Gau-Yi / google-api-java-client

Automatically exported from code.google.com/p/google-api-java-client
0 stars 0 forks source link

in AuthorizationCodeGrant, req.client_secret is not being sent with Oauth2 #195

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Version of google-api-java-client (e.g. 1.3.1-alpha)?
1.3.2-alpha, 1.3.1-alpha

Java environment (e.g. Java 6, Android 2.3, App Engine 1.4.2)?
Java 6

Describe the problem.
I'm trying to get an access token with AuthorizationCodeGrant. Following your 
javadoc, i'm doing this:

  AuthorizationCodeGrant req = new AuthorizationCodeGrant();
  req.authorizationServerUrl = BASE_AUTHORIZATION_URL;
  req.clientSecret = CLIENT_SECRET;
  req.clientId = CLIENT_ID;
  req.code = code;
  req.redirectUri = REDIRECT_URL;
  ...

When executing this, i'm getting "400 Client must specify either client_id and 
client_secret or client_assertion, not both". 

Looking at httpclient log, it's not adding my clientSecret. This is the request 
sent:

DEBUG org.apache.http.wire - >> 
"client_id=foo.apps.googleusercontent.com&code=somecode&grant_type=authorization
_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin%2Fgoogle%2Fcallback"

How would you expect it to be fixed?

right now this is solved doing:

  req.set("client_secret", CLIENT_SECRET);

I expect req.clientSecret to be working like the javadoc says, or at least the 
javadoc being updated.

btw, in that javadoc this line should be added, It drove me nuts dealing with 
NPE:

req.jsonFactory = new JacksonFactory();

and it would be nice if also tell you about adding a transport... 

it was the first time using this library and with outdated javadoc it's been a 
little bit harder than expected. 

anyways, congrats for you great job!

Original issue reported on code.google.com by jo...@donky.org on 4 May 2011 at 9:16

GoogleCodeExporter commented 9 years ago
The magic trick you are missing is this:
  req.useBasicAuthorization = false;

See:
http://javadoc.google-api-java-client.googlecode.com/hg/1.3.2-alpha/com/google/a
pi/client/auth/oauth2/AccessTokenRequest.html#useBasicAuthorization

I pretty much agree with all of your constructive criticism.  I promise you it 
will get at least a little better with the version 1.4 release, which is due in 
a matter of days.  There will actually be a GoogleAuthorizationCodeGrant that 
will have this particular detail.

Original comment by yan...@google.com on 4 May 2011 at 12:20

GoogleCodeExporter commented 9 years ago
frak me!

it was such a silly thing that i thought i was missing something... thanks!

besides that, i think you're doing an impressive work with this API... i've 
found it "very clever" and easy to find solutions with its API

i'm looking forward for version 1.4

Original comment by jo...@donky.org on 4 May 2011 at 2:05