oltu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Sanso <asa...@adobe.com>
Subject Re: Token with grant_type password
Date Thu, 07 Aug 2014 12:14:41 GMT
thanks a lot Davide this would be awesome!!

regards

antonio
On Aug 7, 2014, at 11:37 AM, Davide Palmisano <dpalmisano@gmail.com> wrote:

> Dear Stein,
> 
> thank you very much for your prompt response. It worked perfectly and it now makes sense.
> 
> Since this seems to be a problem that every new user which approaches Oltu (and OAuth
provider in general) experiences, I can write a wiki page on the Olto confluence if you like.
> 
> many thanks,
> 
> Davide
> 
> 
> On Wed, Aug 6, 2014 at 10:13 PM, Stein Welberg <stein@onegini.com> wrote:
> Hi Davide,
> 
> Please have a look at the OAuthUnauthenticatedTokenRequest. This should support the request
that you want. In this class a client secret is not required. 
> 
> The reason for making the client secret required in the OauthTokenRequest (the default)
is to have sensible (secure) defaults and enforcing client authentication is recommended in
the OAuth spec :-).
> 
> Hope this helps!
> 
> Met vriendelijke groet / Kind regards,
> 
> Stein Welberg | CTO 
> 
> 
> <Onegini logo small signature[18].png>
> 
> 
> 
> M: +31639110574 | stein@onegini.com | Pompmolenlaan 9, 3447 GK, Woerden | www.onegini.com
> 
> Visit www.onegini.me to create your own Onegini digital identity today!
> 
> On 6 aug. 2014, at 18:32, Davide Palmisano <dpalmisano@gmail.com> wrote:
> 
>> Dear Oltu community,
>> 
>> i'm trying to implement an OAuth provider with the possibility of using grant_type=password
as specified here[1].
>> 
>> I've searched the amber mailing list and apparently someone else had exactly the
same problem[2].
>> 
>> Problem is that even if the RFC says that I can request a token simply sending something
like
>> 
>> /oauth/token?grant_type=password&username=foo&password=bar&client_id=myClient
>> 
>> when I try build an OAuthTokenRequest
>> 
>> OAuthTokenRequest oauthRequest =  new OAuthTokenRequest(request);
>> 
>> I get an Exception like as follows (missing client_secret):
>> 
>> OAuthProblemException{error='invalid_request', description='Missing parameters: client_secret',
uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}
>> 
>> which doesn't really make sense to me, since client_secret is not required for this
grant_type.
>> 
>> Then I looked at the integration tests[3], and it seems you're adding client_secret
to password granted requests.
>> 
>> What am I doing wrong? Is it possible that Oltu is slightly misaligned with the RFC
or I'm totally misusing it?
>> 
>> thank you in advance guys,
>> 
>> Davide
>> 
>> [1] http://tools.ietf.org/html/rfc6749#page-37 paragraph 4.3.1
>> [2] http://markmail.org/message/n573w5nwrnqp3zod
>> [3] https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/integration-tests/src/test/java/org/apache/oltu/oauth2/integration/AccessTokenPasswordCredentialsTest.java
>> 
>> -- 
>> Davide Palmisano
>> 
>> http://davidepalmisano.com
>> http://twitter.com/dpalmisano
> 
> 
> 
> 
> -- 
> Davide Palmisano
> 
> http://davidepalmisano.com
> http://twitter.com/dpalmisano


Mime
View raw message