Bitcoin Institute

Authentication, JSON RPC and Python

10 messages BitcoinTalk vess, Jeff Garzik, Gavin Andresen, aceat64, Satoshi Nakamoto August 3, 2010 — August 4, 2010
vess August 3, 2010 15:49 UTC Source ·

Hi all,

Does anyone have jsonrpc or something similar working with HTTP Authentication? I’m trying to hit up my bitcoin server with python over JSON-RPC, and of course, getting authorization errors from the new server.

I couldn’t find much about this online, surprisingly, so thought I’d ask here.

vess August 3, 2010 18:02 UTC Source ·

Thanks for the pointer, interesting, but not what seems to be affecting me.

Here’s my current code (running on Google App Engine)

postdata = jsonrpc.dumps({“method”: ‘getbalance’, “params”:”,‘id’:‘jsonrpc’}) req = urllib2.Request(‘http://127.0.0.1:8332’, postdata) userpass = ‘user:a’.encode(‘base64’)[:-1] authheader = “Basic %s” % userpass req.add_header(“Authorization”,authheader) handle = urllib2.urlopen(req) json_response = handle.read() self.response.out.write (json_response)

This yields a HTTPError: HTTP Error 500: Internal Server Error

from the GAE local python script.

using postdata = jsonrpc.dumps([{“jsonrpc”: “2.0”,“method”: ‘getbalance’, “params”:”,‘id’:‘1’}])

Yields the same result.

Jeff Garzik (jgarzik) August 3, 2010 18:09 UTC Source ·
Quote from: vess on August 03, 2010, 9:02:00 AM UTC

Thanks for the pointer, interesting, but not what seems to be affecting me.

Here’s my current code (running on Google App Engine)

postdata = jsonrpc.dumps({“method”: ‘getbalance’, “params”:”,‘id’:‘jsonrpc’}) req = urllib2.Request(‘http://127.0.0.1:8332’, postdata) userpass = ‘user:a’.encode(‘base64’)[:-1] authheader = “Basic %s” % userpass req.add_header(“Authorization”,authheader) handle = urllib2.urlopen(req) json_response = handle.read() self.response.out.write (json_response)

This yields a HTTPError: HTTP Error 500: Internal Server Error

This is a verified bug in bitcoin.

bitcoin requires the Content-Length header, but several JSON-RPC libraries do not provide it. When the Content-Length header is absent, bitcoin returns 500 Internal Server Error.

Gavin Andresen August 3, 2010 18:56 UTC Source ·
Quote from: Jeff Garzik on August 03, 2010, 9:09:08 AM UTC

bitcoin requires the Content-Length header, but several JSON-RPC libraries do not provide it. When the Content-Length header is absent, bitcoin returns 500 Internal Server Error.

Can you be more specific about which JSON libraries don’t provide Content-Length ? It’d be nice to document that.

Jeff Garzik (jgarzik) August 3, 2010 18:58 UTC Source ·
Quote from: gavinandresen on August 03, 2010, 9:56:44 AM UTC
Quote from: Jeff Garzik on August 03, 2010, 9:09:08 AM UTC

bitcoin requires the Content-Length header, but several JSON-RPC libraries do not provide it. When the Content-Length header is absent, bitcoin returns 500 Internal Server Error.

Can you be more specific about which JSON libraries don’t provide Content-Length ? It’d be nice to document that.

The two JSON RPC libs available at CPAN (Perl), and a compliant C lib that I wrote locally to verify the behavior.

aceat64 August 3, 2010 19:56 UTC Source ·

Another issue I noticed with bitcoind’s JSON-RPC is that by default there is no user, and PHP’s fopen() function does not try to send the authentication information if no user was specified.

For example, this URL does not work: But this one does:

I had to set the “rpcuser” in my node’s bitcoin.conf file in order to get PHP to play nicely.

vess August 3, 2010 20:31 UTC Source ·

I encountered this as well: there’s no documentation as to what auth string should be accepted in the case of no user.

It’s probably best to require rpcuser and rpcpassword in future versions is my two cents. This is generally what’s expected from an HTTP Auth anyway.

Satoshi Nakamoto August 3, 2010 21:26 UTC Source ·
Quote from: gavinandresen on August 03, 2010, 9:56:44 AM UTC
Quote from: Jeff Garzik on August 03, 2010, 9:09:08 AM UTC

bitcoin requires the Content-Length header, but several JSON-RPC libraries do not provide it.  When the Content-Length header is absent, bitcoin returns 500 Internal Server Error.

Can you be more specific about which JSON libraries don’t provide Content-Length ?  It’d be nice to document that.

I guess we should try to support the case where there’s no Content-Length parameter.  I don’t want to rip and replace streams though, even if it has to read one character at a time.

Edit: That is, assuming there actually are any libraries that don’t support Content-Length.

Gavin Andresen August 3, 2010 22:52 UTC Source ·
Quote from: Jeff Garzik on August 03, 2010, 6:58:58 PM UTC

The two JSON RPC libs available at CPAN (Perl), and a compliant C lib that I wrote locally to verify the behavior.

Perl’s LWP module definitely sets the Content-Length header. I would’ve been surprised if it didn’t, since it is required by HTTP 1.0 and the HTTP 1.1 spec says clients ‘SHOULD’ set it.

After some struggle, I got the first JSON::RPC library at CPAN to work:

use JSON::RPC::Client;
use Data::Dumper;

my $client = new JSON::RPC::Client;

$client->ua->credentials( ‘localhost:8332’, ‘jsonrpc’, ‘my rpcusername’ => ‘my rpcpassword’ # Replace with real user/pass ); my @foo = $client->ua->credentials(‘localhost:8332’, ‘jsonrpc’); print “@foo\n”;

my $uri = ‘http://localhost:8332/’; my $obj = { method => ‘getinfo’, params => ], };

my $res = $client->call( $uri, $obj );

if($res){ if ($res->is_error) { print “Error : ”, $res->error_message; } else { print Dumper($res->result); } } else { print $client->status_line; } The struggle was setting the realm to ‘jsonrpc’ (it is fussy about that). I’ll document that on the wiki.

Jeff Garzik (jgarzik) August 4, 2010 04:24 UTC Source ·

Content-Length is definitely not sent on Fedora 12 and Fedora 13, will investigate further. Will check RHEL/CentOS too.