new OAuthAuthzRequest(request)
58 views
Skip to first unread message
Markus Sabadello
Oct 2, 2010, 11:17:25 AM10/2/10
to oauth-le...@googlegroups.com
Hello,
I'm trying to call the above code for an incoming authorization request via GET, but getting validation exceptions from the AbstractValidator in your library.
Apparently only POST is supported, but not GET?
The spec says
"The authorization server MUST support the use of
the HTTP "GET" method for the end-user authorization endpoint, and
MAY support the use of the "POST" method as well."
Markus
--
blog: http://danubechannel.com
phone: +43 664 3154848
I'm trying to call the above code for an incoming authorization request via GET, but getting validation exceptions from the AbstractValidator in your library.
Apparently only POST is supported, but not GET?
The spec says
"The authorization server MUST support the use of
the HTTP "GET" method for the end-user authorization endpoint, and
MAY support the use of the "POST" method as well."
Markus
--
blog: http://danubechannel.com
phone: +43 664 3154848
Łukasz Moreń
Oct 2, 2010, 12:17:37 PM10/2/10
to oauth-le...@googlegroups.com
Hi Markus,
From what I see OAuthAuthzRequest works ok.
Look at net.smartam.leeloo.integration.endpoints.AuthzEndpoint from integration-tests package. We handle GET authorization request there.
If problem still appears could you please provide more details about oauth request you are sending? It will be easier to discover bug.
Hope it helps.
Lukasz
Markus Sabadello
Oct 2, 2010, 1:25:34 PM10/2/10
to oauth-le...@googlegroups.com
Hello Lukasz,
Looking at your net.smartam.leeloo.integration.Common file, I can see that in your integration tests you always set a Content-Type header:
c.setRequestProperty("Content-Type", OAuth.ContentType.URL_ENCODED);
A normal web browser doing a GET request will not set this content type.
If I remove this line, then one of your tests will actually fail.
Could you maybe comment on this? It may explain the problem I'm having in my own code.
Markus
Looking at your net.smartam.leeloo.integration.Common file, I can see that in your integration tests you always set a Content-Type header:
c.setRequestProperty("Content-Type", OAuth.ContentType.URL_ENCODED);
A normal web browser doing a GET request will not set this content type.
If I remove this line, then one of your tests will actually fail.
Could you maybe comment on this? It may explain the problem I'm having in my own code.
Markus
Markus Sabadello
Oct 2, 2010, 1:35:09 PM10/2/10
to oauth-le...@googlegroups.com
Maybe the problem is that CodeValidator.java overrides validateContentType() with an empty method body, but TokenValidator.java and CodeTokenValidator.java do NOT override this method.
Markus
Markus
Łukasz Moreń
Oct 2, 2010, 2:20:35 PM10/2/10
to oauth-le...@googlegroups.com
Yes you are right it is not a correct behaviour, I suppose problem appears for token ant code_token response types.
Thanks much for reporting that.Feel free to submit a patch for this bug. I've created issue:
Cheers,Lukasz
Markus Sabadello
Oct 2, 2010, 4:01:04 PM10/2/10
to oauth-le...@googlegroups.com
Okay, I just attached a patch! It works for me, and all the tests still pass!
thanks for your and Maciej's support today,
Markus
thanks for your and Maciej's support today,
Markus
2010/10/2 Łukasz Moreń <lukasz...@gmail.com>
Maciej Machulak
Oct 3, 2010, 3:11:59 PM10/3/10
to oauth-le...@googlegroups.com
Markus,
Great! We'll apply that tomorrow morning.
Cheers,
Maciej
2010/10/2 Markus Sabadello <markus.s...@gmail.com>:
--
Maciej Machulak
email: maciej....@gmail.com
tel: +48 602 45 31 44
tel: +44 7999 606 767
Reply all
Reply to author
Forward
0 new messages