oltu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anders <innocentl...@gmail.com>
Subject Re: [Implicit Grant Flow] The wey to response error
Date Thu, 17 Dec 2015 14:58:16 GMT
Jasha,

Thank you for help!

On Thu, Dec 17, 2015 at 9:49 PM, Jasha Joachimsthal <jasha@apache.org>
wrote:

>
>
> On 17 December 2015 at 13:02, Anders <innocentliny@gmail.com> wrote:
>
>> Jasha,
>>
>> I found two work-around ways:
>>
>>
>>     return OAuthASResponse.tokenResponse(HttpServletResponse.SC_FOUND)
>>                           .location(redirectURI)
>>                           .setAccessToken(null)
>>                           .setParam(OAuthError.OAUTH_ERROR,
>> OAuthError.CodeResponse.UNAUTHORIZED_CLIENT)
>>                           .setParam(OAuthError.OAUTH_ERROR_DESCRIPTION,
>> errorDescription)
>>                           .setParam(OAuth.OAUTH_STATE, state)
>>                           .buildQueryMessage();
>>
>> or
>>
>>     return OAuthResponse.status(HttpServletResponse.SC_FOUND)
>>                  .location(redirectURI)
>>                  .setParam(OAuthError.OAUTH_ERROR,
>> OAuthError.CodeResponse.ACCESS_DENIED)
>>                  .setParam(OAuth.OAUTH_STATE, state)
>>                  .setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
>>                  .buildQueryMessage();
>>
>> If you have any better ways, please kindly let me know.
>>
>
> I've found the cause. The "access_token" parameter needs to be present to
> switch from ? to # in OAuthResponse.
>
> OAuthProblemException ex =
> OAuthProblemException.error(OAuthError.CodeResponse.ACCESS_DENIED, "Access
> is denied");
>         final OAuthResponse oAuthResponse =
> OAuthASResponse.errorResponse(403).error(ex)
>             .location("http://www.example.com")
>             .setParam(OAuth.OAUTH_STATE, state)
>             .setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
>             .buildQueryMessage();
>
>             produces
>
>
> http://www.example.com#error=access_denied&state=mystate&error_description=Access+is+denied
>
> Jasha
>
>
>> Thank you.
>>
>> On Thu, Dec 17, 2015 at 5:13 PM, Anders <innocentliny@gmail.com> wrote:
>>
>>> Jasha,
>>>
>>> Sorry to bother you again.
>>> My code is:
>>>
>>>     OAuthProblemException ex =
>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).uri("
>>> https://google.com").setParameter("1", "2");
>>>
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).location(redirectURI).error(ex).buildQueryMessage();
>>>
>>> But I still get: https://redirect.uri/oauth/callback?
>>> error=unauthorized_client&error_uri=https%3A%2F%2Fgoogle.com
>>>
>>> Please let me know if I'm doing wrong.
>>> Thank you.
>>>
>>> On Thu, Dec 17, 2015 at 4:52 PM, Jasha Joachimsthal <jasha@apache.org>
>>> wrote:
>>>
>>>>
>>>>
>>>> On 17 December 2015 at 09:13, Anders <innocentliny@gmail.com> wrote:
>>>>
>>>>> Jasha,
>>>>>
>>>>> I checked OAuthASResponse you mentioned and found:
>>>>>
>>>>>     @Test
>>>>>     public void testAuthzImplicitResponseWithState() throws Exception
{
>>>>>         HttpServletRequest request =
>>>>> createMock(HttpServletRequest.class);
>>>>>
>>>>> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
>>>>>         replay(request);
>>>>>         OAuthResponse oAuthResponse =
>>>>> OAuthASResponse.authorizationResponse(request,200)
>>>>>         .location("http://www.example.com")
>>>>>         .setAccessToken("access_111")
>>>>>         .setExpiresIn("400")
>>>>>         .setParam("testValue", "value2")
>>>>>         .buildQueryMessage();
>>>>>
>>>>>         String url = oAuthResponse.getLocationUri();
>>>>>         Assert.assertEquals("
>>>>> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
>>>>> url);
>>>>>         Assert.assertEquals(200, oAuthResponse.getResponseStatus());
>>>>>     }
>>>>>
>>>>> Then I wrote my code as below:
>>>>>
>>>>>       OAuthProblemException ex =
>>>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
>>>>>       return
>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>>>>                             .error(ex)
>>>>>                             .location(oauthReq.getRedirectURI())
>>>>>                             .buildQueryMessage();
>>>>>
>>>>> I got this:
>>>>> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>>> But I expect this one: https://redirect.uri/oauth/callback#
>>>>> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>>>
>>>>> I can't use OAuthASResponse.authorizationResponse(), because it
>>>>> doesn't accept OAuthProblemException as argument.
>>>>> DoI miss anything?
>>>>>
>>>>
>>>>
>>>> You are using a success method to return an error. See the
>>>> testErrorResponse method for the example with the error response.
>>>>
>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...
>>>>
>>>>
>>>>
>>>>>
>>>>> Thank you very much.
>>>>>
>>>>> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <jasha@apache.org>
>>>>> wrote:
>>>>>
>>>>>> Hi Anderson,
>>>>>>
>>>>>> On 17 December 2015 at 07:00, Anders <innocentliny@gmail.com>
wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm using Oltu version 1.0.1.
>>>>>>> According to OAuth 2.0 spec, I need to put error parameter in
HTTP
>>>>>>> fragment, like below:
>>>>>>>
>>>>>>> HTTP/1.1 302 Found
>>>>>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>>>>>
>>>>>>> But I can't use OAuthASResponse.errorResponse() to put error
parameter in fragment.
>>>>>>>
>>>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>>>>>>                             .location(oauthReq.getRedirectURI())
>>>>>>>
>>>>>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>>>>>>                             .setState(oauthReq.getState())
>>>>>>>                             .buildQueryMessage();
>>>>>>>
>>>>>>> Is there any way to do this?
>>>>>>> Thank you for any comments.
>>>>>>> --
>>>>>>>
>>>>>>> Anderson
>>>>>>>
>>>>>>
>>>>>> First create an OAuthProblemException with the error and pass this
>>>>>> exception to the OAuthASResponse. You can find examples in the test
class
>>>>>> of OAuthASResponse:
>>>>>>
>>>>>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Jasha
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ------------------
>>>>> ~Mia は 最高!~
>>>>> ------------------
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> ------------------
>>> ~Mia は 最高!~
>>> ------------------
>>>
>>
>>
>>
>> --
>> ------------------
>> ~Mia は 最高!~
>> ------------------
>>
>
>


-- 
------------------
~Mia は 最高!~
------------------

Mime
View raw message