clientId = xxxxxx
clientSecret = xxxxxxxx
applicationHost = xxxxxxxxx
My authorization code request:
OAuthClientRequest oAuthClientRequest = OAuthClientRequest
.authorizationProvider(OAuthProviderType.GOOGLE)
.setResponseType("code")
.setClientId(clientId)
.setParameter("access_type", "online")
.setRedirectURI(applicationHost + "auth/google/callback")
.setScope("https://www.googleapis.com/auth/plus.login")
.buildQueryMessage();
response.sendRedirect(oAuthClientRequest.getLocationUri());
I am getting an authorization code with this. but whenever I send a request for the access_token using this code I am getting an error. (Code 400)
My access_token request:
OAuthClientRequest oAuthClientRequest = OAuthClientRequest
.tokenProvider(OAuthProviderType.GOOGLE)
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId(clientId)
.setClientSecret(clientSecret)
.setParameter("access_type", "online")
.setRedirectURI(applicationHost + "auth/google/callback")
.setCode(code)
.buildQueryMessage();
GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(
oAuthClientRequest, GitHubTokenResponse.class);
return oAuthResponse.getAccessToken();
OAuth2 Playground response:
HTTP/1.1 400 Bad Request
Alternate-protocol: 443:quic
Content-length: 37
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
X-google-cache-control: remote-fetch
-content-encoding: gzip
Server: GSE
Via: HTTP/1.1 GWA
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Mon, 17 Feb 2014 09:03:52 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json
Expires: Fri, 01 Jan 1990 00:00:00 GMT
{
"error": "unauthorized_client"
}
Please help me out. Thanks in advance.
You're taking an auth code from your application (ie. client id XXXXX) and pasting that into a different app (oauth playground with client id YYYYY) and expecting it to work?
That's not gonna work.
It might work if you go into the Gear option and enter your app's credentials. But I'm slightly confused why you're doing this. What is the problem you are trying to solve?
This answer might help How do I authorise an app (web or installed) without user intervention? (canonical ?)
Related
I read a lot issues with that here, but it's not working for me. May be I doing something wrong?
my retrofit Interface:
#Multipart
#POST("/api/v1/services/add")
suspend fun addServiceAsync(#Part("newService") service: ServiceApiData,
#Part imageFile:MultipartBody.Part?,
#Header("Authorization") jwt:String?): StatusAndStrApi?
And Spring RestController part is
#PostMapping("/add")
ResponseEntity<?> addService(#RequestPart(name = "newService") ServiceServer service,
#RequestPart("imageFileFromClient") MultipartFile imageFile
)
Here how i create Multipatr.Body:
MultipartBody.Part.createFormData(
"imageFileFromClient",
fileImage.name,
fileImage.asRequestBody("image/*".toMediaTypeOrNull()
)
Here what server return me:
I/okhttp.OkHttpClient: <-- 400 http://server:8080/api/v1/services/add (301ms)
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
I/okhttp.OkHttpClient: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
I/okhttp.OkHttpClient: Transfer-Encoding: chunked
Date: Fri, 03 Sep 2021 05:11:18 GMT
Connection: close
{"timestamp":"2021-09-03T05:11:18.689+00:00","status":400,"error":"Bad Request","path":"/api/v1/services/add"}
I/okhttp.OkHttpClient: <-- END HTTP (110-byte body)
I/System.out: close [socket][/100.107.22.171:34172]
Try using https instead of http.
BODY WAS NULL, but it mustn't be. Don't allow Multipartbody be nullable. Never.
I have a strange problem in WildFly 12. When I post a HTTP request sometimes body is replaced by HTTP response header. Sometimes it doesn't.
the error json data:
HTTP/1.1 200 OK^M Expires: 0^M Cache-Control: no-cache, no-store, max-age=0, must-revalidate^M X-Powered-By: Undertow/1^M Server: WildFly/11^M X-XSS-Protection: 1; mode=block^M Pragma: no-cache^M X-Frame-Options: SAMEORIGIN^M Date: Thu, 08 Nov 2018 13:00:25 GMT^M Connection: keep-alive^M X-Content-Type-Options: nosniff^M Content-Type: text/plain;charset=UTF-8^M Content-Length: 1569^M ^M ationId":"61e1e1b0867c11e8a9a81fbc702bb402","value":"MU5123","startStationName":"上海虹桥国际机场","endAreaName":"北京首都国际机场"},{"shiftId":"6c874935c59e11e8a4f557d52226d05c","startAreaId":"61e1e1b0867c11e8a9a81fbc702bb402","endStationName":"北京首都国际机场","lineId":"336fb55d-cc7c-11e8-9ed0-00163e02896a","label":"MU5159","dispatchTime":"14:30","endAreaId":"61e1e193867c11e8a9a81fbc702bb402","endStationId":"61e1e193867c11e8a9a81fbc702bb402","startAreaName":"上海虹桥国际机场","startStationId":"61e1e1b0867c11e8a9a81fbc702bb402","value":"MU5159","startStationName":"上海虹桥国际机场","endAreaName":"北京首都国际机场"},{"shiftId":"6c874930c59e11e8a4f557d52226d05c","startAreaId":"61e1e1b0867c11e8a9a81fbc702bb402","endStationName":"北京首都国际机场","lineId":"9db7b2a5c5a911e89ed000163e02896a","label":"MU5331","dispatchTime":"15:00","endAreaId":"61e1e193867c11e8a9a81fbc702bb402","endStationId":"61e1e193867c11e8a9a81fbc702bb402","startAreaName":"上海虹桥国际机场","startStationId":"61e1e1b0867c11e8a9a81fbc702bb402","value":"MU5331","startStationName":"上海虹桥国际机场","endAreaName":"北京首都国际机场"}]
Could someone let me know the reason would be for this behavior?
I've written a query tool which at it's heart uses this block to gather info from an external url:
AsyncHttpClientConfig proxiedCF = new DefaultAsyncHttpClientConfig.Builder().setUserAgent(pickUserAgent()).build();
AsyncHttpClient asyncHttpClient = new DefaultAsyncHttpClient(proxiedCF);
Future<Response> f = asyncHttpClient.prepareGet(url).setProxyServer(new ProxyServer.Builder(pickProxyServer(), 80)).execute();
It works fine. However it works even when an invalid proxy is provided, which is a bit suspicious and I feel my elaborate proxy configuration is not used at all.
I stumbled upon this by having pickProxyServer() return a String "1.1.1.1", which is obviously not a valid web proxy.
I use SLF4J for logging and it looks pretty normal:
20:31:47.454 [AsyncHttpClient-7-1] DEBUG o.a.n.channel.NettyConnectListener - Using new Channel '[id: 0x03359938, L:/10.0.0.101:59775 - R:/1.1.1.1:80]' for 'GET' to '[[url removed by me]]'
20:31:47.586 [AsyncHttpClient-7-1] DEBUG o.a.netty.handler.HttpHandler -
Request DefaultFullHttpRequest(decodeResult: success, version: HTTP/1.1, content: EmptyByteBufBE)
GET [[url removed by me]] HTTP/1.1
Host: [[url removed by me]]
Accept: */*
User-Agent: burning_dandelion
Response DefaultHttpResponse(decodeResult: success, version: HTTP/1.1)
HTTP/1.1 200 OK
Date: Fri, 13 Oct 2017 18:31:49 GMT
Expires: Fri, 13 Oct 2017 18:31:49 GMT
Cache-Control: private, max-age=3600
Content-Type: text/xml; charset=ISO-8859-1
P3P: CP="This is not a P3P policy!"
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: 1P_JAR=2017-10-13-18; expires=Fri, 20-Oct-2017 18:31:49 GMT; path=/; domain=[[url removed by me]]
Set-Cookie: NID=114=qiVBv02cmXYHh2RfLQbhBfESWIoaGlf3d2jlSbAdQ8yWPDsCpOeK9aYbvfq0HWsER68W1oE53jiriM_fivTc1bJi1F2sfCi0wMptKI-9U3ueVKITtFvYYZx2T0rJf1kQ; expires=Sat, 14-Apr-2018 18:31:49 GMT; path=/; domain=[[url removed by me]]; HttpOnly
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
20:31:47.587 [AsyncHttpClient-7-1] DEBUG o.a.netty.channel.ChannelManager - Adding key: ProxyPartitionKey(proxyHost=1.1.1.1, proxyPort=80, secured=false, targetHostBaseUrl=[[url removed by me]]:80 for channel [id: 0x03359938, L:/10.0.0.101:59775 - R:/1.1.1.1:80]
Can someone point me towards my error? Obviously, I want an I/O exception or any kind of notice when an invalid proxy is called upon.
Ok it's the middle of the night but I found something. When the port is anything but :80, the proxy is correctly used. This does the trick for me.
I'm trying to access SP Rest API as mentioned here, but still get 403 - Forbidden error.
I'm not sure if it has something to do with the single sign-on we use:
To access the Rest Api via browser I have to login into https://login.microsoftonline.com and then I am able to call https://mycompany.sharepoint.com/_api/search/query?querytext=%27Search%20foo%20bar%27
So my Java App looks like this:
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(AuthScope.ANY),
new NTCredentials("username#mycompany.de", "password", "https://login.microsoftonline.com", "microsoftonline.com"));
CloseableHttpClient httpclient = HttpClients.custom()
.setDefaultCredentialsProvider(credsProvider)
.build();
try {
HttpGet httpget = new HttpGet("https://mycompany.sharepoint.com/_api/search/query?querytext=%27Search%20foo%20bar%27");
System.out.println("Executing request " + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(response.getEntity());
} finally {
response.close();
}
} finally {
httpclient.close();
}
Which leads to HTTP/1.1 403 FORBIDDEN. Any ideas?
EDIT:
I added a print.out of all headers, so my full output is:
Executing request GET https://***.sharepoint.com/_api/search/query?querytext=%27Search%20foo%20OR%20bar%27 HTTP/1.1
log4j:WARN No appenders could be found for logger (org.apache.http.client.protocol.RequestAddCookies).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
----------------------------------------
HTTP/1.1 403 Forbidden
Cache-Control: private, max-age=0
Transfer-Encoding: chunked
Content-Type: application/xml;charset=utf-8
Expires: Mon, 15 Jun 2015 07:12:48 GMT
Last-Modified: Tue, 30 Jun 2015 07:12:48 GMT
Server: Microsoft-IIS/8.5
X-SharePointHealthScore: 0
X-Forms_Based_Auth_Required: https://***.sharepoint.com/_forms/default.aspx?ReturnUrl=/_layouts/15/error.aspx&Source=%2f_vti_bin%2fclient.svc%2fsearch%2fquery%3fquerytext%3d%2527Search%2520foo%2520OR%2520bar%2527
X-Forms_Based_Auth_Return_Url: https://***.sharepoint.com/_layouts/15/error.aspx
X-MSDAVEXT_Error: 917656; Zugriff+verweigert.+Zum+%c3%96ffnen+von+Dateien+an+diesem+Speicherort+m%c3%bcssen+Sie+zun%c3%a4chst+zur+Website+wechseln+und+die+Option+zur+automatischen+Anmeldung+aktivieren.
DATASERVICEVERSION: 3.0
X-AspNet-Version: 4.0.30319
X-IDCRL_AUTH_PARAMS_V1: IDCRL Type="BPOSIDCRL", EndPoint="/_vti_bin/idcrl.svc/", RootDomain="sharepoint.com", Policy="MBI"
SPRequestGuid: c757159d-a063-2000-20ed-499660c844ff
request-id: c757159d-a063-2000-20ed-499660c844ff
X-FRAME-OPTIONS: SAMEORIGIN
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 16.0.0.4121
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Date: Tue, 30 Jun 2015 07:12:47 GMT
I try to translate the X-MSDAVEXT_Error to english: Permission denied. To access data from this location you have to switch to the website and enable the option for automatic login.
It looks like you're using Office 365. I've seen this issue when attempting to use some accounts. I'd take a look at the ADAL libraries for performing authentication against Azure AD (Which you have as part of O365) https://github.com/AzureAD/azure-activedirectory-library-for-java
I'm using java sockets to communicate with my server. I'm getting http response from the server in a byte[] format. Now I need to parse the headers and content of the byte[]. The sample response I'm getting from server is :
HTTP/1.1 200 OK
alternate-protocol: 443:quic,p=0.01
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
content-length: 341
content-type: text/javascript; charset=UTF-8
date: Sat, 15 Nov 2014 18:32:55 GMT
expires: -1
pragma: no-cache
server: gws
status: 200 OK
version: HTTP/1.1
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
1. Either I need an easiest way to parse this in Java (May be a library)
2. Or a way to convert it into HttpResponse object.
Apache HttpComponents is your friend in this case.
Please take a look at http://hc.apache.org/httpclient-3.x/apidocs/org/apache/commons/httpclient/HttpParser.html