Search code examples
javascriptoauthgoogle-chrome-extensiontumblr

Tumblr OAuth authorization "Missing or invalid oauth_verifier." message solution for chrome extension

So I had this problem with getting 400 from http://www.tumblr.com/oauth/authorize?oauth_token=xxx. I use this Google Chrome OAuth tutorial page and just copy the files from there.

And it all worked until one day I had to reauthorize my extension. And it failed.

When I got to console I so 400 http result code and a message Missing or invalid oauth_verifier..

Solution

  • 1) First to solve: where is the oauth_verifier?

    I had a look to requests been made by tumblr when authorizing the app. There was this one http://www.tumblr.com/oauth/authorize?oauth_token=xxx.

    It was redirected to chrome-extension://jlaojpiafmimgibgdfbmphfkejnlifdn/chrome_ex_oauth.html?chromeexoauthcallback=true&oauth_token=XXX&oauth_verifier=dmbcbNDGj7QatrFznXG587RIM7wI1LG3bnKwYGy5tc2icmUVvE#_=_.

    The verifier is in place so why we just don't get it? In chrome_ex_oauth.js we have this ChromeExOAuth.formDecode() method that will decode the current url and get params from it.

    And there is a magic check there line 315:

    var keyval = param.split("=");
if (keyval.length == 2) {

    As you can see, the url ends with #_=_ which is something strange. So first I decided to rewrite this method a little to get this oauth_verifier out of it.

    2) It was not working with oauth_verifier=dmbcbNDGj7QatrFznXG587RIM7wI1LG3bnKwYGy5tc2icmUVvE#_=_ so I decided to cut this hashtag completely and got: oauth_verifier=dmbcbNDGj7QatrFznXG587RIM7wI1LG3bnKwYGy5tc2icmUVvE which started to work.

    For me it is still a question: what for is this hashtag at the end of the redirect url that Tumblr wants me to follow?

    My slightly changed method looks like this:

    ChromeExOAuth.formDecode = function(encoded) {
  // Cut hash at the end of the url.
  var hash_index = encoded.indexOf('#');
  if ( hash_index > -1 ) {
    encoded = encoded.substring(0, hash_index);
  }

  var params = encoded.split("&");
  var decoded = {};
  for (var i = 0, param; param = params[i]; i++) {
    var keyval = param.split("=");
    if (keyval.length == 2) {
      var key = ChromeExOAuth.fromRfc3986(keyval[0]);
      var val = ChromeExOAuth.fromRfc3986(keyval[1]);
      decoded[key] = val;
    }
  }
  return decoded;
};