RESTservices with dynamic URLs, and oauth, issues and observations

[nib]

A bunch of issues and observations while working with REST services towards, stackmob, which need oAuth.

1)

I need to contact a REST URL on stackmob which looks like

Code: Select all

 [url=http://lala/user/username]http://lala/user/username[/url] 

where is a parameter

I have tried following http://help.gotiggr.com/documentation... that tells me to write

Code: Select all

 [url=http://lala/user/{username}]http://lala/user/{username}[/url] 

[actually it tells me to use {id}]

It is kind of sporadic what happens:

o {username} never seems to be expanded.
o {id} seems to be expanded, but not always. I have had success with it, but after trying to reproduce the non-success with {username}, it does not work at all, when setting it back to {id}.
o there seems be a difference in the behaviour when tiggzi proxy is used and when not. When {id} expansion worked it appeared only to work when not using the proxy.
o when id is a parameter and referenced in the url (in the cases when the expansion works), it is also added as a parameter (?id=...) which is not intended. This can be ducked by making id a header parameter.
o when not using tiggzi proxy oAuth Authentication headers are not added, as they are when using the proxy.

2) In https://getsatisfaction.com/tiggzi/to...

you mention an alternative solution which is using {url}, and then getting the entire URL from localStorage. Why do you have two such replacements (suspect it is javascript/jquery shining through here), and could you expand on it?

5)

Since stackmod uses oAuth 1.0 I need to capture the {username} (or {id} parameter in the javascript that generates the Authorization header (as shown in your example). I cannot find a way to do that (so I just read it from localStorage which is where it is gotten from anyway). Is there a smart way to get it with javascript without using localStorage?

6) in the oAuth, authorization header javascript I dynamically assemble the URL with the parameters that will be appended:

...
var username = localStorage.getItem("username");
urlPart="http://api.mob1.stackmob.com/person/"...;

url = urlPart+"?"
+ "_expand=3";

// possible a lot more parameters from a form on the page

console.log("preAuth URL: " + url);
return getAuth("GET", url);
...

Is there an easier way to do that? Perhaps we can get the full URL directly from the service, after it has been assembled?

[maxkatz]

For #1, there is a bug for expanding parameters when using proxy. It works fine without the proxy. We'll try to fix it tomorrow. A proxy is really just for testing and workaround for services that don't support CORS (http://help.tiggzi.com/documentation/....

In general, any time you put {someparam} in the URL, and then define someparam as a request parameter, it will be inserted into the URL.

I updated the docs to make it more clear.

If you won't want to worry about proxy, you can try Parse or Kinvey. Both support CORS (or allow cross domain service calls).

[quote:]
2) In https://getsatisfaction.com/tiggzi/to...

you mention an alternative solution which is using {url}, and then getting the entire URL from localStorage. Why do you have two such replacements (suspect it is javascript/jquery shining through here), and could you expand on it?
[/quote]

You can make the entire URL to be expandable or just parts of it.

[quote:]
5)
Since stackmod uses oAuth 1.0 I need to capture the {username} (or {id} parameter in the javascript that generates the Authorization header (as shown in your example). I cannot find a way to do that (so I just read it from localStorage which is where it is gotten from anyway). Is there a smart way to get it with javascript without using localStorage?
[/quote]
You can do it in mapping, as shown here: http://help.tiggzi.com/getting-starte...

[quote:]
Is there an easier way to do that? Perhaps we can get the full URL directly from the service, after it has been assembled?
[/quote]
I'm not sure I understand this question.. get the full URL from the service defined in Tiggzi..?

[nib]

Dear Max,

Thanks for the swift answer as usual. Regarding Parse, I considered them, but they do not support extensions (upload some server code), so they are too limited for my purposes. I have not looked at kinvey, I may, but I already have my prototype running for stackmob, so I will probably not switch.

You did not comment on the part where I mentioned that the oAuth headers did not get attached when not using the proxy, so at the moment I need to use the proxy which is broken, looking forward for the fix.

Regarding {url}, since you now make it explicit that anything can be expanded, it makes sense.

You did not comment on my experience that expansion did not work for {username}, it did for {id}. Then when I reverted to {username}, in order to reproduce before the error report, and then back to {id}, then it did not work at all. If that is included in the "We'll try to fix it tomorrow", then everything is good. If it was only that it was not added to the URL, but still added as a parameter, I hope you will make a thorough test of the area (including why the custom java script to the Authorization header does not get called when not using the tiggzi proxy).

It is a long post about stackmob, so I am not quite sure if you understood my question, but let me recap and point to what I think I might have overlooked.

Assume I have a service with parameters param1, param2, ... defined in the tiggzi gui. Then I have the Authorization header, which I have added javascript to generated. Just like the stackmob example. In the javascript, how can I get the values of param1, param2, ..., in order to use them for the oAuth parameter computation?

Partial answer? You can use the magic name "value", to ....? (I will play with it, to see if it solves my problem).

The question you did not understand at the end, let me rephrase it:

Assume I have a service with parameters param1, param2, ..... as above. Can I refer to the expanded URL from the javascript associated with e.g. the Authorization header? In oAuth I need to compute the signature based on the URL with parameters, so I need to call the oAuth lib with the full url, http://server/fragment?param1=foo&par.... Now I do that by manually editing the Authorization javascript for each use of the stackmob rest service. It would be nice to be able to at least just paste the same javascript (even better, to tie the javascript to the service, so I don't have to copy paste the java script to different pages where I call the service).

Looking forward to the fix and you comment to the above clarifications

/)/ikolaj

[maxkatz]

We fixed the expansion problem with proxy, give it another try.

Both {id}, {username} or {anythingelse} should work the same way, with or without the proxy.

It's a long post and it looks like there a number of issues. Let's separate them so it's simpler to work with. If you could create a separate posts with a specific question, steps to reproduce (if possible), we'll gladly test everything (and fix if needed).

If you define a Setting service (call it AppSettings) and it has a value of 'email', anywhere in JavaScript you can call this:

AppSettings.email;

[nib]

Thanks for your reply and effort.

Now the expansion works. It only works if you do not check that the parameter is a header. You could mention that in the documentation:

http://help.gotiggr.com/documentation...

The custom javascript setting oAuth Authorization parameter does not work when not using the tiggzi proxy. These are my request headers when not using tiggzi proxy:

Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Access-Control-Request-He... authorization
Access-Control-Request-Me... GET
Connection keep-alive
Host api.mob1.stackmob.com
Origin http://tiggzi.com
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0

I have console.log(....) in my the getAuth method and in the custom javascript, so I can see that the are run, but the Authorization parameter does not get added, as it does in the Tiggzi proxy case:

Accept application/vnd.stackmob+json; version=0
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Authorization OAuth realm="",oauth_timestamp="1338802436",oauth_nonce="iNCkUUftu23J5ftel",oauth_signature_method="HMAC-SHA1",oauth_consumer_key="XXXXXXXXX",oauth_signature="rKwW2RmM7wmYhuMJXj0ODGHGL7o%3D"
Connection keep-alive
Cookie __utma=169854756.1927084606.1334225430.1338797307.1338801614.69; __utmz=169854756.1334225430.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1051853593-1334305844435; JSESSIONID=0AD02C5CF6ADD58949BC063B7BE4834F; __utmc=169854756; __utmb=169854756.3.10.1338801614
Host tiggzi.com
Referer http://tiggzi.com/view/152b0eef-8066-...
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0
tiggzi-key 1338802433863
tiggzi-proxy-url http://api.mob1.stackmob.com/person/N...
tiggzi-rest 1466294

Am I doing something wrong? The only difference is the checkbox whether to use the tiggzi proxy or not. I am debugging the headers using firebug.

It is not critical any more as I can live with using the proxy for now.

Cheers,
/)/ikolaj

[maxkatz]

[quote:]
Now the expansion works. It only works if you do not check that the parameter is a header. You could mention that in the documentation:
[/quote]
That's correct, if you mark a parameter to be a header parameter, it's not part of the URL.

[quote:]
The custom javascript setting oAuth Authorization parameter does not work when not using the tiggzi proxy.
[/quote]
Can you show (code, screen shots) how you set this up..?