Donbenorden / oauth-signpost

Automatically exported from code.google.com/p/oauth-signpost
0 stars 0 forks source link

URL Rewrite instead of HTTP Authorization? #42

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
I Can't force url rewrite instead of HTTP Authorization.

According to the oAuth spec, anyone of the three methods for requesting
tokens can be followed.

Our servers support only URL Re-write but I can't seem to find a way of
enforcing this. 

I digged in the code in HTTPURLConnectionRequestAdapter.java

    public void setHeader(String name, String value) {
        connection.setRequestProperty(name, value);
    }

All this does is set the HTTP Authorization request property.

Is this a bug or the feature is not yet implemented?

Original issue reported on code.google.com by hussuli...@gmail.com on 26 Apr 2010 at 9:19

GoogleCodeExporter commented 8 years ago
How signatures are written is defined by the SigningStrategy you use. The 
default is
to write to the HTTP Authorization header. There's a QueryStringSigningStrategy 
which
can be used to sign URLs, but request objects typically don't allow you to 
change the
URL once it's set, making them impossible to sign this way (that's why it works 
on
string objects, not request objects).

I suggest you do something like this:

OAuthConsumer consumer = new DefaultOAuthConsumer(...);
consumer.setSigningStrategy(new QueryStringSigningStrategy());

String uri = "http://yourdomain.com?you_param=x";
uri = consumer.sign(uri);

HttpURLConnection request = new URI(uri).openConnection();
...

is that what you need?

Original comment by m.kaepp...@gmail.com on 26 Apr 2010 at 9:28

GoogleCodeExporter commented 8 years ago
Yes, this works, but a simpler hack would doing the following: (I'm refering to 
the
example's code)

OAuthProvider provider = new DefaultOAuthProvider(
                consumer.sign("http://yourdomain/requesttoken.php"),
                        consumer.sign("http://yourdomain/accesstoken.php"),
                        consumer.sign("http://yourdomain/tokenverifier.php")
);

String authUrl = provider.retrieveRequestToken(consumer, OAuth.OUT_OF_BAND);

This works for me for time being! Thanks!

Original comment by hussuli...@gmail.com on 26 Apr 2010 at 9:53

GoogleCodeExporter commented 8 years ago

Original comment by m.kaepp...@gmail.com on 9 May 2010 at 12:59