hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Fulghum <ryan.fulgh...@gmail.com>
Subject OAuth token request with httpclient
Date Tue, 15 Sep 2015 13:28:34 GMT
We are implementing Oauth Authorization code grant flow in our Android app.
Note that while registering our application with remote service we got
client ID, secret key and redirect URIs.

Implementation :

We open login page for the service in a browser and let the user supply
their credentials. Browser redirects to our app with Authorization code.

Next we obtain an Oauth token by exchanging the Authorization code with the
remote services Authorization server.

We create a https POST request by URL encoding client ID, secret, redirect
URI and authorization code and send it to the server. Server responds with
HTTP 401 asking client to authenticate with one of { NTLM, Kerberos, Basic}
schemes and specific scope/realm.

If the same POST request is constructed/executed using httpURLConnection
class, server does not ask for Authentication and returns a valid response.

I am going to wireshark the httpURLConnection request and see if it retries
the request silently and if so with what credentials.

Has anyone experienced this before?

Thank you.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message