I trying to Automate the User Level Token Creation/Generation process (REST/Authorization Grant Code) using Apache OAuth Client 2.0 Library in Java. And below is the Code that am using which i got from https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart,
`/*Previous Codes & starting the below with Try/Catch*/
OAuthClientRequest request = OAuthClientRequest
.authorizationLocation("Authorization URL")
.setClientId("ClientID")
.setRedirectURI("Redirect URL")
.buildQueryMessage();
request.getLocationUri();
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
String code = oar.getCode();
/*Other Codes and starting the below with Try/Catch*/
OAuthClientRequest request = OAuthClientRequest
.tokenLocation("TokenEndPointURL")
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId("ClientID")
.setClientSecret("ClientSecret")
.setRedirectURI("REdirectURL")
.setCode(code)//Authorization Code from above
.buildQueryMessage();
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(request, GitHubTokenResponse.class);
String accessToken = oAuthResponse.getAccessToken();
String expiresIn = oAuthResponse.getExpiresIn();`
However, I am getting a (inference from the error in Eclipse) Compilation Error on the below lines,
The oauthCodeAuthzResponse method accepts httpservlet Object and does not support OAuthAuthzReponse Type
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
Could anyone please let me know if there is a work around to resolve this ? Or How to Convert the oauthCodeAuthzResponse Request to a httpservlet Request ? Or Am I doing anything wrong or missing something ?
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
String code = oar.getCode();
I think that the above code should be written in the implementation of the redirect URI endpoint, not in the client code.
It would be of help to understand the Authorization Code Flow correctly. An authorization code is issued from the authorization endpoint of the authorization server and it is delivered to the location which is pointed to by the redirect URI. That is, the authorization code is NOT delivered to the client application directly.
When an authorization server issues an authorization code, it sends an HTTP response like below back to the client's web browser.
HTTP/1.1 302 Found
Location: {Redirect URI}
?code={Authorization Code} // - Always included
&state={Arbitrary String} // - Included if the authorization
// request included 'state'.
302 Found
triggers the web browser to go to the location pointed to by the Location
header. Therefore, you have to implement the location to receive the authorization code, and the implementation has to pass the authorization code to the client application in some way or other.
Also note that an authorization page (HTML) is displayed between (a) an authorization request (= a request to the authorization endpoint) and (b) a token request (= a request to the token endpoint) and the page requires end-user interaction. See "1. Authorization Code Flow" in "Diagrams And Movies Of All The OAuth 2.0 Flows" for details.
Finally I was able to generate the Tokens using httpclient - please see the below Logic.
Getting the Authorization Code:
public String getAuthCode(String authUrl, String userName, String password, String scope, String clientId,
String redirectUrl) throws ClientProtocolException, IOException, URISyntaxException
{
DefaultHttpClient httpclient = new DefaultHttpClient();
System.out.println("Adding Paramters to a Array List as NameValuePair");
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("scope", scope));
params.add(new BasicNameValuePair("response_type", "code"));
params.add(new BasicNameValuePair("client_id", clientId));
params.add(new BasicNameValuePair("redirect_uri", redirectUrl));
System.out.println("Parameters List:" + params);
System.out.println("Building the URI with Authorization Endpoint by adding the Parameters create in Array List");
URI uri = new URIBuilder(authUrl)
.addParameters(params)
.build();
System.out.println("Built URI:" + uri);
System.out.println("Creating HTTPGET with the Created URI");
HttpGet get = new HttpGet(uri);
System.out.println("HttpGet:" + get);
System.out.println("Creating Client Context");
HttpClientContext context = HttpClientContext.create();
System.out.println("Created Client Context:" + context);
System.out.println("Executing the GET Method with the created Client Context");
HttpResponse response = httpclient.execute(get, context);
System.out.println("HttpResponse:" + response);
System.out.println("Getting the Final URI from the Submitted Get Method");
URI finalUrl = get.getURI();
System.out.println("Final URL:" + finalUrl);
System.out.println("Creating a List of URI from the Redirection Locations using Client Context");
List<URI> locations = context.getRedirectLocations();
System.out.println("List of URI:" + locations);
if (locations != null) {
finalUrl = locations.get(locations.size() - 1);
}
System.out.println("Taking the last URL as Final:" + finalUrl);
System.out.println("Creating Entity");
EntityUtils.consume(response.getEntity());
System.out.println("Consume the Entity:" + response.getEntity());
String userid = "username=".concat(userName);
System.out.println("UserID:" + userid);
String userPassword = "Password=".concat(password);
System.out.println("User Password:" + userPassword);
String cred = userid+"&"+userPassword;
System.out.println("User Credentials:" + cred);
HttpPost postReq = new HttpPost(finalUrl);
StringEntity entity = new StringEntity(cred);
postReq.setEntity(entity);
postReq.addHeader("Content-Type", "application/x-www-form-urlencoded");
postReq.addHeader("User-Agent", "MSIE 8.0");
HttpResponse responsePost = httpclient.execute(postReq,context);
List<Header> location = Arrays.asList(responsePost.getHeaders("Location"));
String locationUrl = location.get(0).getValue().toString();
String[] locationArray = locationUrl.split("=");
String authCode = locationArray[1].trim().toString();
//System.out.println(authCode);
EntityUtils.consume(responsePost.getEntity());
System.out.println("Response Post Entity:"+responsePost);
System.out.println("Authorization Code:" +authCode);
return authCode;
}
Getting the Tokens:
public List<String> getJwtToken(String clientId,String clientSecret, String authUrl,String tokenUrl,
String redirectUrl,String accessTokenScope, String LDAPuserName,String LDAPpassword) throws Exception
{
List<String> tokens = new ArrayList<String>();
//Generate the User Level Token & JWT Token using the Get/Post Method
DefaultHttpClient httpclient = new DefaultHttpClient();
System.out.println("Calling the get Auth Code Method");
String authCode = getAuthCode(authUrl, LDAPuserName, LDAPpassword, accessTokenScope, clientId, redirectUrl);
System.out.println("Authorization Code:" + authCode);
HttpPost tokenPost = new HttpPost(tokenUrl);
System.out.println("Token HttpPost:" + tokenPost);
System.out.println("Adding the Parameters in an ArrayList as NameValuePair");
List<NameValuePair> tokenParams = new ArrayList<NameValuePair>();
tokenParams.add(new BasicNameValuePair("client_id", clientId));
tokenParams.add(new BasicNameValuePair("client_secret", clientSecret));
tokenParams.add(new BasicNameValuePair("code", authCode));
tokenParams.add(new BasicNameValuePair("grant_type", "authorization_code"));
System.out.println("Token Call Parameter:" + tokenParams);
System.out.println("Setting the Parameters as URL Encoded Entity");
tokenPost.setEntity(new UrlEncodedFormEntity(tokenParams));
System.out.println("URL Encoded Entity" + tokenPost);
System.out.println("Executing the Token Post Method");
HttpResponse responseJWT = httpclient.execute(tokenPost);
System.out.println("Setting the Parameters as URL Encoded Entity" + responseJWT);
System.out.println("Parsing the ResponseJWT using JsonParser & JsonObjet");
JsonParser parser = new JsonParser();
System.out.println("Json Parser:" + parser);
JsonObject data = (JsonObject) parser.parse(new InputStreamReader(responseJWT.getEntity().getContent()));
System.out.println("Json Object" + data);
String token = data.get("access_token").toString();
System.out.println("Access Token:" + token);
String jwt="";
try
{
jwt = data.get("jwt_token").toString();
System.out.println("JWT Token:" + jwt);
}
catch(Exception ejwt)
{
System.out.println("Exception occured converting Jwt Token to String");
ejwt.printStackTrace();
}
String refresh = data.get("refresh_token").toString();
System.out.println("Refresh Token:" + refresh);
String accessToken = token.substring(1, token.length()-1);
tokens.add(0, accessToken);
System.out.println("Real Access Token:" + accessToken);
String jwtToken ="";
try
{
jwtToken = jwt.substring(1, jwt.length()-1);
tokens.add(1, jwtToken);
System.out.println("Real JWT Token:" + jwtToken);
}
catch(Exception ejwt)
{
System.out.println("Exception occured adding Jwt Token to String List");
ejwt.printStackTrace();
}
String refreshToken = refresh.substring(1, refresh.length()-1);
System.out.println("Real Refresh Token:" + refreshToken);
return tokens;
}
I have used this authentication code method. I got this error while making the auth code
> location->[]
[ERROR] 2018-10-12 14:16:59.414 [http-nio-8080-exec-3]
> [dispatcherServlet] - Servlet.service() for servlet
> [dispatcherServlet] in context with path [] threw exception [Request
> processing failed; nested exception is
> java.lang.ArrayIndexOutOfBoundsException: 0] with root cause
> java.lang.ArrayIndexOutOfBoundsException: 0
来源:https://stackoverflow.com/questions/44974292/issues-with-generating-authorization-code-and-user-token-using-apache-oauth-clie