The OpenID OAuth extension allows apps to get an authorized request token
during login. According to the spec, when upgrading the token to an access
token, an empty string should be used as the token secret.
GoogleOAuthHelper.getAccessToken() fails when an empty string is set. For
example:
GoogleOAuthHelper oauthHelper = new GoogleOAuthHelper(new OAuthHmacSha1Signer());
oauthParameters.setOAuthConsumerKey(...);
oauthParameters.setOAuthConsumerSecret(...);
oauthParameters.setOAuthToken(tokenFromOpenIdResponse);
oauthParameters.setOAuthTokenSecret("");
oauthHelper.getAccessToken(oauthParameters);
This should work fine, but produces the error:
Caused by: com.google.gdata.client.authn.oauth.OAuthException:
oauth_token_secret does not exist.
at com.google.gdata.client.authn.oauth.OAuthParameters.assertExists(OAuthParameters.java:612)
at com.google.gdata.client.authn.oauth.OAuthParameters.assertOAuthTokenSecretExists(OAuthParameters.java:425)
at com.google.gdata.client.authn.oauth.OAuthHelper.getAccessToken(OAuthHelper.java:551)
Fortunately there is a simple workaround -- overriding the
assertOAuthTokenSecretExists() method to bypass the check fixes the problem and
I can retrieve the access token & secret.
GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters() {
@Override public void assertOAuthTokenSecretExists() throws OAuthException {}
};
Stil, would be nice to relax the validations in GoogleOAuthHelper so this isn't
a problem.
Original issue reported on code.google.com by sba...@google.com on 9 Feb 2011 at 2:03
Original issue reported on code.google.com by
sba...@google.comon 9 Feb 2011 at 2:03