requesting login token for staging.lp.net generates a 401 error

Where exactly is the 401 happening?

The 401 OOPS simply shows trying to access an API page witout a token. (Or with an invalid token).

So did the authorization process completed succesfully? Can you see the tokens in your tokens list

https://staging.launchpad.net/people/+me/+oauth-tokens

Where exactly is the 401 happening?
In [1]: from launchpadlib.launchpad import Launchpad, STAGING_SERVICE_ROOT

In [2]: launchpad = Launchpad.get_token_and_login('test login on staging', STAGING_SERVICE_ROOT)
The authorization page (https://staging.launchpad.net/+authorize-token?oauth_token=xlnP2n1zN6R9P81TPlHH) should be opening in your browser. After you have authorized this program to access Launchpad on your behalf you should come back here and press <Enter> to finish the authentication process.

---------------------------------------------------------------------------
HTTPError Traceback (most recent call last)

/home/markus/<ipython console> in <module>()

/media/disk-1/lp_api/launnchpadlib/trunk/launchpadlib/launchpad.pyc in get_token_and_login(cls, consumer_name, service_root, cache, timeout, proxy_info)
    151 "here and press <Enter> to finish the authentication "
    152 "process." % authorization_url)
    153 sys.stdin.readline()
    154 credentials.exchange_request_token_for_access_token(web_root)
--> 155 return cls(credentials, service_root, cache, timeout, proxy_info)

/media/disk-1/lp_api/launnchpadlib/trunk/launchpadlib/launchpad.pyc in __init__(self, credentials, service_root, cache, timeout, proxy_info)
     58 # Get the WADL definition.
     59 self._browser = Browser(self.credentials, cache, timeout, proxy_info)
---> 60 self._wadl = self._browser.get_wadl_application(self._root_uri)
     61
     62 # Get the root resource.

/media/disk-1/lp_api/launnchpadlib/trunk/launchpadlib/_browser.pyc in get_wadl_application(self, url)
    227 """GET a WADL representation of the resource at the requested url."""
    228 response, content = self._request(
--> 229 url, media_type='application/vd.sun.wadl+xml')
    230 return Application(str(url), content)
    231

/media/disk-1/lp_api/launnchpadlib/trunk/launchpadlib/_browser.pyc in _request(self, url, data, method, media_type, extra_headers)
    209 # Turn non-2xx responses into exceptions.
    210 if response.status // 100 != 2:
--> 211 raise HTTPError(response, content)
    212 return response, content
    213

HTTPError: HTTP Error 401: Unauthorized

In [3]:

So did the authorization process completed succesfully? Can you see the tokens in your tokens list
Yes this token is on that list

Do you get the same behaviour on Edge?

Are you on Intrepid? What version of httplib2 are you using?

no, can reproduce this behaviour on edge, edge is working fine. I'm using intrepid, and this versions:

python-httplib2:
0.4.0-0ubuntu1

launchpadlib:
rev 25 from bzr trunk

wadllib:
rev 6 also from bzr trunk

see the attachment for code to reproduce this on staging with httplib2.debuglevel = 1

I've duplicated this. The token is in the database and verified, but it doesn't validate anything.

A similar problem happened in the past (token created but doesn't work) because the user wasn't in the launchpad-beta-testers group. I think that's the most likely cause of this problem. Is there an access control group for web service access on staging?

No, there is no access restrictions on the staging server.

Also, if you look at the OOPS report, it seems that the consumer key isn't found. So either there is an OAuth encoding/decoding problem or that the database is not saved on the previous request. Both hypothesis seems very unlikely though.

If I stick the OAuth query variables in the query string, they go through and the client key is recognized. There is no decoding problem, but a problem getting the data to be extracted from the form. I ran an experiment on the string that gets sent through the server. It is processed correctly by OAuthRequest._split_header. So the problem is that the Authorization header isn't being picked up by Launchpad. And it only happens on staging.

This was caused by squid which removed the Authorization header. But there is now a separate issue described in bug 294842 which still prevents API from working on staging.