nizamsp / oauth-signpost

Automatically exported from code.google.com/p/oauth-signpost
0 stars 0 forks source link

Please add a wrapper to support HttpClient AuthScheme #44

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Currently one must sign every request before sending.  With HttpClient,
there is built-in support for adding new auth methods that should work with
OAuth.  It shouldn't be difficult to create a wrapper for
CommonsHttpOAuthConsumer to implement org.apache.http.auth.AuthScheme.  

Looking at existing AuthScheme implementations should help:
http://hc.apache.org/httpcomponents-client/httpclient/xref/org/apache/http/impl/
auth/

You need to implement AuthSchemeFactory but it doesn't do much more than
create AuthScheme instances.  Then use a Credentials instance (you might
need to create your own subclass) to hold the consumer key/secret and Auth
Token/ secret token.  

The processChallenge method of AuthScheme is only used to extract the
'realm' of a WWW-Authenticate header I think.

Original issue reported on code.google.com by tmnich...@gmail.com on 5 May 2010 at 5:13

GoogleCodeExporter commented 8 years ago

Original comment by m.kaepp...@gmail.com on 9 May 2010 at 12:52

GoogleCodeExporter commented 8 years ago
Attached is my experimentation to adapt Signpost as an HttpClient AuthScheme.  
It's close, but missing one crucial component -- since HttpClient makes an 
unauthenticated request and reacts to the 401 by adding the auth credentials, 
the second request object doesn't contain the full URI and hence can't be 
signed.  Oleg, the HttpClient lead dev says this is a design oversight that 
will be fixed in HttpClient 4.1.  So for now it appears that Signpost as an 
AuthScheme is a no-go, unless you could work around it using preemptive auth 
(see section 4.8 here: 
http://hc.apache.org/httpcomponents-client/tutorial/html/authentication.html).  

Sorry, source is written in Groovy for quick development, but you should get 
the idea :)

Original comment by tmnich...@gmail.com on 9 Sep 2010 at 9:47

Attachments:

GoogleCodeExporter commented 8 years ago
@Do you have a reference for the changes that were needed in httpclient? 4.1 
went GA yesterday ...

Original comment by smparkes...@gtempaccount.com on 25 Jan 2011 at 7:26

GoogleCodeExporter commented 8 years ago
Ah. Found it. ContextAwareAuthScheme ...

Original comment by smparkes...@gtempaccount.com on 25 Jan 2011 at 7:28

GoogleCodeExporter commented 8 years ago
Yup, that is it.  You should be able to find examples of how to reconstruct the 
request URI from the context.

Original comment by tmnich...@gmail.com on 27 Jan 2011 at 4:57