使用Java中的Apache OAuth客户端2.0库生成授权代码和用户令牌的问题 [英] Issues with Generating Authorization code and User Token using Apache OAuth client 2.0 library in Java
问题描述
我试图使用Java中的Apache OAuth Client 2.0 Library来自动化用户级别令牌的创建/生成过程(REST/授权授予代码). 以下是我从 https获取的代码://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart ,
I trying to Automate the User Level Token Creation/Generation process (REST/Authorization Grant Code) using Apache OAuth Client 2.0 Library in Java. And below is the Code that am using which i got from https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart,
`/*Previous Codes & starting the below with Try/Catch*/
OAuthClientRequest request = OAuthClientRequest
.authorizationLocation("Authorization URL")
.setClientId("ClientID")
.setRedirectURI("Redirect URL")
.buildQueryMessage();
request.getLocationUri();
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
String code = oar.getCode();
/*Other Codes and starting the below with Try/Catch*/
OAuthClientRequest request = OAuthClientRequest
.tokenLocation("TokenEndPointURL")
.setGrantType(GrantType.AUTHORIZATION_CODE)
.setClientId("ClientID")
.setClientSecret("ClientSecret")
.setRedirectURI("REdirectURL")
.setCode(code)//Authorization Code from above
.buildQueryMessage();
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(request, GitHubTokenResponse.class);
String accessToken = oAuthResponse.getAccessToken();
String expiresIn = oAuthResponse.getExpiresIn();`
但是,我在以下几行中得到了(来自Eclipse中错误的推论)Compilation Error,
However, I am getting a (inference from the error in Eclipse) Compilation Error on the below lines,
oauthCodeAuthzResponse方法接受httpservlet对象,但不支持OAuthAuthzReponse Type
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
有人可以让我知道是否有解决方法吗? 或者 如何将oauthCodeAuthzResponse请求转换为httpservlet请求? 或者 我是在做错什么还是错过了什么?
Could anyone please let me know if there is a work around to resolve this ? Or How to Convert the oauthCodeAuthzResponse Request to a httpservlet Request ? Or Am I doing anything wrong or missing something ?
推荐答案
OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
String code = oar.getCode();
我认为上面的代码应该写在重定向URI端点的实现中,而不是客户端代码中.
I think that the above code should be written in the implementation of the redirect URI endpoint, not in the client code.
正确理解授权代码流会有所帮助.从授权服务器的授权端点发出授权代码,并将其传送到重定向URI指向的位置.也就是说,授权代码不会直接传递到客户端应用程序.
It would be of help to understand the Authorization Code Flow correctly. An authorization code is issued from the authorization endpoint of the authorization server and it is delivered to the location which is pointed to by the redirect URI. That is, the authorization code is NOT delivered to the client application directly.
授权服务器发布授权代码时,它将如下所示的HTTP响应发送回客户端的Web浏览器.
When an authorization server issues an authorization code, it sends an HTTP response like below back to the client's web browser.
HTTP/1.1 302 Found
Location: {Redirect URI}
?code={Authorization Code} // - Always included
&state={Arbitrary String} // - Included if the authorization
// request included 'state'.
302 Found触发Web浏览器转到Location标头指向的位置.因此,您必须实现接收授权代码的位置,并且实现必须以某种方式将授权代码传递给客户端应用程序.
302 Found triggers the web browser to go to the location pointed to by the Location header. Therefore, you have to implement the location to receive the authorization code, and the implementation has to pass the authorization code to the client application in some way or other.
还请注意,在(a)授权请求(=对授权端点的请求)和(b)令牌请求(=对令牌端点的请求)之间显示授权页面(HTML),该页面需要最终用户交互.请参阅"
Also note that an authorization page (HTML) is displayed between (a) an authorization request (= a request to the authorization endpoint) and (b) a token request (= a request to the token endpoint) and the page requires end-user interaction. See "1. Authorization Code Flow" in "Diagrams And Movies Of All The OAuth 2.0 Flows" for details.
这篇关于使用Java中的Apache OAuth客户端2.0库生成授权代码和用户令牌的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
