You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@oltu.apache.org by Anders <in...@gmail.com> on 2015/12/17 07:00:24 UTC
[Implicit Grant Flow] The wey to response error
Hi,
I'm using Oltu version 1.0.1.
According to OAuth 2.0 spec, I need to put error parameter in HTTP
fragment, like below:
HTTP/1.1 302 Found
Location: https://client.example.com/cb#error=access_denied&state=xyz
But I can't use OAuthASResponse.errorResponse() to put error parameter
in fragment.
OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
.location(oauthReq.getRedirectURI())
.setError(OAuthError.CodeResponse.ACCESS_DENIED)
.setState(oauthReq.getState())
.buildQueryMessage();
Is there any way to do this?
Thank you for any comments.
--
Anderson
Re: [Implicit Grant Flow] The wey to response error
Posted by Anders <in...@gmail.com>.
Jasha,
Thank you for help!
On Thu, Dec 17, 2015 at 9:49 PM, Jasha Joachimsthal <ja...@apache.org>
wrote:
>
>
> On 17 December 2015 at 13:02, Anders <in...@gmail.com> wrote:
>
>> Jasha,
>>
>> I found two work-around ways:
>>
>>
>> return OAuthASResponse.tokenResponse(HttpServletResponse.SC_FOUND)
>> .location(redirectURI)
>> .setAccessToken(null)
>> .setParam(OAuthError.OAUTH_ERROR,
>> OAuthError.CodeResponse.UNAUTHORIZED_CLIENT)
>> .setParam(OAuthError.OAUTH_ERROR_DESCRIPTION,
>> errorDescription)
>> .setParam(OAuth.OAUTH_STATE, state)
>> .buildQueryMessage();
>>
>> or
>>
>> return OAuthResponse.status(HttpServletResponse.SC_FOUND)
>> .location(redirectURI)
>> .setParam(OAuthError.OAUTH_ERROR,
>> OAuthError.CodeResponse.ACCESS_DENIED)
>> .setParam(OAuth.OAUTH_STATE, state)
>> .setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
>> .buildQueryMessage();
>>
>> If you have any better ways, please kindly let me know.
>>
>
> I've found the cause. The "access_token" parameter needs to be present to
> switch from ? to # in OAuthResponse.
>
> OAuthProblemException ex =
> OAuthProblemException.error(OAuthError.CodeResponse.ACCESS_DENIED, "Access
> is denied");
> final OAuthResponse oAuthResponse =
> OAuthASResponse.errorResponse(403).error(ex)
> .location("http://www.example.com")
> .setParam(OAuth.OAUTH_STATE, state)
> .setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
> .buildQueryMessage();
>
> produces
>
>
> http://www.example.com#error=access_denied&state=mystate&error_description=Access+is+denied
>
> Jasha
>
>
>> Thank you.
>>
>> On Thu, Dec 17, 2015 at 5:13 PM, Anders <in...@gmail.com> wrote:
>>
>>> Jasha,
>>>
>>> Sorry to bother you again.
>>> My code is:
>>>
>>> OAuthProblemException ex =
>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).uri("
>>> https://google.com").setParameter("1", "2");
>>>
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).location(redirectURI).error(ex).buildQueryMessage();
>>>
>>> But I still get: https://redirect.uri/oauth/callback?
>>> error=unauthorized_client&error_uri=https%3A%2F%2Fgoogle.com
>>>
>>> Please let me know if I'm doing wrong.
>>> Thank you.
>>>
>>> On Thu, Dec 17, 2015 at 4:52 PM, Jasha Joachimsthal <ja...@apache.org>
>>> wrote:
>>>
>>>>
>>>>
>>>> On 17 December 2015 at 09:13, Anders <in...@gmail.com> wrote:
>>>>
>>>>> Jasha,
>>>>>
>>>>> I checked OAuthASResponse you mentioned and found:
>>>>>
>>>>> @Test
>>>>> public void testAuthzImplicitResponseWithState() throws Exception {
>>>>> HttpServletRequest request =
>>>>> createMock(HttpServletRequest.class);
>>>>>
>>>>> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
>>>>> replay(request);
>>>>> OAuthResponse oAuthResponse =
>>>>> OAuthASResponse.authorizationResponse(request,200)
>>>>> .location("http://www.example.com")
>>>>> .setAccessToken("access_111")
>>>>> .setExpiresIn("400")
>>>>> .setParam("testValue", "value2")
>>>>> .buildQueryMessage();
>>>>>
>>>>> String url = oAuthResponse.getLocationUri();
>>>>> Assert.assertEquals("
>>>>> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
>>>>> url);
>>>>> Assert.assertEquals(200, oAuthResponse.getResponseStatus());
>>>>> }
>>>>>
>>>>> Then I wrote my code as below:
>>>>>
>>>>> OAuthProblemException ex =
>>>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
>>>>> return
>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>>>> .error(ex)
>>>>> .location(oauthReq.getRedirectURI())
>>>>> .buildQueryMessage();
>>>>>
>>>>> I got this:
>>>>> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>>> But I expect this one: https://redirect.uri/oauth/callback#
>>>>> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>>>
>>>>> I can't use OAuthASResponse.authorizationResponse(), because it
>>>>> doesn't accept OAuthProblemException as argument.
>>>>> DoI miss anything?
>>>>>
>>>>
>>>>
>>>> You are using a success method to return an error. See the
>>>> testErrorResponse method for the example with the error response.
>>>>
>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...
>>>>
>>>>
>>>>
>>>>>
>>>>> Thank you very much.
>>>>>
>>>>> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <ja...@apache.org>
>>>>> wrote:
>>>>>
>>>>>> Hi Anderson,
>>>>>>
>>>>>> On 17 December 2015 at 07:00, Anders <in...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm using Oltu version 1.0.1.
>>>>>>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>>>>>>> fragment, like below:
>>>>>>>
>>>>>>> HTTP/1.1 302 Found
>>>>>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>>>>>
>>>>>>> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>>>>>>>
>>>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>>>>>> .location(oauthReq.getRedirectURI())
>>>>>>>
>>>>>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>>>>>> .setState(oauthReq.getState())
>>>>>>> .buildQueryMessage();
>>>>>>>
>>>>>>> Is there any way to do this?
>>>>>>> Thank you for any comments.
>>>>>>> --
>>>>>>>
>>>>>>> Anderson
>>>>>>>
>>>>>>
>>>>>> First create an OAuthProblemException with the error and pass this
>>>>>> exception to the OAuthASResponse. You can find examples in the test class
>>>>>> of OAuthASResponse:
>>>>>>
>>>>>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Jasha
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ------------------
>>>>> ~Mia は 最高!~
>>>>> ------------------
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> ------------------
>>> ~Mia は 最高!~
>>> ------------------
>>>
>>
>>
>>
>> --
>> ------------------
>> ~Mia は 最高!~
>> ------------------
>>
>
>
--
------------------
~Mia は 最高!~
------------------
Re: [Implicit Grant Flow] The wey to response error
Posted by Jasha Joachimsthal <ja...@apache.org>.
On 17 December 2015 at 13:02, Anders <in...@gmail.com> wrote:
> Jasha,
>
> I found two work-around ways:
>
>
> return OAuthASResponse.tokenResponse(HttpServletResponse.SC_FOUND)
> .location(redirectURI)
> .setAccessToken(null)
> .setParam(OAuthError.OAUTH_ERROR,
> OAuthError.CodeResponse.UNAUTHORIZED_CLIENT)
> .setParam(OAuthError.OAUTH_ERROR_DESCRIPTION,
> errorDescription)
> .setParam(OAuth.OAUTH_STATE, state)
> .buildQueryMessage();
>
> or
>
> return OAuthResponse.status(HttpServletResponse.SC_FOUND)
> .location(redirectURI)
> .setParam(OAuthError.OAUTH_ERROR,
> OAuthError.CodeResponse.ACCESS_DENIED)
> .setParam(OAuth.OAUTH_STATE, state)
> .setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
> .buildQueryMessage();
>
> If you have any better ways, please kindly let me know.
>
I've found the cause. The "access_token" parameter needs to be present to
switch from ? to # in OAuthResponse.
OAuthProblemException ex =
OAuthProblemException.error(OAuthError.CodeResponse.ACCESS_DENIED, "Access
is denied");
final OAuthResponse oAuthResponse =
OAuthASResponse.errorResponse(403).error(ex)
.location("http://www.example.com")
.setParam(OAuth.OAUTH_STATE, state)
.setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
.buildQueryMessage();
produces
http://www.example.com#error=access_denied&state=mystate&error_description=Access+is+denied
Jasha
> Thank you.
>
> On Thu, Dec 17, 2015 at 5:13 PM, Anders <in...@gmail.com> wrote:
>
>> Jasha,
>>
>> Sorry to bother you again.
>> My code is:
>>
>> OAuthProblemException ex =
>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).uri("
>> https://google.com").setParameter("1", "2");
>>
>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).location(redirectURI).error(ex).buildQueryMessage();
>>
>> But I still get: https://redirect.uri/oauth/callback?
>> error=unauthorized_client&error_uri=https%3A%2F%2Fgoogle.com
>>
>> Please let me know if I'm doing wrong.
>> Thank you.
>>
>> On Thu, Dec 17, 2015 at 4:52 PM, Jasha Joachimsthal <ja...@apache.org>
>> wrote:
>>
>>>
>>>
>>> On 17 December 2015 at 09:13, Anders <in...@gmail.com> wrote:
>>>
>>>> Jasha,
>>>>
>>>> I checked OAuthASResponse you mentioned and found:
>>>>
>>>> @Test
>>>> public void testAuthzImplicitResponseWithState() throws Exception {
>>>> HttpServletRequest request =
>>>> createMock(HttpServletRequest.class);
>>>>
>>>> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
>>>> replay(request);
>>>> OAuthResponse oAuthResponse =
>>>> OAuthASResponse.authorizationResponse(request,200)
>>>> .location("http://www.example.com")
>>>> .setAccessToken("access_111")
>>>> .setExpiresIn("400")
>>>> .setParam("testValue", "value2")
>>>> .buildQueryMessage();
>>>>
>>>> String url = oAuthResponse.getLocationUri();
>>>> Assert.assertEquals("
>>>> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
>>>> url);
>>>> Assert.assertEquals(200, oAuthResponse.getResponseStatus());
>>>> }
>>>>
>>>> Then I wrote my code as below:
>>>>
>>>> OAuthProblemException ex =
>>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
>>>> return
>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>>> .error(ex)
>>>> .location(oauthReq.getRedirectURI())
>>>> .buildQueryMessage();
>>>>
>>>> I got this:
>>>> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>> But I expect this one: https://redirect.uri/oauth/callback#
>>>> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>>
>>>> I can't use OAuthASResponse.authorizationResponse(), because it doesn't
>>>> accept OAuthProblemException as argument.
>>>> DoI miss anything?
>>>>
>>>
>>>
>>> You are using a success method to return an error. See the
>>> testErrorResponse method for the example with the error response.
>>>
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...
>>>
>>>
>>>
>>>>
>>>> Thank you very much.
>>>>
>>>> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <ja...@apache.org>
>>>> wrote:
>>>>
>>>>> Hi Anderson,
>>>>>
>>>>> On 17 December 2015 at 07:00, Anders <in...@gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm using Oltu version 1.0.1.
>>>>>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>>>>>> fragment, like below:
>>>>>>
>>>>>> HTTP/1.1 302 Found
>>>>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>>>>
>>>>>> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>>>>>>
>>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>>>>> .location(oauthReq.getRedirectURI())
>>>>>>
>>>>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>>>>> .setState(oauthReq.getState())
>>>>>> .buildQueryMessage();
>>>>>>
>>>>>> Is there any way to do this?
>>>>>> Thank you for any comments.
>>>>>> --
>>>>>>
>>>>>> Anderson
>>>>>>
>>>>>
>>>>> First create an OAuthProblemException with the error and pass this
>>>>> exception to the OAuthASResponse. You can find examples in the test class
>>>>> of OAuthASResponse:
>>>>>
>>>>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>>>>
>>>>> Regards,
>>>>>
>>>>> Jasha
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> ------------------
>>>> ~Mia は 最高!~
>>>> ------------------
>>>>
>>>
>>>
>>
>>
>> --
>> ------------------
>> ~Mia は 最高!~
>> ------------------
>>
>
>
>
> --
> ------------------
> ~Mia は 最高!~
> ------------------
>
Re: [Implicit Grant Flow] The wey to response error
Posted by Anders <in...@gmail.com>.
Jasha,
I found two work-around ways:
return OAuthASResponse.tokenResponse(HttpServletResponse.SC_FOUND)
.location(redirectURI)
.setAccessToken(null)
.setParam(OAuthError.OAUTH_ERROR,
OAuthError.CodeResponse.UNAUTHORIZED_CLIENT)
.setParam(OAuthError.OAUTH_ERROR_DESCRIPTION,
errorDescription)
.setParam(OAuth.OAUTH_STATE, state)
.buildQueryMessage();
or
return OAuthResponse.status(HttpServletResponse.SC_FOUND)
.location(redirectURI)
.setParam(OAuthError.OAUTH_ERROR,
OAuthError.CodeResponse.ACCESS_DENIED)
.setParam(OAuth.OAUTH_STATE, state)
.setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
.buildQueryMessage();
If you have any better ways, please kindly let me know.
Thank you.
On Thu, Dec 17, 2015 at 5:13 PM, Anders <in...@gmail.com> wrote:
> Jasha,
>
> Sorry to bother you again.
> My code is:
>
> OAuthProblemException ex =
> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).uri("
> https://google.com").setParameter("1", "2");
>
> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).location(redirectURI).error(ex).buildQueryMessage();
>
> But I still get: https://redirect.uri/oauth/callback?
> error=unauthorized_client&error_uri=https%3A%2F%2Fgoogle.com
>
> Please let me know if I'm doing wrong.
> Thank you.
>
> On Thu, Dec 17, 2015 at 4:52 PM, Jasha Joachimsthal <ja...@apache.org>
> wrote:
>
>>
>>
>> On 17 December 2015 at 09:13, Anders <in...@gmail.com> wrote:
>>
>>> Jasha,
>>>
>>> I checked OAuthASResponse you mentioned and found:
>>>
>>> @Test
>>> public void testAuthzImplicitResponseWithState() throws Exception {
>>> HttpServletRequest request =
>>> createMock(HttpServletRequest.class);
>>>
>>> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
>>> replay(request);
>>> OAuthResponse oAuthResponse =
>>> OAuthASResponse.authorizationResponse(request,200)
>>> .location("http://www.example.com")
>>> .setAccessToken("access_111")
>>> .setExpiresIn("400")
>>> .setParam("testValue", "value2")
>>> .buildQueryMessage();
>>>
>>> String url = oAuthResponse.getLocationUri();
>>> Assert.assertEquals("
>>> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
>>> url);
>>> Assert.assertEquals(200, oAuthResponse.getResponseStatus());
>>> }
>>>
>>> Then I wrote my code as below:
>>>
>>> OAuthProblemException ex =
>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
>>> return
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>> .error(ex)
>>> .location(oauthReq.getRedirectURI())
>>> .buildQueryMessage();
>>>
>>> I got this:
>>> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>> But I expect this one: https://redirect.uri/oauth/callback#
>>> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>
>>> I can't use OAuthASResponse.authorizationResponse(), because it doesn't
>>> accept OAuthProblemException as argument.
>>> DoI miss anything?
>>>
>>
>>
>> You are using a success method to return an error. See the
>> testErrorResponse method for the example with the error response.
>>
>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...
>>
>>
>>
>>>
>>> Thank you very much.
>>>
>>> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <ja...@apache.org>
>>> wrote:
>>>
>>>> Hi Anderson,
>>>>
>>>> On 17 December 2015 at 07:00, Anders <in...@gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm using Oltu version 1.0.1.
>>>>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>>>>> fragment, like below:
>>>>>
>>>>> HTTP/1.1 302 Found
>>>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>>>
>>>>> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>>>>>
>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>>>> .location(oauthReq.getRedirectURI())
>>>>>
>>>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>>>> .setState(oauthReq.getState())
>>>>> .buildQueryMessage();
>>>>>
>>>>> Is there any way to do this?
>>>>> Thank you for any comments.
>>>>> --
>>>>>
>>>>> Anderson
>>>>>
>>>>
>>>> First create an OAuthProblemException with the error and pass this
>>>> exception to the OAuthASResponse. You can find examples in the test class
>>>> of OAuthASResponse:
>>>>
>>>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>>>
>>>> Regards,
>>>>
>>>> Jasha
>>>>
>>>>
>>>
>>>
>>> --
>>> ------------------
>>> ~Mia は 最高!~
>>> ------------------
>>>
>>
>>
>
>
> --
> ------------------
> ~Mia は 最高!~
> ------------------
>
--
------------------
~Mia は 最高!~
------------------
Re: [Implicit Grant Flow] The wey to response error
Posted by Anders <in...@gmail.com>.
Jasha,
Sorry to bother you again.
My code is:
OAuthProblemException ex =
OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).uri("
https://google.com").setParameter("1", "2");
OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).location(redirectURI).error(ex).buildQueryMessage();
But I still get: https://redirect.uri/oauth/callback?
error=unauthorized_client&error_uri=https%3A%2F%2Fgoogle.com
Please let me know if I'm doing wrong.
Thank you.
On Thu, Dec 17, 2015 at 4:52 PM, Jasha Joachimsthal <ja...@apache.org>
wrote:
>
>
> On 17 December 2015 at 09:13, Anders <in...@gmail.com> wrote:
>
>> Jasha,
>>
>> I checked OAuthASResponse you mentioned and found:
>>
>> @Test
>> public void testAuthzImplicitResponseWithState() throws Exception {
>> HttpServletRequest request = createMock(HttpServletRequest.class);
>>
>> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
>> replay(request);
>> OAuthResponse oAuthResponse =
>> OAuthASResponse.authorizationResponse(request,200)
>> .location("http://www.example.com")
>> .setAccessToken("access_111")
>> .setExpiresIn("400")
>> .setParam("testValue", "value2")
>> .buildQueryMessage();
>>
>> String url = oAuthResponse.getLocationUri();
>> Assert.assertEquals("
>> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
>> url);
>> Assert.assertEquals(200, oAuthResponse.getResponseStatus());
>> }
>>
>> Then I wrote my code as below:
>>
>> OAuthProblemException ex =
>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
>> return
>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>> .error(ex)
>> .location(oauthReq.getRedirectURI())
>> .buildQueryMessage();
>>
>> I got this:
>> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>> But I expect this one: https://redirect.uri/oauth/callback#
>> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>
>> I can't use OAuthASResponse.authorizationResponse(), because it doesn't
>> accept OAuthProblemException as argument.
>> DoI miss anything?
>>
>
>
> You are using a success method to return an error. See the
> testErrorResponse method for the example with the error response.
>
> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...
>
>
>
>>
>> Thank you very much.
>>
>> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <ja...@apache.org>
>> wrote:
>>
>>> Hi Anderson,
>>>
>>> On 17 December 2015 at 07:00, Anders <in...@gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm using Oltu version 1.0.1.
>>>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>>>> fragment, like below:
>>>>
>>>> HTTP/1.1 302 Found
>>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>>
>>>> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>>>>
>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>>> .location(oauthReq.getRedirectURI())
>>>>
>>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>>> .setState(oauthReq.getState())
>>>> .buildQueryMessage();
>>>>
>>>> Is there any way to do this?
>>>> Thank you for any comments.
>>>> --
>>>>
>>>> Anderson
>>>>
>>>
>>> First create an OAuthProblemException with the error and pass this
>>> exception to the OAuthASResponse. You can find examples in the test class
>>> of OAuthASResponse:
>>>
>>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>>
>>> Regards,
>>>
>>> Jasha
>>>
>>>
>>
>>
>> --
>> ------------------
>> ~Mia は 最高!~
>> ------------------
>>
>
>
--
------------------
~Mia は 最高!~
------------------
Re: [Implicit Grant Flow] The wey to response error
Posted by Jasha Joachimsthal <ja...@apache.org>.
On 17 December 2015 at 09:13, Anders <in...@gmail.com> wrote:
> Jasha,
>
> I checked OAuthASResponse you mentioned and found:
>
> @Test
> public void testAuthzImplicitResponseWithState() throws Exception {
> HttpServletRequest request = createMock(HttpServletRequest.class);
>
> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
> replay(request);
> OAuthResponse oAuthResponse =
> OAuthASResponse.authorizationResponse(request,200)
> .location("http://www.example.com")
> .setAccessToken("access_111")
> .setExpiresIn("400")
> .setParam("testValue", "value2")
> .buildQueryMessage();
>
> String url = oAuthResponse.getLocationUri();
> Assert.assertEquals("
> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
> url);
> Assert.assertEquals(200, oAuthResponse.getResponseStatus());
> }
>
> Then I wrote my code as below:
>
> OAuthProblemException ex =
> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
> return
> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
> .error(ex)
> .location(oauthReq.getRedirectURI())
> .buildQueryMessage();
>
> I got this:
> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
> But I expect this one: https://redirect.uri/oauth/callback#
> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>
> I can't use OAuthASResponse.authorizationResponse(), because it doesn't
> accept OAuthProblemException as argument.
> DoI miss anything?
>
You are using a success method to return an error. See the
testErrorResponse method for the example with the error response.
OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...
>
> Thank you very much.
>
> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <ja...@apache.org>
> wrote:
>
>> Hi Anderson,
>>
>> On 17 December 2015 at 07:00, Anders <in...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm using Oltu version 1.0.1.
>>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>>> fragment, like below:
>>>
>>> HTTP/1.1 302 Found
>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>
>>> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>>>
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>> .location(oauthReq.getRedirectURI())
>>>
>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>> .setState(oauthReq.getState())
>>> .buildQueryMessage();
>>>
>>> Is there any way to do this?
>>> Thank you for any comments.
>>> --
>>>
>>> Anderson
>>>
>>
>> First create an OAuthProblemException with the error and pass this
>> exception to the OAuthASResponse. You can find examples in the test class
>> of OAuthASResponse:
>>
>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>
>> Regards,
>>
>> Jasha
>>
>>
>
>
> --
> ------------------
> ~Mia は 最高!~
> ------------------
>
Re: [Implicit Grant Flow] The wey to response error
Posted by Anders <in...@gmail.com>.
Jasha,
I checked OAuthASResponse you mentioned and found:
@Test
public void testAuthzImplicitResponseWithState() throws Exception {
HttpServletRequest request = createMock(HttpServletRequest.class);
expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
replay(request);
OAuthResponse oAuthResponse =
OAuthASResponse.authorizationResponse(request,200)
.location("http://www.example.com")
.setAccessToken("access_111")
.setExpiresIn("400")
.setParam("testValue", "value2")
.buildQueryMessage();
String url = oAuthResponse.getLocationUri();
Assert.assertEquals("
http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111",
url);
Assert.assertEquals(200, oAuthResponse.getResponseStatus());
}
Then I wrote my code as below:
OAuthProblemException ex =
OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
return
OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
.error(ex)
.location(oauthReq.getRedirectURI())
.buildQueryMessage();
I got this:
https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
But I expect this one: https://redirect.uri/oauth/callback#
error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
I can't use OAuthASResponse.authorizationResponse(), because it doesn't
accept OAuthProblemException as argument.
DoI miss anything?
Thank you very much.
On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <ja...@apache.org>
wrote:
> Hi Anderson,
>
> On 17 December 2015 at 07:00, Anders <in...@gmail.com> wrote:
>
>> Hi,
>>
>> I'm using Oltu version 1.0.1.
>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>> fragment, like below:
>>
>> HTTP/1.1 302 Found
>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>
>> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>>
>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>> .location(oauthReq.getRedirectURI())
>>
>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>> .setState(oauthReq.getState())
>> .buildQueryMessage();
>>
>> Is there any way to do this?
>> Thank you for any comments.
>> --
>>
>> Anderson
>>
>
> First create an OAuthProblemException with the error and pass this
> exception to the OAuthASResponse. You can find examples in the test class
> of OAuthASResponse:
>
> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>
> Regards,
>
> Jasha
>
>
--
------------------
~Mia は 最高!~
------------------
Re: [Implicit Grant Flow] The wey to response error
Posted by Jasha Joachimsthal <ja...@apache.org>.
Hi Anderson,
On 17 December 2015 at 07:00, Anders <in...@gmail.com> wrote:
> Hi,
>
> I'm using Oltu version 1.0.1.
> According to OAuth 2.0 spec, I need to put error parameter in HTTP
> fragment, like below:
>
> HTTP/1.1 302 Found
> Location: https://client.example.com/cb#error=access_denied&state=xyz
>
> But I can't use OAuthASResponse.errorResponse() to put error parameter in fragment.
>
> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
> .location(oauthReq.getRedirectURI())
>
> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
> .setState(oauthReq.getState())
> .buildQueryMessage();
>
> Is there any way to do this?
> Thank you for any comments.
> --
>
> Anderson
>
First create an OAuthProblemException with the error and pass this
exception to the OAuthASResponse. You can find examples in the test class
of OAuthASResponse:
https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
Regards,
Jasha