CAS OAuth Authentication Using Google OAuth 2.0 and Using Yahoo OAuth 1.0

102 views
Skip to first unread message

Kipling Fraser

unread,
Jul 7, 2013, 1:24:19 PM7/7/13
to jasig-c...@googlegroups.com
I've successfully configured my CAS v. 3.5.2 to delegate authentication to Yahoo using OAuth 1.0 by following the instruction Jasig CAS Wiki at https://wiki.jasig.org/display/CASUM/Configuration+for+the+OAuth+client+support+in+CAS+server+version+%3E%3D+3.5.1
Now, I am trying to add the authentication with Google using OAuth 2.0. For that, I am using Google2Provider by updating the dependency on scribe-up to 1.3.1. 
But the following error is thrown upon accessing CAS login page:

  SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.jasig.cas.support.oauth.web.flow.OAuthAction@4d88f286 in state 'oauthAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause
  java.lang.IllegalArgumentException: Cannot encode null object
  at org.scribe.utils.Preconditions.check(Preconditions.java:82)
  at org.scribe.utils.Preconditions.checkNotNull(Preconditions.java:29)
  at org.scribe.utils.OAuthEncoder.encode(OAuthEncoder.java:28)
  at org.scribe.up.addon_to_scribe.GoogleApi20.getAuthorizationUrl(GoogleApi20.java:36)
  at org.scribe.oauth.OAuth20ServiceImpl.getAuthorizationUrl(OAuth20ServiceImpl.java:69)
  at org.scribe.up.provider.BaseOAuth20Provider.getAuthorizationUrl(BaseOAuth20Provider.java:43)
  at org.jasig.cas.support.oauth.web.flow.OAuthAction.doExecute(OAuthAction.java:128)
  ...

It appears the exception is caused by a null "scope" of the config parameter in GoogleApi20.getAuthorizationUrl(final OAuthConfig config) where config.getScope() returns null:

  public String getAuthorizationUrl(final OAuthConfig config) {
    return String.format(AUTHORIZATION_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()),
                         OAuthEncoder.encode(config.getScope()));
  } 


Jérôme LELEU

unread,
Jul 9, 2013, 10:15:34 AM7/9/13
to cas-...@lists.jasig.org
Hi,

Posted a reply on stackoverflow : there is currently a bug in the Google2Provider, the scope needs to be explicitely set.
Best regards,
Jérôme
-- 
You are currently subscribed to cas-...@lists.jasig.org as: cas-user-ga...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Kipling Fraser

unread,
Jul 9, 2013, 1:46:54 PM7/9/13
to jasig-c...@googlegroups.com, cas-...@lists.jasig.org
Thank you Jerome. I've seen your reply. I've got an idea as where to set a real scope after looking into the source code a bit closely. I am going to give it a try.

By the way, is there a plan to fix this bug in some later release of CAS 3.5.x or scribe-up since whatever fix I will come up with would be just a work-around.

Best regards,
Reply all
Reply to author
Forward
0 new messages