angularjsmagentooauthmagento-rest-api

Using Magento Rest API with angularjs and OAuth

Edit: TL;DR
Is there anyone who uses Magento Rest API with angularjs and could give me some hints on how to get started with OAuth?

I'm trying to use the magento Rest API with angularjs. My Problem is that I don't even get the initiate endpoint to work.

To calculate the signature I used https://github.com/bettiolo/oauth-signature-js :

var initEndpointUrl = "http://magentoserver.com/oauth/initiate"

var parameters = {
    oauth_callback: callback,
    oauth_consumer_key : consumerKey,
    oauth_nonce : nonce,
    oauth_signature_method : signatureMethod,
    oauth_timestamp : timestamp            
}

var signature = oauthSignature.generate('POST', initEndpointUrl, parameters, consumerSecret);

I've tried two different approaches:

1: Send the parameters with the Authorization Header: 

var authHeader = "OAuth "+ 
    "oauth_callback=" + callback + "," +
    "oauth_consumer_key=" + consumerKey + "," +
    "oauth_nonce=" + nonce + "," +
    "oauth_signature_method=" + signatureMethod +  "," +
    "oauth_timestamp=" + timestamp + "," +
    "oauth_signature=" + signature;   

$http({
    method: 'POST',
    url: initEndpointUrl,
    header: {
        'Authorization': authHeader
    }
})

The Problem with this approach is, that I get a 400 Bad Request for the OPTIONS method from the server. This is caused (as far as I read) by the request not being a "Simple Request" because of the Authentication header. This in the Pre-flight the OPTIONS method is called.

2: Send the parameters as url parameter:

http://magentoserver.com/oauth/initiate?
    oauth_callback=http%3A%2F%2Flocalhost&
    oauth_consumer_key=12345&
    oauth_nonce=67890&
    oauth_signature_method=HMAC-SHA1&
    oauth_timestamp=1234567890&
    oauth_signature=abcdefg1234567

With this approach I had more success and was able to add all required parameters until the signature was checked, which resulted in 401 oauth_problem=signature_invalid.

I'm quite new to OAuth so I'm thinking maybe the call for generating the signature wasn't correct. On the other hand I could imagine, that by changing the parameters (and with it the URL) I invalidate the signature.

Anybody has experience with this? Thanks in advance!

PS: I already posted this on https://magento.stackexchange.com/, because I thought it would be more magento specific.

Solution

  • After a lot of help from Nic Raboy we got it included in his OAuth Library:

    ng-cordova-oauth

    The library does all the signing, nonce calculation and everything else that is needed. It does however require to run on cordova (using the inAppBrowser plugin).

    Before that worked there had to be some fixes for Magento:

    OAuth activation if initiate directs to 404

    OAuth fix for missing form_key

    OAuth fix for redirecting to dashboard

    The last one didn't work on instant, but it is the right direction. If anyone has questions about this, please feel free to ask. I was really surprised that it took this much effort to get it to run.

    Thanks Nic, it's really easy now to get the access_token :)