{"error":"invalid_client","error_description":"The client secret was incorrect."}
This is what happens when java uses the apache http client to read this request:
- Tue Aug 07 10:26:05 CDT 2012:ERROR:org.apache.http.client.ClientProtocolException
The reason I discovered this, is I am using SoapUI to create backwards compatibility tests. It cannot validate a correct invalid_client response because it can't read it. The realm should be blank.
It should be:
WWW-Authenticate: Basic realm=""
I couldn't tell if this is required by the spec, but browsers support both ways. But the java class doesn't.
I'm not familiar enough with the HTTP spec to say whether the realm="" is
supposed to be required or not (or even if it specifies one way or the
other).
But I don't object to including this bit in the HTTP response from DNOA.
If you happen to be able to build DNOA yourself, can you try applying the
change to this file and reporting back as to whether it fixed the issue?
src\DotNetOpenAuth.OAuth2.AuthorizationServer\OAuth2\ChannelElements\Client CredentialHttpBasicReader.cs
Consider sending a pull request with the fix if it works.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
> {"error":"invalid_client","error_description":"The client secret was
> incorrect."}
> This is what happens when java uses the apache http client to read this
> request:
> - Tue Aug 07 10:26:05 CDT
> 2012:ERROR:org.apache.http.client.ClientProtocolException
> The reason I discovered this, is I am using SoapUI to create
> backwards compatibility tests.
> It cannot validate a correct invalid_client response because it can't read
> it. The realm should be blank.
> It should be:
> WWW-Authenticate: Basic realm=""
> I couldn't tell if this is required by the spec, but browsers support both
> ways. But the java class doesn't.
> Thoughts?
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/dotnetopenid/-/ymrheOwc_X0J.
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
I'd consider that a successful test then. Can you file a
bug<http://bit.ly/dnoawish> and
include this information?
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Wed, Aug 8, 2012 at 9:14 AM, Brad Laney <brad.j.la...@gmail.com> wrote:
> Guess I can but I know it works because I used fiddler to modify the
> request to add the realm part and it worked
> On Aug 7, 2012 11:28 PM, "Andrew Arnott" <andrewarnott<andrewarn...@gmail.com>
> @ <andrewarn...@gmail.com>gmail.com <andrewarn...@gmail.com>> wrote:
> > I'm not familiar enough with the HTTP spec to say whether the realm=""
> is supposed to be required or not (or even if it specifies one way or the
> other).
> > But I don't object to including this bit in the HTTP response from DNOA.
> > If you happen to be able to build DNOA yourself, can you try applying
> the change to this file and reporting back as to whether it fixed the issue?
> >> {"error":"invalid_client","error_description":"The client secret was
> incorrect."}
> >> This is what happens when java uses the apache http client to read this
> request:
> >> Tue Aug 07 10:26:05 CDT
> 2012:ERROR:org.apache.http.client.ClientProtocolException
> >> The reason I discovered this, is I am using SoapUI to create
> backwards compatibility tests.
> >> It cannot validate a correct invalid_client response because it can't
> read it. The realm should be blank.
> >> It should be:
> >> WWW-Authenticate: Basic realm=""
> >> I couldn't tell if this is required by the spec, but browsers support
> both ways. But the java class doesn't.
> >> Thoughts?
> >> --
> >> You received this message because you are subscribed to the Google
> Groups "DotNetOpenAuth" group.
> >> To view this discussion on the web visit
> https://groups.google.com/d/msg/dotnetopenid/-/ymrheOwc_X0J.
> >> To post to this group, send email to dotnetopenid@googlegroups.com.
> >> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
> > --
> > You received this message because you are subscribed to the Google
> Groups "DotNetOpenAuth" group.
> > To post to this group, send email to dotnetopenid@googlegroups.com.
> > To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
> I'd consider that a successful test then. Can you file a bug<http://bit.ly/dnoawish> and
> include this information?
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
> On Wed, Aug 8, 2012 at 9:14 AM, Brad Laney <brad.j.la...@gmail.com> wrote:
>> Guess I can but I know it works because I used fiddler to modify the
>> request to add the realm part and it worked
>> On Aug 7, 2012 11:28 PM, "Andrew Arnott" <andrewarnott<andrewarn...@gmail.com>
>> @ <andrewarn...@gmail.com>gmail.com <andrewarn...@gmail.com>> wrote:
>> > I'm not familiar enough with the HTTP spec to say whether the realm=""
>> is supposed to be required or not (or even if it specifies one way or the
>> other).
>> > But I don't object to including this bit in the HTTP response from DNOA.
>> > If you happen to be able to build DNOA yourself, can you try applying
>> the change to this file and reporting back as to whether it fixed the issue?
>> > Consider sending a pull request with the fix if it works.
>> > --
>> > Andrew Arnott
>> > "I [may] not agree with what you have to say, but I'll defend to the
>> death your right to say it." - S. G. Tallentyre
>> > On Tue, Aug 7, 2012 at 8:36 AM, Brad Laney <brad.j.la...@gmail.com>
>> wrote:
>> >> The raw response of a token invalid_client request is:
>> >> {"error":"invalid_client","error_description":"The client secret was
>> incorrect."}
>> >> This is what happens when java uses the apache http client to read
>> this request:
>> >> Tue Aug 07 10:26:05 CDT
>> 2012:ERROR:org.apache.http.client.ClientProtocolException
>> >> The reason I discovered this, is I am using SoapUI to create
>> backwards compatibility tests.
>> >> It cannot validate a correct invalid_client response because it can't
>> read it. The realm should be blank.
>> >> It should be:
>> >> WWW-Authenticate: Basic realm=""
>> >> I couldn't tell if this is required by the spec, but browsers support
>> both ways. But the java class doesn't.
>> >> Thoughts?
>> >> --
>> >> You received this message because you are subscribed to the Google
>> Groups "DotNetOpenAuth" group.
>> >> To view this discussion on the web visit
>> https://groups.google.com/d/msg/dotnetopenid/-/ymrheOwc_X0J.
>> >> To post to this group, send email to dotnetopenid@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> dotnetopenid+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
>> http://groups.google.com/group/dotnetopenid?hl=en.
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups "DotNetOpenAuth" group.
>> > To post to this group, send email to dotnetopenid@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> dotnetopenid+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
>> http://groups.google.com/group/dotnetopenid?hl=en.
>> --
>> You received this message because you are subscribed to the Google Groups
>> "DotNetOpenAuth" group.
>> To post to this group, send email to dotnetopenid@googlegroups.com.
>> To unsubscribe from this group, send email to
>> dotnetopenid+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/dotnetopenid?hl=en.
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
