Secrets to Debugging Network Traffic

As many of you know, I am Java Programmer and a cURL fan. When I am demonstrating an API to a customer or another IBMer, I tend to default to either method to demonstrate the API.

I was demonstrating a download API that was being redirected, and throwing an error on a different Node.  In order to debug the traffic, I used a couple of different methods.

1 – For Java

I added -Djavax.net.debug=ssl:handshake:verbose  to the Java VM Arguments.  In Eclipse, I configure the Run Configuration -> VM Arguments.

java -Djavax.net.debug=ssl:handshake:verbose  MyAPIDemo

I absolutely make sure you have enough buffer in your console window.  I right click and update to a 100,000 lines.  I like to keep it as high as possible to capture all the details.

Scroll Through the output and find out what actually happened in the request.

2 – For cURL

I add -vv which is super verbose to the command

curl -H "Authorization: Basic asdfljkfasdf" https://api.com/api -vv

I read through and find out why my API failed.

You can read more about the configuration in the IBM JDK Documentation.

cURL, oAuth and IBM SmartCloud for Social Business

For folks that are just getting started with IBM SmartCloud for Social Business, such that they are curious about scripting cURL and oAuth 2.0 flows so you can generate a Bearer token, please follow these steps.

Login to IBM SmartCloud for Social Business – https://apps.na.collabserv.com
Navigate over to Internal Apps – https://apps.na.collabserv.com/manage/account/isv/input
Click Register App
On the popup window, enter the application details:

Name Value
App Name paultest
App Description An application to demonstrate oAuth2.0
oAuth Type Check Enable API Access via OAuth2.0 Web Server Flow
Access Grant Duration 90 Days
Callback URL https://localhost/callback

 

Click Register

You should see a message that states app registered successfully.

InternalApps

Find your App Name (paultest), Click on the Down Caret > Show Credentials

Click Show Client Secret

Copy down the ClientID, Client Secret, Web App CallbackURL

Name Value
ClientID app_20085940_1399482973905
Client Secret a133ed0de271c2253e5cfe146c1765e012dcc1241de29ed7d4e56f0fce2b923678afd5e5
Callback URL https://localhost/callback

 

Navigate to https://apps.na.collabserv.com/manage/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&callback_uri=YOUR_CALLBACK
Replace YOUR_CLIENT_ID with the ClientID above
Replace YOUR_CALLBACK with the Callback URL above

You should be redirected to the Grant page.

Click Grant Access and Leave Site

Grant

Copy the Generated URL from the Browser Bar

URL
https://localhost/callback?code=edc5fc9fb77d7df86663d16cd0b56c44444de03d88266b4148752900863fc65604bbbe9c277d235f7c60d860321b548e3ab4131511ad5803442e790c35a120aad4493779bc1a71c8885caec4860ce92d748880a8740c8d349e2b6fa96d285ad17a8537648dd5101fb451fc30bde8d7976ba381367b4379e2d0d509aab27b607

Save the Value of Code

Name Value
Code    edc5fc9fb77d7df86663d16cd0b56c44444de03d88266b4148752900863fc65604bbbe9cb4379e2d0d509aab27b607

 

Now you should check to see if cURL is installed, else, you can download it from http://curl.haxx.se/ or use yum install curl.

In addition to the client id, client secret and callback url, we are going to use the authorize and token endpoints which are needed to generate a Bearer token.

Name Value
Authorization Endpoint https://apps.na.collabserv.com/manage/oauth2/authorize
Token Endpoint https://apps.na.collabserv.com/manage/oauth2/token

 

Open a Terminal Window

Launch the command to get the Bearer Token

curl -X POST https://apps.na.collabserv.com/manage/oauth2/token \
-d client_id=YOUR_CLIENT_ID \
-d client_secret=YOUR_CLIENT_SECRET \
-d callback_uri=YOUR_CALLBACK \
-d code=YOUR_AUTHORIZATION_CODE \
-d grant_type=authorization_code

You see

access_token=16c7f772427f367be615ffaefd8293cff73646e246e1d094a63dd914c43b9e3efd84809378199815886d83a740&refresh_token=5b1e334d4de0b8e39c3dff8fd1c88dc8d9169fdbe7a0759b155dcd2b3a0479c47f5b&issued_on=1399488937103&expires_in=7200000&token_type=Bearer

*note the tokens have been trimmed in size. *

Now, you can make a request to SmartCloud for Social Business using the Bearer Token (access token)

curl –header “Authorization: Bearer 16c7f772427f367be615ffaefd8293cff73646e246e1d094a63dd914c43b9e3efd84809378199815886d83a740ea6ef1713c6dc310b4cac9730bad0426bfe1abd0eaefadef38411243d21546e2645dad16c35fb299da8d642de665582b559cef50d9742f12313f7b90a5977f7cc08c34a8bafe7” https://apps.na.collabserv.com/lotuslive-shindig-server/social/rest/people/@me

You see response data:

{"entry":{"photos":[{"value":"PROFILES","type":"Source"},{"value":"20089096__1386184300.jpg","type":"Photo"}],"telephone":"111-111-1111","aboutMe":"test software engineer","profileUrl":"https://apps.na.collabserv.com/contacts/profiles/view/20089096","mobilephone":"111-111-1112","orgs":[{"value":"PROFILES","type":"Source"},{"value":"Mentorship Expressway","type":"Org"}],"country":"US","website":"www.mycompany.com","id":"na.collabservtest.lotus.com:user:20089096","fax":"111-111-1114","orgId":20085940,"addresses":[{"value":"PROFILES","type":"Source"},{"address":""},{"address":""},{"address":""}],"photo":"20089096__1386184300.jpg","emailAddress":"pbastide@us.ibm.com","websites":[{"value":"PROFILES","type":"Source"},{"website":""},{"website":""},{"title":"Test","website":"http://T22"},{"website":"www.mycompany.com"}],"fullName":"Paul Bastide","objectId":20089096,"jobtitle":"Director","ims":[],"emails":[{"title":"Primary Email","email":"pbastide@us.ibm.com"}],"org":{"name":"Mentorship Expressway"},"displayName":"Paul Bastide","phoneNumbers":[{"value":"PROFILES","type":"Source"},{"title":"Contact","phone":"978-000-0000"},{"title":"ID","phone":"GGGG"},{"phone":""},{"title":"Primary Telephone","phone":"111-111-1111"},{"title":"MobilePhone","phone":"111-111-1112"},{"title":"Fax","phone":"111-111-1114"}]}}

That’s it, you now know how to use the Bearer Token with oAuth and SmartCloud.

Reference

https://labs.hybris.com/2012/06/18/trying-out-oauth2-via-curl/