FormParam Warning in Authorization Request

[margaretha]

@hebasta Helge said in Gerrit https://korap.ids-mannheim.de/gerrit/c/KorAP/Kustvakt/+/8687

I just found additionally a minor issue. When I authorise a client it leads to a warning. I don't know how important this warning and the mvn clean issue is, so I choose +1 and leave you to decide if it is +2.

Warning (if authorising clients):

Aug. 08, 2024 11:36:19 AM org.glassfish.jersey.servlet.WebComponent filterFormParameters WARNUNG: A servlet request to the URI http://localhost:8089/api/v1.0/oauth2/authorize?response_type=code&client_id=M6R7FJ3M9L47MdLhfpmPf6&scope=search&state=8lv2i7stdgp5u1 contains form parameters in the request body but the request body has been consumed by the servlet or a servlet filter accessing the request parameters. Only resource methods using @FormParam will work as expected. Resource methods consuming the request body by other means will not work as expected.

[margaretha]

Can you describe how you send the request? POST request is deprecated, I hope Kalamar does use it. It should use GET request instead. See https://github.com/KorAP/Kustvakt/wiki/Service:-OAuth2-Authorization-Code

Maybe the warning comes from using

-H 'Content-Type: application/x-www-form-urlencoded' 

The example in the wiki included it and it is outdated. I have updated it.

[margaretha]

Well, the POST request is only marked as deprecated in the code, it is still supported, but it should be removed in API v1.1. See https://github.com/KorAP/Kustvakt/issues/767

[hebasta]

You were right -H 'Content-Type: application/x-www-form-urlencoded' was the culprit. I removed it from the request and the warning disappeared.