search

iainmcgin / AppAuth-Demo

A demonstration of using the AppAuth library with Google, Facebook, Microsoft and Github
Apache License 2.0
21 stars 6 forks source link

only https connections are permitted #4

Closed asharif1990 closed 5 years ago

asharif1990 commented 5 years ago

Hello, I tried to use this demo to make an API Call to BOX API. I just substitute the endpoints of Facebook and its scope with the BOX API, but I got the following error:

02-12 18:19:50.655 18652-18700/net.openid.appauthdemo.moreidps E/AndroidRuntime: FATAL EXCEPTION: AsyncTask #1
    Process: net.openid.appauthdemo.moreidps, PID: 18652
    java.lang.RuntimeException: An error occurred while executing doInBackground()
        at android.os.AsyncTask$3.done(AsyncTask.java:318)
        at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:354)
        at java.util.concurrent.FutureTask.setException(FutureTask.java:223)
        at java.util.concurrent.FutureTask.run(FutureTask.java:242)
        at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
        at java.lang.Thread.run(Thread.java:761)
     Caused by: java.lang.IllegalArgumentException: only https connections are permitted
        at net.openid.appauth.Preconditions.checkArgument(Preconditions.java:116)
        at net.openid.appauth.connectivity.DefaultConnectionBuilder.openConnection(DefaultConnectionBuilder.java:51)
        at net.openid.appauth.AuthorizationService$TokenRequestTask.doInBackground(AuthorizationService.java:397)
        at net.openid.appauth.AuthorizationService$TokenRequestTask.doInBackground(AuthorizationService.java:375)
        at android.os.AsyncTask$2.call(AsyncTask.java:304)
        at java.util.concurrent.FutureTask.run(FutureTask.java:237)
        at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243) 
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) 
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) 
        at java.lang.Thread.run(Thread.java:761) 

I would be thankfull if you can help me with the aformentioned problem.

thank you in advance best regards Amir

iainmcgin commented 5 years ago

Are you sure you weren't using an http URI? The error seems pretty self explanatory, and without more details on the URIs you were using for authorization and token exchange I can't really help.

asharif1990 commented 5 years ago

Yes, I am sure about that. These are the endpoints that are used for the authorization and token:

iainmcgin commented 5 years ago

Well, the code at the location referenced by your stack trace is simply checking that the scheme of the URI is https:

https://github.com/openid/AppAuth-Android/blob/a8da5f5dd640133deedaea8fead7e3e0be8ff376/library/java/net/openid/appauth/connectivity/DefaultConnectionBuilder.java#L51

I suggest setting a breakpoint to check that the URI being used is the URI that you expect.

asharif1990 commented 5 years ago

I found the problem, it was because of containing " before the endpoint. by the way thanks for your suggestion. I would like to ask another question if I want to make an API call which part of code should I change to make a call to a resource endpoint. I should change the token activity in the way that instead of fetching the endpoint from the discovery, read it from the configuration file?

asharif1990 commented 5 years ago

One more Question, if I didn't want to send the code challenge parameter, Is there any way to comment it within the code. I tried to omit it with the burp proxy, but after that I face some problems. Thanks