You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Sergey Beryozkin <sb...@gmail.com> on 2012/04/16 12:55:00 UTC
Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not supported
Hi, redirecting to the users list,
On 16/04/12 11:01, jordi wrote:
> Hi Sergey,
> I'm sorry but I'm unable to find the class/jar you told me.
>
> I've checked out CXF sources from its SVN and the "Apache CXF Runtime OAuth
> 1.0a" module has the following dependency:
>
> <dependency>
> <groupId>net.oauth.core</groupId>
> <artifactId>oauth-provider</artifactId>
> <version>${oauth.version}</version>
> </dependency>
>
> After building the corresponding project, some jars are placed in my maven
> repository: oauth-20100527.jar, oauth-consumer-20100527.jar,
> oauth-provider-20100527.jar
>
> Using this files to resolve my project oauth dependencies has the same wrong
> behavior I described before :-( Could you help me to locate the correct jar
> file?
I'm not sure where do you get oauth-consumer-20100527.jar from, I'm not
seeing it in the list of project dependencies, only oauth-20100527.jar &
oauth-provider-20100527.jar.
FYI, net/oauth/OAuthConsumer is available in oauth-20100527.jar
Cheers, Sergey
>
> Thank you very much for your time and help,
> Jordi
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/jira-Created-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5164840p5643403.html
> Sent from the cxf-issues mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not supported
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Jordi
Actually, you right, those extra parameters are not treated correctly
in 2.5.2, I just checked the source.
The code I was referring to would work OK with 2.5.3 (due in a few
days), just make sure 'scope' is used, you should be able to confirm
it with 2.5.3-SNAPSHOT or check the release vote thread, and use the
tagged 2.5.3
Cheers, Sergey
On Mon, Apr 16, 2012 at 3:15 PM, Sergey Beryozkin <sb...@gmail.com> wrote:
> On 16/04/12 14:29, jordi wrote:
>>
>> Hi Sergey,
>> ok, I totally agree what you suggest about URIs, thanks a lot.
>>
>> Please correct if I'm wrong: as I'm working with OAuth 1.0, I won't be
>> able
>> to send any scopes information inside the token request.
>
> As I demonstrated in the code example posted in the previous email it is
> possible with the CXF OAuth 1.0 module
>>
>> To workaround this
>> I can migrate my project to OAuth 2.0 in order to use the new standard
>> "scope" header, ok?
>
> If you do not have any specific reasons to work with OAuth 1.0 then I think
> starting with 2.0 will be a good idea
>
> Cheers, Sergey
>>
>>
>> Cheers,
>> Jordi
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/Re-jira-Resolved-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5643475p5643806.html
>>
>> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
http://sberyozkin.blogspot.com
Talend - http://www.talend.com
Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not supported
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 16/04/12 14:29, jordi wrote:
> Hi Sergey,
> ok, I totally agree what you suggest about URIs, thanks a lot.
>
> Please correct if I'm wrong: as I'm working with OAuth 1.0, I won't be able
> to send any scopes information inside the token request.
As I demonstrated in the code example posted in the previous email it is
possible with the CXF OAuth 1.0 module
> To workaround this
> I can migrate my project to OAuth 2.0 in order to use the new standard
> "scope" header, ok?
If you do not have any specific reasons to work with OAuth 1.0 then I
think starting with 2.0 will be a good idea
Cheers, Sergey
>
> Cheers,
> Jordi
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-jira-Resolved-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5643475p5643806.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not
supported
Posted by jordi <jo...@hotmail.com>.
Hi Sergey,
ok, I totally agree what you suggest about URIs, thanks a lot.
Please correct if I'm wrong: as I'm working with OAuth 1.0, I won't be able
to send any scopes information inside the token request. To workaround this
I can migrate my project to OAuth 2.0 in order to use the new standard
"scope" header, ok?
Cheers,
Jordi
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-jira-Resolved-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5643475p5643806.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not supported
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Jordi
On 16/04/12 13:52, jordi wrote:
> Hi Sergey,
> As I detailed in the first post, if I use *oauth-20100527.jar* and
> cxf-rt-rs-security-oauth-2.5.2.jar to run a OAuth web client that looks
> like:
>
> WebClient rts =
> WebClient.create("http://localhost:8080/services/oauth/initiate");
> rts.accept("application/x-www-form-urlencoded;q=0.9,*/*;q=0.8");
> Consumer consumer = new Consumer(aConsumerKey, aSecretKey);
> URI callback = new URI("http://localhost:8080/dummyclient/callback");
>
> // CXF extra parameters
> Map<String, String> extra = new HashMap<String, String>();
> extra.put("x_oauth_uri", "business/listdocs");
> extra.put("x_oauth_scope", "read_profile");
> extra.put("state", "intercepted");
>
> *Token requestToken = OAuthClientUtils.getRequestToken(rts, consumer,
> callback, extra);*
>
> I receive an error message from the server side (OAuth server), informing
> about an error during signature verification. I've found x_oauth_uri,
> x_oauth_scope, and state headers are used in client side to compute the
> oauth signature but unfortunately they are not sent to the server.
>
This is the code that works for me in the OAuth 1.0 demo:
public Token getRequestToken(URI callback, ReservationRequest request) {
Map<String, String> extraParams = new HashMap<String, String>();
extraParams.put(org.apache.cxf.rs.security.oauth.utils.OAuthConstants.X_OAUTH_SCOPE,
OAuthConstants.UPDATE_CALENDAR_SCOPE +
request.getHour());
return OAuthClientUtils.getRequestToken(requestTokenService,
consumer, callback, extraParams);
}
Note, the actual X_OAUTH_SCOPE value has been changed internally to
'scope', for it to match the value of the standard OAuth2 parameter.
x_oauth_uri has been dropped altogether, this restriction can be still
enforced on the server side, but I thought it was not something Client
needed to worry about, it knows the URI of the protected resource, which
is enough, the server can still extra-protect from this URI getting some
child subresources when applicable, etc
Cheers, Sergey
> Thank you very much, cheers
> Jordi
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-jira-Resolved-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5643475p5643702.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
Re: [jira] [Resolved] (CXF-4051) Custom OAuth scopes are not
supported
Posted by jordi <jo...@hotmail.com>.
Hi Sergey,
As I detailed in the first post, if I use *oauth-20100527.jar* and
cxf-rt-rs-security-oauth-2.5.2.jar to run a OAuth web client that looks
like:
WebClient rts =
WebClient.create("http://localhost:8080/services/oauth/initiate");
rts.accept("application/x-www-form-urlencoded;q=0.9,*/*;q=0.8");
Consumer consumer = new Consumer(aConsumerKey, aSecretKey);
URI callback = new URI("http://localhost:8080/dummyclient/callback");
// CXF extra parameters
Map<String, String> extra = new HashMap<String, String>();
extra.put("x_oauth_uri", "business/listdocs");
extra.put("x_oauth_scope", "read_profile");
extra.put("state", "intercepted");
*Token requestToken = OAuthClientUtils.getRequestToken(rts, consumer,
callback, extra);*
I receive an error message from the server side (OAuth server), informing
about an error during signature verification. I've found x_oauth_uri,
x_oauth_scope, and state headers are used in client side to compute the
oauth signature but unfortunately they are not sent to the server.
Thank you very much, cheers
Jordi
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-jira-Resolved-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5643475p5643702.html
Sent from the cxf-user mailing list archive at Nabble.com.