oltu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jasha Joachimsthal <ja...@apache.org>
Subject Re: [Implicit Grant Flow] The wey to response error
Date Thu, 17 Dec 2015 08:52:23 GMT
On 17 December 2015 at 09:13, Anders <innocentliny@gmail.com> wrote:

> Jasha,
>
> I checked OAuthASResponse you mentioned and found:
>
>     @Test
>     public void testAuthzImplicitResponseWithState() throws Exception {
>         HttpServletRequest request = createMock(HttpServletRequest.class);
>
> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
>         replay(request);
>         OAuthResponse oAuthResponse =
> OAuthASResponse.authorizationResponse(request,200)
>         .location("http://www.example.com")
>         .setAccessToken("access_111")
>         .setExpiresIn("400")
>         .setParam("testValue", "value2")
>         .buildQueryMessage();
>
>         String url = oAuthResponse.getLocationUri();
>         Assert.assertEquals("
> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
> url);
>         Assert.assertEquals(200, oAuthResponse.getResponseStatus());
>     }
>
> Then I wrote my code as below:
>
>       OAuthProblemException ex =
> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
>       return
> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>                             .error(ex)
>                             .location(oauthReq.getRedirectURI())
>                             .buildQueryMessage();
>
> I got this:
> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
> But I expect this one: https://redirect.uri/oauth/callback#
> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>
> I can't use OAuthASResponse.authorizationResponse(), because it doesn't
> accept OAuthProblemException as argument.
> DoI miss anything?
>


You are using a success method to return an error. See the
testErrorResponse method for the example with the error response.
OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...



>
> Thank you very much.
>
> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <jasha@apache.org>
> wrote:
>
>> Hi Anderson,
>>
>> On 17 December 2015 at 07:00, Anders <innocentliny@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm using Oltu version 1.0.1.
>>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>>> fragment, like below:
>>>
>>> HTTP/1.1 302 Found
>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>
>>> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>>>
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>>                             .location(oauthReq.getRedirectURI())
>>>
>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>>                             .setState(oauthReq.getState())
>>>                             .buildQueryMessage();
>>>
>>> Is there any way to do this?
>>> Thank you for any comments.
>>> --
>>>
>>> Anderson
>>>
>>
>> First create an OAuthProblemException with the error and pass this
>> exception to the OAuthASResponse. You can find examples in the test class
>> of OAuthASResponse:
>>
>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>
>> Regards,
>>
>> Jasha
>>
>>
>
>
> --
> ------------------
> ~Mia は 最高!~
> ------------------
>

Mime
View raw message