Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitaedc589

Browse files
committed
implement OAuth2 Authorization Response parsing
1 parentc328d5d commitaedc589

File tree

3 files changed

+131
-17
lines changed

3 files changed

+131
-17
lines changed
Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
packagecom.github.scribejava.core.model;
2+
3+
/**
4+
* represents Authorization Response http://tools.ietf.org/html/rfc6749#section-4.1.2
5+
*
6+
* If the resource owner grants the access request, the authorization server issues an authorization code and delivers
7+
* it to the client by adding the following parameters to the query component of the redirection URI using the
8+
* "application/x-www-form-urlencoded" format.
9+
*
10+
*/
11+
publicclassOAuth2Authorization {
12+
13+
/**
14+
* REQUIRED. The authorization code generated by the authorization server. The authorization code MUST expire
15+
* shortly after it is issued to mitigate the risk of leaks. A maximum authorization code lifetime of 10 minutes is
16+
* RECOMMENDED. The client MUST NOT use the authorization code more than once. If an authorization code is used more
17+
* than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously
18+
* issued based on that authorization code. The authorization code is bound to the client identifier and redirection
19+
* URI.
20+
*/
21+
privateStringcode;
22+
/**
23+
* REQUIRED if the "state" parameter was present in the client authorization request. The exact value received from
24+
* the client.
25+
*/
26+
privateStringstate;
27+
28+
publicStringgetCode() {
29+
returncode;
30+
}
31+
32+
publicvoidsetCode(Stringcode) {
33+
this.code =code;
34+
}
35+
36+
publicStringgetState() {
37+
returnstate;
38+
}
39+
40+
publicvoidsetState(Stringstate) {
41+
this.state =state;
42+
}
43+
}

‎scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth20Service.java

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
importcom.github.scribejava.core.builder.api.DefaultApi20;
99
importcom.github.scribejava.core.model.AbstractRequest;
1010
importcom.github.scribejava.core.model.OAuth2AccessToken;
11+
importcom.github.scribejava.core.model.OAuth2Authorization;
1112
importcom.github.scribejava.core.model.OAuthAsyncRequestCallback;
1213
importcom.github.scribejava.core.model.OAuthConfig;
1314
importcom.github.scribejava.core.model.OAuthConstants;
@@ -216,4 +217,23 @@ public String getAuthorizationUrl(Map<String, String> additionalParams) {
216217
publicDefaultApi20getApi() {
217218
returnapi;
218219
}
220+
221+
publicOAuth2AuthorizationextractAuthorization(StringredirectLocation) {
222+
finalOAuth2Authorizationauthorization =newOAuth2Authorization();
223+
for (Stringparam :redirectLocation.substring(redirectLocation.indexOf('?') +1).split("&")) {
224+
finalString[]keyValue =param.split("=");
225+
if (keyValue.length ==2) {
226+
switch (keyValue[0]) {
227+
case"code":
228+
authorization.setCode(keyValue[1]);
229+
break;
230+
case"state":
231+
authorization.setState(keyValue[1]);
232+
break;
233+
default://just ignore any other param;
234+
}
235+
}
236+
}
237+
returnauthorization;
238+
}
219239
}

‎scribejava-core/src/test/java/com/github/scribejava/core/oauth/OAuth20ServiceTest.java

Lines changed: 68 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,13 @@
22

33
importcom.github.scribejava.core.builder.ServiceBuilder;
44
importcom.github.scribejava.core.model.OAuth2AccessToken;
5+
importcom.github.scribejava.core.model.OAuth2Authorization;
56
importcom.github.scribejava.core.model.OAuthConstants;
67
importcom.github.scribejava.core.services.Base64Encoder;
78
importcom.google.gson.Gson;
89
importcom.google.gson.reflect.TypeToken;
9-
importorg.junit.Assert;
10+
importstaticorg.junit.Assert.assertNotNull;
11+
importstaticorg.junit.Assert.assertEquals;
1012
importorg.junit.Test;
1113

1214
importjava.nio.charset.Charset;
@@ -25,23 +27,23 @@ public void shouldProduceCorrectRequestSync() {
2527
finalOAuth2AccessTokentoken =service.getAccessTokenPasswordGrant("user1","password1");
2628
finalGsonjson =newGson();
2729

28-
Assert.assertNotNull(token);
30+
assertNotNull(token);
2931

3032
finalMap<String,String>map =json.fromJson(token.getRawResponse(),newTypeTokenImpl().getType());
3133

32-
Assert.assertEquals(OAuth20ServiceUnit.TOKEN,map.get(OAuthConstants.ACCESS_TOKEN));
33-
Assert.assertEquals(OAuth20ServiceUnit.STATE,map.get(OAuthConstants.STATE));
34-
Assert.assertEquals(OAuth20ServiceUnit.EXPIRES,map.get("expires_in"));
34+
assertEquals(OAuth20ServiceUnit.TOKEN,map.get(OAuthConstants.ACCESS_TOKEN));
35+
assertEquals(OAuth20ServiceUnit.STATE,map.get(OAuthConstants.STATE));
36+
assertEquals(OAuth20ServiceUnit.EXPIRES,map.get("expires_in"));
3537

3638
finalStringauthorize =Base64Encoder.getInstance()
3739
.encode(String.format("%s:%s",service.getConfig().getApiKey(),service.getConfig().getApiSecret())
3840
.getBytes(Charset.forName("UTF-8")));
3941

40-
Assert.assertEquals(OAuthConstants.BASIC +" " +authorize,map.get(OAuthConstants.HEADER));
42+
assertEquals(OAuthConstants.BASIC +" " +authorize,map.get(OAuthConstants.HEADER));
4143

42-
Assert.assertEquals("user1",map.get("query-username"));
43-
Assert.assertEquals("password1",map.get("query-password"));
44-
Assert.assertEquals("password",map.get("query-grant_type"));
44+
assertEquals("user1",map.get("query-username"));
45+
assertEquals("password1",map.get("query-password"));
46+
assertEquals("password",map.get("query-grant_type"));
4547
}
4648

4749
@Test
@@ -54,23 +56,72 @@ public void shouldProduceCorrectRequestAsync() throws ExecutionException, Interr
5456
finalOAuth2AccessTokentoken =service.getAccessTokenPasswordGrantAsync("user1","password1",null).get();
5557
finalGsonjson =newGson();
5658

57-
Assert.assertNotNull(token);
59+
assertNotNull(token);
5860

5961
finalMap<String,String>map =json.fromJson(token.getRawResponse(),newTypeTokenImpl().getType());
6062

61-
Assert.assertEquals(OAuth20ServiceUnit.TOKEN,map.get(OAuthConstants.ACCESS_TOKEN));
62-
Assert.assertEquals(OAuth20ServiceUnit.STATE,map.get(OAuthConstants.STATE));
63-
Assert.assertEquals(OAuth20ServiceUnit.EXPIRES,map.get("expires_in"));
63+
assertEquals(OAuth20ServiceUnit.TOKEN,map.get(OAuthConstants.ACCESS_TOKEN));
64+
assertEquals(OAuth20ServiceUnit.STATE,map.get(OAuthConstants.STATE));
65+
assertEquals(OAuth20ServiceUnit.EXPIRES,map.get("expires_in"));
6466

6567
finalStringauthorize =Base64Encoder.getInstance()
6668
.encode(String.format("%s:%s",service.getConfig().getApiKey(),service.getConfig().getApiSecret())
6769
.getBytes(Charset.forName("UTF-8")));
6870

69-
Assert.assertEquals(OAuthConstants.BASIC +" " +authorize,map.get(OAuthConstants.HEADER));
71+
assertEquals(OAuthConstants.BASIC +" " +authorize,map.get(OAuthConstants.HEADER));
72+
73+
assertEquals("user1",map.get("query-username"));
74+
assertEquals("password1",map.get("query-password"));
75+
assertEquals("password",map.get("query-grant_type"));
76+
}
77+
78+
@Test
79+
publicvoidtestOAuthExtractAuthorization() {
80+
finalOAuth20Serviceservice =newServiceBuilder()
81+
.apiKey("your_api_key")
82+
.apiSecret("your_api_secret")
83+
.build(newOAuth20ApiUnit());
84+
85+
OAuth2Authorizationauthorization =service.extractAuthorization("https://cl.ex.com/cb?code=SplxlOB&state=xyz");
86+
assertEquals("SplxlOB",authorization.getCode());
87+
assertEquals("xyz",authorization.getState());
88+
89+
authorization =service.extractAuthorization("https://cl.ex.com/cb?state=xyz&code=SplxlOB");
90+
assertEquals("SplxlOB",authorization.getCode());
91+
assertEquals("xyz",authorization.getState());
92+
93+
authorization =service.extractAuthorization("https://cl.ex.com/cb?key=value&state=xyz&code=SplxlOB");
94+
assertEquals("SplxlOB",authorization.getCode());
95+
assertEquals("xyz",authorization.getState());
96+
97+
authorization =service.extractAuthorization("https://cl.ex.com/cb?state=xyz&code=SplxlOB&key=value&");
98+
assertEquals("SplxlOB",authorization.getCode());
99+
assertEquals("xyz",authorization.getState());
100+
101+
authorization =service.extractAuthorization("https://cl.ex.com/cb?code=SplxlOB&state=");
102+
assertEquals("SplxlOB",authorization.getCode());
103+
assertEquals(null,authorization.getState());
104+
105+
authorization =service.extractAuthorization("https://cl.ex.com/cb?code=SplxlOB");
106+
assertEquals("SplxlOB",authorization.getCode());
107+
assertEquals(null,authorization.getState());
108+
109+
authorization =service.extractAuthorization("https://cl.ex.com/cb?code=");
110+
assertEquals(null,authorization.getCode());
111+
assertEquals(null,authorization.getState());
112+
113+
authorization =service.extractAuthorization("https://cl.ex.com/cb?code");
114+
assertEquals(null,authorization.getCode());
115+
assertEquals(null,authorization.getState());
116+
117+
authorization =service.extractAuthorization("https://cl.ex.com/cb?");
118+
assertEquals(null,authorization.getCode());
119+
assertEquals(null,authorization.getState());
120+
121+
authorization =service.extractAuthorization("https://cl.ex.com/cb");
122+
assertEquals(null,authorization.getCode());
123+
assertEquals(null,authorization.getState());
70124

71-
Assert.assertEquals("user1",map.get("query-username"));
72-
Assert.assertEquals("password1",map.get("query-password"));
73-
Assert.assertEquals("password",map.get("query-grant_type"));
74125
}
75126

76127
privatestaticclassTypeTokenImplextendsTypeToken<Map<String,String>> {

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp