I have an Google AppEngine Servlet that receives an ApplicationToken from an OAuth 2.0 enabled web application: what would be the next step

[Michel Jonker]

Hi,

I have registered my Google App Engine app with a third party, OAuth 2.0 enabled, web application (Office365 from Microsoft)

The remote appplication sends this token (in base64 encoding, but I decoded it for this purpose):

AppToken decoded:

{"typ":"JWT","alg":"HS256"}{"aud":"e9e91cd9-0d95-46b7-8a05-f614a683e35d/eog-fire-ice.appspot.com@19d9feae-ba24-4c9e-831c-3132f2ea3974","iss":"00000001-0000-0000-c000-000000000000@19d9feae-ba24-4c9e-831c-3132f2ea3974","nbf":1353563990,"exp":1353607190,"appctxsender":"00000003-0000-0ff1-ce00-000000000000@19d9feae-ba24-4c9e-831c-3132f2ea3974","appctx":"{\"CacheKey\":\"hwqDPFbKDL9mIYpbReWYHeez1uES77UqEsxwienRA9g=\",\"SecurityTokenServiceUri\":\"https://accounts.accesscontrol.windows.net/tokens/OAuth/2\"}","refreshtoken":"IAAAADvEbysE9QepAkRJ52ysDOYGYKl1fEGZzd0ma5JtB2vCl0XGVpoYyPHm_ffcAeDfbNCN2eURI-uaeEeW4UaTUcFP_qzWVxtKqN6jB86TYxsoJdY17wWpKazzuAKcB8mwHPmZK-mSjPpQ76FdGQcFgnzyuGuq3S1Vgq1-g1kB_B-acyDY2bFM9jA60kan_FfThhWW17issOrEs-awtSLUS5EwUGZcMtoBbv1JCKtmUA5XnYexnJhsvDHLaKZQd0D9U8arreCLZnQqx19ppNXf2hgLFgm7WH7Y_Q08RCsLvffv8TdpWpclvB8qglrGetvxjee6zAw-PgLs8PKQrb4kth295DFUDyEHyLRklLe9caTrPG-rzpFRa7xXrS-tI9MlaJI6zRB1heIgxQZffmaO_8gvlYeFM-iZD7fVdPoqc4RqxcpIFqdhoH3FZkQZLYuD7S9gm8gshjWsiwfTsU5ENkeCVK--WFcNyjKrz5GCg5japXLc-M9nFwDCvTDFZUywce4bmf-mjy1M2dKdR-s9fZw","isbrowserhostedapp":"true"}??(tW 34??|???s+   ? 3|? }]g9?

The refreshToken is there, as well as the SecurityTokenServiceUri. 

How can I leverage the google-aouth-java-client to get an access token from the SecurityTokenService and/or invoke a OData REST service on the Office365 environmnent ?

TIA

Michel

[Michel Jonker]

I have also posted the question here:

http://stackoverflow.com/questions/13544723/how-to-map-variable-from-spapptoken-into-authorizationcodetokenrequest

Maybe that clarifies things..

Michel

[Michel Jonker]

I have made a few adjustments and now I am getting this error:

java.lang.IllegalArgumentException: number field formatted as a JSON string must use the @JsonString annotation [key expires_in, field private java.lang.Long com.google.api.client.auth.oauth2.TokenResponse.expiresInSeconds]
	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:119)
	at com.google.api.client.json.JsonParser.parseValue(JsonParser.java:636)
	at com.google.api.client.json.JsonParser.parse(JsonParser.java:350)
	at com.google.api.client.json.JsonParser.parseValue(JsonParser.java:586)
	at com.google.api.client.json.JsonParser.parse(JsonParser.java:289)
	at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:76)
	at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:71)
	at com.google.api.client.http.HttpResponse.parseAs(HttpResponse.java:491)
	at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:323)
	at nl.eoffice.fireandice.CallBack4FireAndIceServlet.doPost(CallBack4FireAndIceServlet.java:102)

On Friday, November 23, 2012 7:50:39 AM UTC+1, Michel Jonker wrote:

[Michel Jonker]

I have got it working, please check:

http://stackoverflow.com/questions/13544723/how-to-map-variable-from-spapptoken-into-authorizationcodetokenrequest

Next step is OData, but there is a different group for this..

[Yaniv Inbar (יניב ענבר)‎]

Hi Michel,

Thank you for your investigation.  I commented on your bug report here:

http://code.google.com/p/google-oauth-java-client/issues/detail?id=62

Basically, the only conclusion I can come up with is that Microsoft Office 365 OAuth services isn't following the OAuth 2.0 specification. The surprise is that RFC 6749 author is D. Hardt from Microsoft.

-- Yaniv