 - 10.199.244.16 /rest/api/2/search [c.a.o.serviceprovider.internal.AuthenticatorImpl] Problem encountered authenticating OAuth client for url "https://my.jira.com/rest/api/2/search", error was "parameter_rejected", with parameters "{oauth_problem=parameter_rejected, oauth_parameters_rejected=oauth_token=ACTUAL_OAUTH_TOKEN&oauth_token=}"

see how that oauth_token value is actually "ACTUAL_OAUTH_TOKEN&oauth_token="?

I believe that the oauth library is already including the oauth_token=ACTUAL_VALUE as part of the request so when this code runs it addes &oauth_token= to the end of the request, appending it to ACTUAL_VALUE.

I commented out that code and was able to make a successful call using the access token provided by the library in the OAuthClient.init_access_token method.

[davidalpert]

@SimonMiaou I have found the issue. please see #378 as a possible workaround.

I added a new feature flag to optionally disable the extra addition of the oauth_token= parameter, not wanting to remove it outright as that might be a breaking change for others.

please let me know if this approach is acceptable or if you would prefer something different, and of course naming is hard ™️ so please change or request whatever you wish.