shindig-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From daviesd <davi...@oclc.org>
Subject Re: OAuth2RequestParameterGenerator
Date Mon, 30 Jan 2012 21:27:27 GMT
I debugged through this a little more today and it¹s not as simple as
putting the http request params into the http method params used in the
fetcher.  It appears for the access token flow that the parameters are
POSTED via a body created by CodeAuthorizationResponseHandler.  It only
looks for specific parameters (grant_type, authorization, redirect_uri,
etc.) to pass to the access token request and so the extra parameters I add
in StandardAuthenticationHandler really don¹t matter.  If anyone is familiar
with all this I could use some direction as to where to plug in here.
Thanks!

doug


On 1/27/12 3:25 PM, "daviesd" <daviesd@oclc.org> wrote:

> I¹m just wondering if it¹s as easy as having BasicHttpFetcher transfer the
> HttpRequest params to the httpMethod params.  Was it an oversight or were they
> not copied for a reason?
> 
> doug
> 
> On 1/27/12 2:23 PM, "daviesd" <daviesd@oclc.org> wrote:
> 
>> Back in December Li Xu helped me get a patch submitted that added the
>> OAuth2RequestParameterGenerator interface.  It is meant to be implemented if
>> you want to pass additional parameters along to the various oauth2 flow
>> requests.
>> 
>> I¹ve since noticed an issue with this.  The parameters I add get passed along
>> fine to a CodeGrantTypeHandler (when asking for the auth code).  However,
>> when the access token is requested using the StandardAuthenticationHandler,
>> the parameters I generate do not get passed along the subsequent
>> BasicHttpFetcher.fetch.  I think probably because this is a POST and it
>> doesn¹t pass parameters sent in the HttpRequest object.  It assumes only
>> header values?  Is this correct or a bug?  Should I be passing my additional
>> parameters along in the header in this case?  If so, I probably need to
>> supply a patch for StandardAuthenticationHandler that adds the params to the
>> header in addition.
>> 
>>       request.setHeader(OAuth2Message.CLIENT_ID, clientId);
>>       request.setParam(OAuth2Message.CLIENT_ID, clientId);
>>       request.setHeader(OAuth2Message.CLIENT_SECRET, secret);
>>       request.setParam(OAuth2Message.CLIENT_SECRET, secret);
>> 
>>       // add any additional parameters
>>       for (Map.Entry<String, String> entry :
>> accessor.getAdditionalRequestParams().entrySet()) {
>>         request.setParam(entry.getKey(), entry.getValue());
>>       }
>> 
>> doug


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message