Log in or register to post comments

Authorization in VWS: many questions

March 1, 2013 - 3:37pm #1

VWS is incredibly hard to use right now, mainly because there is a serious lack of useful documentation.

I am struggling to call VWS from javascript, trying to add a target to a cloud database.  Specific questions:

 

1.  Do I need to include "HTTP/1.1" as shown in https://developer.vuforia.com/resources/dev-guide/adding-target-cloud-database-api?

2.  If so, is it part of the Request-Path, or the HTTP-Verb in StringToSign as documented in https://developer.vuforia.com/resources/dev-guide/setting-api

3.  It seems that if I include "HTTP/1.1" then I get a 505 error - saying that the version of HTTP is not supported.

4.  If I do not include "HTTP/1.1" then I get error code 401 - the tremendously helpful "AuthenticationFailure".

5.  Given the involved nature of this Auth process, is there any debugging help?  Anyway to get more info than just the 401?

6.  I've read numerous forum posts which point to the .java sample code.  Unforuntately, this isn't very useful to me.  It seems to import obsolete libraries.  Before I spend hours working on tracking down libraries, and learning how to set up and debug java (new to me) isn't there any example of doing this in javascript?

Thanks in advance.  I've already spent a lot of time trying to make this work.  Any and all help is appreciated.

 

Authorization in VWS: many questions

May 13, 2014 - 7:58pm #5

Hello DavidBeard
I have a question about the format date you posted (Sun, 22 Apr 08 2012 12:49:37 GMT) and I guess in the guide as well. What does the "08" after Apr mean? I've read through MSDN's bit on rfc1123 here and I still can't figure it out. It seems like .toUTCString() should export the date in rfc1123 format. 

Authorization in VWS: many questions

March 3, 2013 - 6:30pm #4

#2

Just use GET, or POST, or PUT, depending on which method you're using. Your code is isolating the method correctly, but I think you'll need to remove HTTP /1.1 from your request path - it's likely that that is being added by your HTTPRequest class. Also check your date format - it's important to use the correct GMT date format.

e.g.

Date: Current date per [2] , section 3.3.1, rfc1123-date, e.g.: Sun, 22 Apr 08 2012 12:49:37 GMT

Times will always be reported in GMT.
 

--------------

Here is an example of the elements of the string to sign in their correct format..

StringToSign = "POST" + "\n" + "a9e4f247b72a042f37fbae0e3cf650a4" + "\n" + "application/json" + "\n" + "Mon, 04 Mar 2013 02:20:10 GMT" + "\n" + "/targets"

Signature = Base64(HMAC-SHA1(server_secret_key, StringToSign ) ) ;

 

Can you output the header and request body that you're sending and post an example?

Authorization in VWS: many questions

March 1, 2013 - 6:06pm #3

Thanks, David, super helpful.

It will helpful to know how you are using Javascript, which libraries and what context. For example, are you using XMLHttpRequest, or jQuery , or some other approach.

I'm using Parse.com's Javascript cloud code.  The only libraries I'm using are the cryptoJS implementations that I need to put together the StringToSign ( CryptoJS v3.1.2 from code.google.com/p/crypto-js).

1. The examples are showing you the raw HTTP header. An HTTP request library will help to format the header for you, such as the HTTP version field.

Parse has an HTTPRequest class documented here:  https://parse.com/docs/cloud_code_guide#networking - that is what I am using.

 

2. The HTTP version is part of the request header, the signature uses the HTTP verb (e.g. POST, GET, PUT ). Your HTTP request headers should include the HTTP version field as shown ( POST /targets HTTP/1.1 ).

OK, so that clears up what should be in the request header, but not necessarily what is included in StringToSign.  In the StringToSign, should HTTP-Verb be "GET /targets HTTP/1.1" or just "GET"?  And should Request-Path be "http://vws.vuforia.com/targets"?

3 - 5. Please post the code that you're using to format and transmit your HTTP requests.

I've included below...

6. Those libraries are actively maintained by the Apache foundation. They're not obsolete. All of the samples are runnable. I recommend reviewing the code, even if you don't set-up an environment to run them.

Sorry if I was hasty with that.  When I ran javac, I got a stream of error messages, and in following up one of them I got a note about a library being deprecated.  I did look at the ,java, which helped to get me to the point I'm at now.  But, at this point I don't know where next to go with these Auth failures.

Thanks for the prompt and helpful responses.

http://hc.apache.org/

 

 

<pre class="brush: jscript">

 

Parse.Cloud.define("ListCloudTargets", function(request, response) {
  // Look here for Header field requirements: https://developer.vuforia.com/resources/dev-guide/setting-api 
  var CryptoJS        = require('cloud/hmac-sha1.js');
  var MD5                = require('cloud/md5.js');
 
  var server_secret_key = "MY_SERVER_SECRET_KEY";
  var provision_access_key = "MY_SERVER_ACCESS_KEY";
  
  var requestbody     = "";
  var httpverb        = 'GET';
  var contentMD5      = MD5.MD5(JSON.stringify(requestbody));
  var stringMD5       = contentMD5.toString(MD5.Hex);
  var contentType     = "application/json";
  var date            = (new Date()).toUTCString();
  var requestpath     = "https://vws.vuforia.com/targets HTTP/1.1";
  
  var StringToSign = httpverb     + "\n" +
                     stringMD5    + "\n" +
                     contentType  + "\n" +
                     date         + "\n" +
                     requestpath;
  console.log("stringMD5: " + stringMD5);
  console.log("RequestBody: " + JSON.stringify(requestbody));                    
  console.log("StringToSign: " + StringToSign);
  
  var hash = CryptoJS.HmacSHA1(server_secret_key, StringToSign ) ; 
  var Signature = hash.toString(CryptoJS.Base64);
  var Auth = "VWS " + provision_access_key + ":" + Signature;
 
  console.log("Auth: " + Auth);
  
  var request = {
    url: requestpath,
    method: httpverb,
    headers: {
      'Authorization': Auth,
      'Date': date,
      'Content-Type': contentType,
    },
    body: requestbody,
    success: function(httpResponse) {
      console.log('success called with' + httpResponse.text);
      response.success(response.result);
    },
    error: function(httpResponse) {  
      console.error('Request failed with response code ' + httpResponse.status);
      response.error(response.result);
    }
  };
  
  console.log("request:" + JSON.stringify(request));  
  
  var result = Parse.Cloud.httpRequest(request);
});
 

 

</pre>

Authorization in VWS: many questions

March 1, 2013 - 5:02pm #2

It will helpful to know how you are using Javascript, which libraries and what context. For example, are you using XMLHttpRequest, or jQuery , or some other approach.

 

1. The examples are showing you the raw HTTP header. An HTTP request library will help to format the header for you, such as the HTTP version field.

2. The HTTP version is part of the request header, the signature uses the HTTP verb (e.g. POST, GET, PUT ). Your HTTP request headers should include the HTTP version field as shown ( POST /targets HTTP/1.1 ).

3 - 5. Please post the code that you're using to format and transmit your HTTP requests.

6. Those libraries are actively maintained by the Apache foundation. They're not obsolete. All of the samples are runnable. I recommend reviewing the code, even if you don't set-up an environment to run them.

http://hc.apache.org/

Log in or register to post comments