You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oltu.apache.org by "Peter Turcsanyi (JIRA)" <ji...@apache.org> on 2012/09/18 10:22:07 UTC
[jira] [Created] (AMBER-61) Client defined HTTP headers in
OAuthClientRequest
Peter Turcsanyi created AMBER-61:
------------------------------------
Summary: Client defined HTTP headers in OAuthClientRequest
Key: AMBER-61
URL: https://issues.apache.org/jira/browse/AMBER-61
Project: Amber
Issue Type: Bug
Components: OAuth 2.0 - Client
Affects Versions: 0.22
Reporter: Peter Turcsanyi
HTTP headers added to OAuthClientRequest are not sent with the HTTP request.
I would like to use HTTP Basic authentication at the token endpoint.
So on the client side I add "Authorization" HTTP header to OAuthClientRequest calling its setHeader() method.
But headers set on the OAuthClientRequest object are not processed by OAuthClient.accessToken() / URLConnectionClient.execute(), therefore they are not sent to the authorization server.
Or is there any other way to use HTTP Basic authentication between the client and the token endpoint of the authorization server?
The client code:
{code}
OAuthClientRequest tokenRequest = OAuthClientRequest
.tokenLocation("https://...")
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId("...")
.setClientSecret("...")
.setRedirectURI("https://...")
.setCode(authzCode)
.buildBodyMessage();
if (tokenRequest.getHeaders() == null) {
tokenRequest.setHeaders(new HashMap<String, String>()); // nice-to-have issue: it should be initialized inside OAuthClientRequest at creation time or at first call of setHeader()
}
tokenRequest.setHeader("Authorization", "..."); // main issue: header never used later
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthJSONAccessTokenResponse tokenResponse = oAuthClient.accessToken(tokenRequest);
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (AMBER-61) Client defined HTTP headers in
OAuthClientRequest
Posted by "Antonio Sanso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMBER-61?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antonio Sanso resolved AMBER-61.
--------------------------------
Resolution: Fixed
Fix Version/s: 0.23
> Client defined HTTP headers in OAuthClientRequest
> -------------------------------------------------
>
> Key: AMBER-61
> URL: https://issues.apache.org/jira/browse/AMBER-61
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Client
> Affects Versions: 0.22
> Reporter: Peter Turcsanyi
> Assignee: Antonio Sanso
> Labels: newbie
> Fix For: 0.23
>
>
> HTTP headers added to OAuthClientRequest are not sent with the HTTP request.
> I would like to use HTTP Basic authentication at the token endpoint.
> So on the client side I add "Authorization" HTTP header to OAuthClientRequest calling its setHeader() method.
> But headers set on the OAuthClientRequest object are not processed by OAuthClient.accessToken() / URLConnectionClient.execute(), therefore they are not sent to the authorization server.
> Or is there any other way to use HTTP Basic authentication between the client and the token endpoint of the authorization server?
> The client code:
> {code}
> OAuthClientRequest tokenRequest = OAuthClientRequest
> .tokenLocation("https://...")
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setClientId("...")
> .setClientSecret("...")
> .setRedirectURI("https://...")
> .setCode(authzCode)
> .buildBodyMessage();
> if (tokenRequest.getHeaders() == null) {
> tokenRequest.setHeaders(new HashMap<String, String>()); // nice-to-have issue: it should be initialized inside OAuthClientRequest at creation time or at first call of setHeader()
> }
> tokenRequest.setHeader("Authorization", "..."); // main issue: header never used later
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> OAuthJSONAccessTokenResponse tokenResponse = oAuthClient.accessToken(tokenRequest);
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (AMBER-61) Client defined HTTP headers in
OAuthClientRequest
Posted by "Antonio Sanso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMBER-61?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antonio Sanso updated AMBER-61:
-------------------------------
Labels: newbie (was: )
> Client defined HTTP headers in OAuthClientRequest
> -------------------------------------------------
>
> Key: AMBER-61
> URL: https://issues.apache.org/jira/browse/AMBER-61
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Client
> Affects Versions: 0.22
> Reporter: Peter Turcsanyi
> Assignee: Antonio Sanso
> Labels: newbie
>
> HTTP headers added to OAuthClientRequest are not sent with the HTTP request.
> I would like to use HTTP Basic authentication at the token endpoint.
> So on the client side I add "Authorization" HTTP header to OAuthClientRequest calling its setHeader() method.
> But headers set on the OAuthClientRequest object are not processed by OAuthClient.accessToken() / URLConnectionClient.execute(), therefore they are not sent to the authorization server.
> Or is there any other way to use HTTP Basic authentication between the client and the token endpoint of the authorization server?
> The client code:
> {code}
> OAuthClientRequest tokenRequest = OAuthClientRequest
> .tokenLocation("https://...")
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setClientId("...")
> .setClientSecret("...")
> .setRedirectURI("https://...")
> .setCode(authzCode)
> .buildBodyMessage();
> if (tokenRequest.getHeaders() == null) {
> tokenRequest.setHeaders(new HashMap<String, String>()); // nice-to-have issue: it should be initialized inside OAuthClientRequest at creation time or at first call of setHeader()
> }
> tokenRequest.setHeader("Authorization", "..."); // main issue: header never used later
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> OAuthJSONAccessTokenResponse tokenResponse = oAuthClient.accessToken(tokenRequest);
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (AMBER-61) Client defined HTTP headers in
OAuthClientRequest
Posted by "Antonio Sanso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMBER-61?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antonio Sanso reassigned AMBER-61:
----------------------------------
Assignee: Antonio Sanso
> Client defined HTTP headers in OAuthClientRequest
> -------------------------------------------------
>
> Key: AMBER-61
> URL: https://issues.apache.org/jira/browse/AMBER-61
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Client
> Affects Versions: 0.22
> Reporter: Peter Turcsanyi
> Assignee: Antonio Sanso
>
> HTTP headers added to OAuthClientRequest are not sent with the HTTP request.
> I would like to use HTTP Basic authentication at the token endpoint.
> So on the client side I add "Authorization" HTTP header to OAuthClientRequest calling its setHeader() method.
> But headers set on the OAuthClientRequest object are not processed by OAuthClient.accessToken() / URLConnectionClient.execute(), therefore they are not sent to the authorization server.
> Or is there any other way to use HTTP Basic authentication between the client and the token endpoint of the authorization server?
> The client code:
> {code}
> OAuthClientRequest tokenRequest = OAuthClientRequest
> .tokenLocation("https://...")
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setClientId("...")
> .setClientSecret("...")
> .setRedirectURI("https://...")
> .setCode(authzCode)
> .buildBodyMessage();
> if (tokenRequest.getHeaders() == null) {
> tokenRequest.setHeaders(new HashMap<String, String>()); // nice-to-have issue: it should be initialized inside OAuthClientRequest at creation time or at first call of setHeader()
> }
> tokenRequest.setHeader("Authorization", "..."); // main issue: header never used later
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> OAuthJSONAccessTokenResponse tokenResponse = oAuthClient.accessToken(tokenRequest);
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (AMBER-61) Client defined HTTP headers in
OAuthClientRequest
Posted by "Antonio Sanso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMBER-61?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13506425#comment-13506425 ]
Antonio Sanso commented on AMBER-61:
------------------------------------
Thanks Sampo and Peter I fixed it in rev 1415134
> Client defined HTTP headers in OAuthClientRequest
> -------------------------------------------------
>
> Key: AMBER-61
> URL: https://issues.apache.org/jira/browse/AMBER-61
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Client
> Affects Versions: 0.22
> Reporter: Peter Turcsanyi
> Assignee: Antonio Sanso
> Labels: newbie
> Fix For: 0.23
>
>
> HTTP headers added to OAuthClientRequest are not sent with the HTTP request.
> I would like to use HTTP Basic authentication at the token endpoint.
> So on the client side I add "Authorization" HTTP header to OAuthClientRequest calling its setHeader() method.
> But headers set on the OAuthClientRequest object are not processed by OAuthClient.accessToken() / URLConnectionClient.execute(), therefore they are not sent to the authorization server.
> Or is there any other way to use HTTP Basic authentication between the client and the token endpoint of the authorization server?
> The client code:
> {code}
> OAuthClientRequest tokenRequest = OAuthClientRequest
> .tokenLocation("https://...")
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setClientId("...")
> .setClientSecret("...")
> .setRedirectURI("https://...")
> .setCode(authzCode)
> .buildBodyMessage();
> if (tokenRequest.getHeaders() == null) {
> tokenRequest.setHeaders(new HashMap<String, String>()); // nice-to-have issue: it should be initialized inside OAuthClientRequest at creation time or at first call of setHeader()
> }
> tokenRequest.setHeader("Authorization", "..."); // main issue: header never used later
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> OAuthJSONAccessTokenResponse tokenResponse = oAuthClient.accessToken(tokenRequest);
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (AMBER-61) Client defined HTTP headers in
OAuthClientRequest
Posted by "Antonio Sanso (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMBER-61?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457842#comment-13457842 ]
Antonio Sanso commented on AMBER-61:
------------------------------------
Hi Peter,
thanks for reporting. I Could reproduce... and I agree on the nice to have as well...
> Client defined HTTP headers in OAuthClientRequest
> -------------------------------------------------
>
> Key: AMBER-61
> URL: https://issues.apache.org/jira/browse/AMBER-61
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Client
> Affects Versions: 0.22
> Reporter: Peter Turcsanyi
>
> HTTP headers added to OAuthClientRequest are not sent with the HTTP request.
> I would like to use HTTP Basic authentication at the token endpoint.
> So on the client side I add "Authorization" HTTP header to OAuthClientRequest calling its setHeader() method.
> But headers set on the OAuthClientRequest object are not processed by OAuthClient.accessToken() / URLConnectionClient.execute(), therefore they are not sent to the authorization server.
> Or is there any other way to use HTTP Basic authentication between the client and the token endpoint of the authorization server?
> The client code:
> {code}
> OAuthClientRequest tokenRequest = OAuthClientRequest
> .tokenLocation("https://...")
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setClientId("...")
> .setClientSecret("...")
> .setRedirectURI("https://...")
> .setCode(authzCode)
> .buildBodyMessage();
> if (tokenRequest.getHeaders() == null) {
> tokenRequest.setHeaders(new HashMap<String, String>()); // nice-to-have issue: it should be initialized inside OAuthClientRequest at creation time or at first call of setHeader()
> }
> tokenRequest.setHeader("Authorization", "..."); // main issue: header never used later
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> OAuthJSONAccessTokenResponse tokenResponse = oAuthClient.accessToken(tokenRequest);
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (AMBER-61) Client defined HTTP headers in
OAuthClientRequest
Posted by "Sampo Niskanen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMBER-61?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13505290#comment-13505290 ]
Sampo Niskanen commented on AMBER-61:
-------------------------------------
This is rather simple to implement. I took the source code to the HttpClient4 class (http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/httpclient4/src/main/java/org/apache/amber/oauth2/httpclient4/HttpClient4.java?view=co). It contains logic to add the headers from the "headers" argument to the HTTP request, before it I added:
if (request.getHeaders() != null) {
for (Map.Entry<String, String> header : request.getHeaders().entrySet()) {
req.setHeader(header.getKey(), header.getValue());
}
}
This allowed me to use HTTP basic authentication as indicated in the original report. (There are some nuances, for example what to do if headers in the request and argument clash, but they're edge cases. You shouldn't be adding custom headers that clash with the OAuth protocol in any case.)
URLConnectionClient seems to have identical logic, though I haven't tested it myself: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/client/src/main/java/org/apache/amber/oauth2/client/URLConnectionClient.java?view=co
> Client defined HTTP headers in OAuthClientRequest
> -------------------------------------------------
>
> Key: AMBER-61
> URL: https://issues.apache.org/jira/browse/AMBER-61
> Project: Amber
> Issue Type: Bug
> Components: OAuth 2.0 - Client
> Affects Versions: 0.22
> Reporter: Peter Turcsanyi
> Assignee: Antonio Sanso
> Labels: newbie
>
> HTTP headers added to OAuthClientRequest are not sent with the HTTP request.
> I would like to use HTTP Basic authentication at the token endpoint.
> So on the client side I add "Authorization" HTTP header to OAuthClientRequest calling its setHeader() method.
> But headers set on the OAuthClientRequest object are not processed by OAuthClient.accessToken() / URLConnectionClient.execute(), therefore they are not sent to the authorization server.
> Or is there any other way to use HTTP Basic authentication between the client and the token endpoint of the authorization server?
> The client code:
> {code}
> OAuthClientRequest tokenRequest = OAuthClientRequest
> .tokenLocation("https://...")
> .setGrantType(GrantType.AUTHORIZATION_CODE)
> .setClientId("...")
> .setClientSecret("...")
> .setRedirectURI("https://...")
> .setCode(authzCode)
> .buildBodyMessage();
> if (tokenRequest.getHeaders() == null) {
> tokenRequest.setHeaders(new HashMap<String, String>()); // nice-to-have issue: it should be initialized inside OAuthClientRequest at creation time or at first call of setHeader()
> }
> tokenRequest.setHeader("Authorization", "..."); // main issue: header never used later
> OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
> OAuthJSONAccessTokenResponse tokenResponse = oAuthClient.accessToken(tokenRequest);
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira