hwangjungseok / oauth-signpost

Automatically exported from code.google.com/p/oauth-signpost
0 stars 0 forks source link

DefaultOAuthProvider sends GET for retrieveAccessToken, OAuth 1.0a recommends POST #29

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
Call retrieveAccessToken() on an OAuth provider, which expects POST.
(The one I'm testing with is not yet publicly available)

What is the expected output? What do you see instead?
Expected output is the access token, instead I receive an HTTP 405 (Method
Not Allowed)

What version of the product are you using? On what operating system?
1.2, both on Windows and in GAE

Please provide any additional information below.
If you want to test with the service provider, please approach developers
at twelvesprints dot com.

Original issue reported on code.google.com by fBechmann@web.de on 17 Feb 2010 at 6:09

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago

Original comment by m.kaepp...@gmail.com on 20 Feb 2010 at 9:48

GoogleCodeExporter commented 8 years ago
I'm running into this issue when using the Digg API

Original comment by mbur...@gmail.com on 9 Mar 2010 at 6:42

GoogleCodeExporter commented 8 years ago
mburton - as a workaround I created my own OAuthProvider that uses a POST.  You 
can
see the implementation at
http://code.google.com/p/dailymile-client/source/browse/trunk/core/src/main/java
/com/pc/dailymile/signpost/extension/CommonsHttpOAuthPostProvider.java

Original comment by platers....@gmail.com on 9 Mar 2010 at 7:30

GoogleCodeExporter commented 8 years ago
thanks, yeah, i've done the same.  Unfortunately it means copying the entire 
body of 
retrieveToken to make that tiny tweak.

m.kaeppler, one potential solution (among many i'm sure) would be to introduce 
a 
new protected method to create the request.  Something like:

public CommonsHttpOAuthProvider {
    ...
    protected HttpRequest createRequest( String endpointUrl ) {
        return new HttpGet(endpointUrl)
    }
    ...
}

PS. while you're at it, can you make CommonsHttpOAuthProvider.httpClient 
protected?  It's currently private, which means it's inaccessible if you 
overload 
retrieveToken().  Or alternately provide a getHttpClient() method

Original comment by mbur...@gmail.com on 9 Mar 2010 at 7:42

GoogleCodeExporter commented 8 years ago
can you please test the latest snapshot JAR and tell me whether it fixes this 
issue
for you?

you will find that the whole token handshake process is much more configurable 
and
flexible now.

Original comment by m.kaepp...@gmail.com on 12 Mar 2010 at 3:03

Attachments:

GoogleCodeExporter commented 8 years ago
all provider implementations shipped with the lib now send POST requests by 
default.

Original comment by m.kaepp...@gmail.com on 14 Mar 2010 at 10:07