使用2分支OAuth 2.0和Apache OauthClient访问令牌 [英] Access tokens using 2 legged Oauth 2.0 and Apache OauthClient

问题描述

我试图得到2模式的OAuth 2的工作。我试图模仿这种卷曲调用来获取访问令牌：

I'm trying get 2 legged Oauth 2 working. I'm trying to mimic this CURL call to get an access token:

curl -u CLIENT_ID:CLIENT_SECRET https://mydomain.com/token -d "grant_type=client_credentials"

我想用做同样的事情在Java的Apache的奥尔图：

I'm trying to do the same thing in Java using Apache Oltu:

<dependency>
    <groupId>org.apache.oltu.oauth2</groupId>
    <artifactId>org.apache.oltu.oauth2.client</artifactId>
    <version>1.0.0</version>
</dependency>

这是Java code我使用的是：

This is the Java code I'm using:

OAuthClientRequest request = OAuthClientRequest
            .tokenLocation("https://mydomain.com/token")
            .setGrantType(GrantType.CLIENT_CREDENTIALS)
            .setClientId(CLIENT_ID)
            .setClientSecret(CLIENT_SECRET)
            .buildBodyMessage();


//create OAuth client that uses custom http client under the hood
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());

OAuthJSONAccessTokenResponse oAuthResponse = oAuthClient.accessToken(request, OAuthJSONAccessTokenResponse.class);

curl命令工作正常，但是Java code给出了这样的错误：

The CURL command works fine but the Java code gives this error:

OAuthProblemException{error='invalid_request', description='Must include a basic access authentication header.', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}

我试着用头消息编译：

I tried using the header message build:

.buildHeaderMessage();

代替，但它给：

OAuthProblemException{error='invalid_request', description='Must specify grant_type field.', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}

任何建议都AP preciated。我希望这是pretty简单。

Any suggestions are appreciated. I would expect this to be pretty straightforward.

推荐答案

我已经放弃了在Apache奥尔图中的Oauth，并提出了两个备选方案。后者是preferred。

I have given up on Apache Oltu Oauth and come up with two alternate solutions. The latter being the preferred.

解决方法1：低电平HTTP调用

有关我第一次尝试，我回到基础知识和使用的HttpClient库。

For my first try I went back to basics and used the HttpClient library.

<dependency>
  <groupId>org.apache.httpcomponents</groupId>
  <artifactId>httpclient</artifactId>
  <version>4.3.3</version>
</dependency>

我可以用下面的code，以获得OAuth访问令牌：

I was able to get the Oauth access token using the following code:

HttpPost request = new HttpPost("https://mydomain.com/token");
List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials"));
request.setEntity(new UrlEncodedFormEntity(urlParameters)); 

String auth = CLIENT_ID + ":" + CLIENT_SECRET;
byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(Charset.forName("US-ASCII")));
String authHeader = "Basic " + new String(encodedAuth);
request.setHeader(HttpHeaders.AUTHORIZATION, authHeader);

HttpClient client = HttpClientBuilder.create().build();
HttpResponse response = client.execute(request);
System.out.println("Oauth Access Token" + EntityUtils.toString(response.getEntity()));

解决方案2：春天的oauth2 RestTemplate

我怀疑是必须有一个更好的方式做两足式OAuth 2.0，并很高兴地发现了Spring框架的oauth2

I suspected there must be a better way to do Two Legged Oauth 2.0 and was pleased to find the Spring Oauth2 Framework

<dependency>
    <groupId>org.springframework.security.oauth</groupId>
    <artifactId>spring-security-oauth2</artifactId>
    <version>1.0.5.RELEASE</version>
</dependency>

这会产生更简单code，并提供后续REST调用的框架。这code可以清理的使用杰克逊，但我已经决定要保持它的简单。

This yields far simpler code and provides the framework for subsequent REST calls. This code could be cleaned up with the use of Jackson but I've decided to keep it simple.

String CLIENT_SECRET = "xxxx";
String CLIENT_ID = "yyyy";

ClientCredentialsResourceDetails resourceDetails = new ClientCredentialsResourceDetails();
resourceDetails.setClientSecret(CLIENT_SECRET);
resourceDetails.setClientId(CLIENT_ID);
resourceDetails.setAccessTokenUri("https://mydomain.com/token");

OAuth2RestTemplate oAuthRestTemplate = new OAuth2RestTemplate(resourceDetails);

HttpHeaders headers = new HttpHeaders();
headers.setContentType( MediaType.APPLICATION_JSON );

// Sample POST Method
String postJson = "{\"phone\":\"15554443333\", \"ip\":\"67.666.666.666\"}";
HttpEntity<String> reqEntity = new HttpEntity<String>(postJson, headers);
String postUri = "https://mydomain.com/v1.0/phone.json";
String postResult = oAuthRestTemplate.postForObject(postUri, reqEntity, String.class);
System.out.println(postResult);

// Sample GET method
String getUri = "https://mydomain.com/v1.0/phone.json?phone=15554443333";
String result = oAuthRestTemplate.getForObject( getUri, String.class);
System.out.println(result);

这篇关于使用2分支OAuth 2.0和Apache OauthClient访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！