Google OAuth app used by pac4j-1.4.x does NOT work with pac4j-1.7.x

[mbohun]

errors/exceptions:

This one is caused by pointing a pac4j-1.7.x based app at pac4j-1.4.x Google OAuth endpoint URL:

Caused by: org.pac4j.core.exception.TechnicalException: org.scribe.exceptions.OAuthException: Cannot extract an acces token. Response was: {
  "error" : "invalid_grant",
  "error_description" : "Code was already redeemed."
}

This one is caused by pointing pac4j-1.7.x based app at Google OAuth endpoint without Google+ API being enabled. (Unlike the pac4j-1.4.x (with it's old Google OAuth endpoint), pac4j-1.7.x (with it's new Google OAuth endpoint) does require Google+ API to be enabled in the Google OAuth app configuration in https://console.developers.google.com APIs&auth -> APIs).

2015-09-22 06:29:40,587 ERROR [org.pac4j.oauth.client.BaseOAuthClient] - <Failed to get data, code : 403 / body : {
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "accessNotConfigured",
    "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.",
    "extendedHelp": "https://console.developers.google.com"
   }
  ],
  "code": 403,
  "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration."
 }
}
>

The Google OAuth endpoint URLs are diff (changed between pac4j-1.4.x and pac4j-1.7.x):
pac4j-1.4.x:

    @Override
    protected String getProfileUrl() {
        return "https://www.googleapis.com/oauth2/v2/userinfo";
    }

pac4j-1.7.x:

    @Override
    protected String getProfileUrl(final Token accessToken) {
        return "https://www.googleapis.com/plus/v1/people/me";
    }

That is the reason why a Google OAuth app setup for pac4j-1.4.x does NOT simply/automatically work with with pac4j-1.7.x.

The last problem/error was caused by the fact that the internal representation/structure of org.pac4j.oauth.profile.google2.Google2Profile changed between pac4j-1.4.x and pac4j-1.7.x, and the parsing/extraction of email, first name, last name fields failed:

2015-09-22 06:39:37,223 DEBUG [org.jasig.cas.support.pac4j.authentication.handler.support.ALAClientAuthenticationHandler] - <userProfile : <Google2Profile> | id:
 105600676538699036821 | attributes: {image.url=https://lh4.googleusercontent.com/-LkKJRNzwc_U/AAAAAAAAAAI/AAAAAAAABQE/oocuizk5n0s/photo.jpg?sz=50, name.familyNa
me=Bohun, gender=MALE, emails=[{"value":"martin.bohun@gmail.com","type":"account"}], language=en, name.givenName=Martin, displayName=Martin Bohun, access_token=y
a29.9gG_EVUW4bbgOXfK5-zim50NFvYTBZPesI_03EYyUx7cXBYyBq7s83dodLP53lgOy4WO, url=https://plus.google.com/+MartinBohun} | roles: [] | permissions: [] | isRemembered:
 false |>
2015-09-22 06:39:37,224 DEBUG [au.org.ala.cas.AttributeParser] - <processing/parsing profile: Google2Profile>
2015-09-22 06:39:37,224 DEBUG [au.org.ala.cas.AttributeParser] - <parsing: Google2Profile, attributes: {image.url=https://lh4.googleusercontent.com/-LkKJRNzwc_U/AAAAAAAAAAI/AAAAAAAABQE/oocuizk5n0s/photo.jpg?sz=50, name.familyName=Bohun, gender=MALE, emails=[{"value":"martin.bohun@gmail.com","type":"account"}], language=en, name.givenName=Martin, displayName=Martin Bohun, access_token=ya29.9gG_EVUW4bbgOXfK5-zim50NFvYTBZPesI_03EYyUx7cXBYyBq7s83dodLP53lgOy4WO, url=https://plus.google.com/+MartinBohun}>
2015-09-22 06:39:37,224 DEBUG [org.jasig.cas.support.pac4j.authentication.handler.support.ALAClientAuthenticationHandler] - <email : null>
2015-09-22 06:39:37,225 DEBUG [org.jasig.cas.support.pac4j.authentication.handler.support.ALAClientAuthenticationHandler] - <Invalid email : null, authentication aborted!>

The moral of the story: create, resp. add automated (most likely REST based) test, that will be run as part of the travis-ci build, so it will automatically pick up this type of annoyances ASAP.

[mbohun]

fixed in: e5a679bfe76ee99bdea38cd486cd7161e02014b2