phamngsinh / goauth2

Automatically exported from code.google.com/p/goauth2
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

oauthreq does not work with Microsoft services: ?access_token=... parameter required in request URL #7

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

After applying this patch, to make the oauthreq work with any service:

22,23d21
<   authURL      = flag.String("auth", 
"https://accounts.google.com/o/oauth2/auth", "Authorization URL")
<   tokenURL     = flag.String("token", 
"https://accounts.google.com/o/oauth2/token", "Token URL")
25d22
<   redirectURL  = flag.String("redirect", "http://localhost/", "Redirect URL")
49a47
> 
55,57c53,55
<       AuthURL:      *authURL,
<       TokenURL:     *tokenURL,
<       RedirectURL:  *redirectURL,

---
>       AuthURL:      "https://accounts.google.com/o/oauth2/auth",
>       TokenURL:     "https://accounts.google.com/o/oauth2/token",
>       RedirectURL:  "http://localhost/",

and running this sequence:

./oauthreq \
    -id=$id \
    -secret=$secret  \
    -auth=https://oauth.live.com/authorize \
    -token=https://oauth.live.com/token  \
    -redirect=http://bigredbucket.com/  \
    -req=https://apis.live.net/v5.0/me/calendars  \
    -api=wl.calendars

authorizing and obtaining a code results in a valid token cached in 
"request.token"

./oauthreq .... -code

{"AccessToken":"....","RefreshToken":"","Expiry":"2012-08-16T18:35:27.230099-04:
00"}

running with:

./oauthreq -cache -req=https://apis.live.net/v5.0/me/calendars

{
   "error": {
      "code": "request_token_missing", 
      "message": "The provided request does not include an access token. An access token is required in order to perform this action."
   }
}

when changing the -req flag to include the token parameter:

./oauthreq -cache -req=https://apis.live.net/v5.0/me/calendars?access_token=....
the valid response is sent.

What version of the product are you using? On what operating system?

go1.0.2, Mac OS X 10.8

Please provide any additional information below.

This does not occur with  Google services, because the request URL does not 
need the ?access_token parameter.

Original issue reported on code.google.com by ajstarks on 16 Aug 2012 at 10:23

GoogleCodeExporter commented 8 years ago
adding a new flag, -ap fixes the problem.  Here is the diff from the original:

22,23d21
<   authURL      = flag.String("auth", 
"https://accounts.google.com/o/oauth2/auth", "Authorization URL")
<   tokenURL     = flag.String("token", 
"https://accounts.google.com/o/oauth2/token", "Token URL")
25d22
<   redirectURL  = flag.String("redirect", "http://localhost/", "Redirect URL")
29d25
<   authparam    = flag.String("ap", "", "Authorization parameter")
50a47
> 
56,58c53,55
<       AuthURL:      *authURL,
<       TokenURL:     *tokenURL,
<       RedirectURL:  *redirectURL,
---
>       AuthURL:      "https://accounts.google.com/o/oauth2/auth",
>       TokenURL:     "https://accounts.google.com/o/oauth2/token",
>       RedirectURL:  "http://localhost/",
100,103d96
<       // Tack on the extra parameters, if specified.
<       if *authparam != "" {
<           *apiRequest += *authparam + ctoken.AccessToken
<       }

if you run:

./oauthreq -cache -req=https://apis.live.net/v5.0/me/calendars 
-ap='?access_token='

it works.

Original comment by ajstarks on 17 Aug 2012 at 2:35

GoogleCodeExporter commented 8 years ago
I was able to reproduce this yesterday, so I pinged some colleagues at 
Microsoft.  Now this morning, it seems to work fine passing the OAuth token in 
the Authorization header.  Either they were *really* quick to fix the problem, 
or it's a fluke.  I'm going to close this as fixed, but if anyone continues to 
see this problem, please reopen and I'll investigate further.

Original comment by willnorris@google.com on 7 Jun 2013 at 3:28