cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jordi <jordi_torre...@hotmail.com>
Subject Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not supported
Date Fri, 13 Apr 2012 15:30:16 GMT
Hi Sergey,
I've downloaded 2.5.3-SNAPSHOT-43 and I'm afraid the problem still remains.

In org.apache.cxf.rs.security.oauth.services.RequestTokenHandler handle()
method we can find:

            List<String> scopes = OAuthUtils.parseParamValue(
                    oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE),
defaultScope);
            
            RequestTokenRegistration reg = new RequestTokenRegistration();
            reg.setClient(client);
            reg.setCallback(callback);
            reg.setState(oAuthMessage.getParameter("*state*"));

And OAuthConstants.X_OAUTH_SCOPE is defined as:
            public static final String X_OAUTH_SCOPE = "*scope*";

So extra OAuth parameters use "scope" and "state" names, but with net.oauth
1.0 reference implementation, when authorization header is built inside
net.oauth.OAuthMessage getAuthorizationHeader() method only parameters whose
names begin with "oauth_" are included:
            for (Map.Entry parameter : parameters) {
                String name = toString(parameter.getKey());
                *if (name.startsWith("oauth_")) {*
                    if (into.length() > 0) into.append(",");
                    into.append(" ");
                    into.append(OAuth.percentEncode(name)).append("=\"");
                   
into.append(OAuth.percentEncode(toString(parameter.getValue()))).append('"');
                }
            }

To solve the problem "scope", "state" should be renamed to something like
"oauth_scope" and "oauth_state"

--
View this message in context: http://cxf.547215.n5.nabble.com/jira-Created-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5164840p5638679.html
Sent from the cxf-issues mailing list archive at Nabble.com.

Mime
View raw message