Issues with Generating Authorization code and User Token using Apache OAuth client 2.0 library in Java

孤人 提交于 2019-12-02 10:58:50
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
String code = oar.getCode();

I think that the above code should be written in the implementation of the redirect URI endpoint, not in the client code.

It would be of help to understand the Authorization Code Flow correctly. An authorization code is issued from the authorization endpoint of the authorization server and it is delivered to the location which is pointed to by the redirect URI. That is, the authorization code is NOT delivered to the client application directly.

When an authorization server issues an authorization code, it sends an HTTP response like below back to the client's web browser.

HTTP/1.1 302 Found
Location: {Redirect URI}
  ?code={Authorization Code}  // - Always included
  &state={Arbitrary String}   // - Included if the authorization
                              //   request included 'state'.

302 Found triggers the web browser to go to the location pointed to by the Location header. Therefore, you have to implement the location to receive the authorization code, and the implementation has to pass the authorization code to the client application in some way or other.

Also note that an authorization page (HTML) is displayed between (a) an authorization request (= a request to the authorization endpoint) and (b) a token request (= a request to the token endpoint) and the page requires end-user interaction. See "1. Authorization Code Flow" in "Diagrams And Movies Of All The OAuth 2.0 Flows" for details.

Finally I was able to generate the Tokens using httpclient - please see the below Logic.

Getting the Authorization Code:

public String getAuthCode(String authUrl, String userName, String password, String scope, String clientId, 
        String redirectUrl) throws ClientProtocolException, IOException, URISyntaxException
{
    DefaultHttpClient httpclient = new DefaultHttpClient();

    System.out.println("Adding Paramters to a Array List as NameValuePair");
    List<NameValuePair> params = new ArrayList<NameValuePair>();
    params.add(new BasicNameValuePair("scope", scope));
    params.add(new BasicNameValuePair("response_type", "code"));
    params.add(new BasicNameValuePair("client_id", clientId));
    params.add(new BasicNameValuePair("redirect_uri", redirectUrl));

    System.out.println("Parameters List:" + params);

    System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List");
    URI uri = new URIBuilder(authUrl)
            .addParameters(params)
            .build();
    System.out.println("Built URI:" + uri);

    System.out.println("Creating HTTPGET with the Created URI");
    HttpGet get = new HttpGet(uri);
    System.out.println("HttpGet:" + get);

    System.out.println("Creating Client Context");
    HttpClientContext context = HttpClientContext.create();
    System.out.println("Created Client Context:" + context);


    System.out.println("Executing the GET Method with the created Client Context");
    HttpResponse response = httpclient.execute(get, context);
    System.out.println("HttpResponse:" + response);

    System.out.println("Getting the Final URI from the Submitted Get Method");
    URI finalUrl = get.getURI();
    System.out.println("Final URL:" + finalUrl);

    System.out.println("Creating a List of URI from the Redirection Locations using Client Context");
    List<URI> locations = context.getRedirectLocations();
    System.out.println("List of URI:" + locations);

    if (locations != null) {
        finalUrl = locations.get(locations.size() - 1);
    }
    System.out.println("Taking the last URL as Final:" + finalUrl);

    System.out.println("Creating Entity");
    EntityUtils.consume(response.getEntity());
    System.out.println("Consume the Entity:" + response.getEntity());

    String userid = "username=".concat(userName);
    System.out.println("UserID:" + userid);
    String userPassword = "Password=".concat(password);
    System.out.println("User Password:" + userPassword);
    String cred = userid+"&"+userPassword;
    System.out.println("User Credentials:" + cred);
    HttpPost postReq = new HttpPost(finalUrl);
    StringEntity entity = new StringEntity(cred);
    postReq.setEntity(entity);
    postReq.addHeader("Content-Type", "application/x-www-form-urlencoded"); 
    postReq.addHeader("User-Agent", "MSIE 8.0");


    HttpResponse responsePost = httpclient.execute(postReq,context);
    List<Header> location = Arrays.asList(responsePost.getHeaders("Location"));
    String locationUrl = location.get(0).getValue().toString();
    String[] locationArray = locationUrl.split("=");
    String authCode = locationArray[1].trim().toString();
    //System.out.println(authCode);

    EntityUtils.consume(responsePost.getEntity());
    System.out.println("Response Post Entity:"+responsePost);
    System.out.println("Authorization Code:" +authCode);
    return authCode;
}

Getting the Tokens:

public List<String> getJwtToken(String clientId,String clientSecret, String authUrl,String tokenUrl,
            String redirectUrl,String accessTokenScope, String LDAPuserName,String LDAPpassword) throws Exception
    {

        List<String> tokens = new ArrayList<String>();
        //Generate the User Level Token & JWT Token using the Get/Post Method
        DefaultHttpClient httpclient = new DefaultHttpClient();


        System.out.println("Calling the get Auth Code Method");
        String authCode = getAuthCode(authUrl, LDAPuserName, LDAPpassword, accessTokenScope, clientId, redirectUrl);
        System.out.println("Authorization Code:" + authCode);

        HttpPost tokenPost = new HttpPost(tokenUrl);
        System.out.println("Token HttpPost:" + tokenPost);

        System.out.println("Adding the Parameters in an ArrayList as NameValuePair");
        List<NameValuePair> tokenParams = new ArrayList<NameValuePair>();
        tokenParams.add(new BasicNameValuePair("client_id", clientId));
        tokenParams.add(new BasicNameValuePair("client_secret", clientSecret));
        tokenParams.add(new BasicNameValuePair("code", authCode));
        tokenParams.add(new BasicNameValuePair("grant_type", "authorization_code"));
        System.out.println("Token Call Parameter:" + tokenParams);

        System.out.println("Setting the Parameters as URL Encoded Entity");
        tokenPost.setEntity(new UrlEncodedFormEntity(tokenParams));
        System.out.println("URL Encoded Entity" + tokenPost);

        System.out.println("Executing the Token Post Method");
        HttpResponse responseJWT = httpclient.execute(tokenPost);
        System.out.println("Setting the Parameters as URL Encoded Entity" + responseJWT);

        System.out.println("Parsing the ResponseJWT using JsonParser & JsonObjet");
        JsonParser parser = new JsonParser();   
        System.out.println("Json Parser:" + parser);
        JsonObject data = (JsonObject) parser.parse(new InputStreamReader(responseJWT.getEntity().getContent()));
        System.out.println("Json Object" + data);

        String token = data.get("access_token").toString();
        System.out.println("Access Token:" + token);

        String jwt="";
        try
        {
            jwt = data.get("jwt_token").toString();
            System.out.println("JWT Token:" + jwt);
        }
        catch(Exception ejwt)
        {
            System.out.println("Exception occured converting Jwt Token to String");
            ejwt.printStackTrace();
        }

        String refresh = data.get("refresh_token").toString();
        System.out.println("Refresh Token:" + refresh);

        String accessToken = token.substring(1, token.length()-1);
        tokens.add(0, accessToken);
        System.out.println("Real Access Token:" + accessToken);

        String jwtToken ="";
        try
        {
        jwtToken = jwt.substring(1, jwt.length()-1);
        tokens.add(1, jwtToken);
        System.out.println("Real JWT Token:" + jwtToken);
        }

        catch(Exception ejwt)
        {
            System.out.println("Exception occured adding Jwt Token to String List");
            ejwt.printStackTrace();
        }

        String refreshToken = refresh.substring(1, refresh.length()-1);
        System.out.println("Real Refresh Token:" + refreshToken);

        return tokens;

    }

I have used this authentication code method. I got this error while making the auth code

> location->[] 
[ERROR] 2018-10-12 14:16:59.414 [http-nio-8080-exec-3]
> [dispatcherServlet] - Servlet.service() for servlet
> [dispatcherServlet] in context with path [] threw exception [Request
> processing failed; nested exception is
> java.lang.ArrayIndexOutOfBoundsException: 0] with root cause
> java.lang.ArrayIndexOutOfBoundsException: 0
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!