Hi Malithi, What happens if we include multiple authorization header values in the same header ? As [1] says we can use comma separated values for the same header values. Is there a valid use case where we can use two authorization header values ?. If so we need to handle this within the logic you stated.
[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa <[email protected]> wrote: > @Malithi, > Thank you very much for the detailed explanation.Yes when i was debugging > the method extract* "Authorization:Basic xxxxxxxxxxxxxx" -H > "Content-Type: application/x-www-form-urlencoded"* and then split > it.thanks again for the explanation. > > Cheers. > > Kamidu Sachith Punchihewa > *Software Engineer* > WSO2, Inc. > lean . enterprise . middleware > Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> > > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > > On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe <[email protected]> > wrote: > >> Hi Sachith, >> >> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects the >> value of the 'Authorization' header. Please refer [1]. Here the value of >> the 'Authorization' header is passed to the method which is directly taken >> from the servlet request. >> And when decoding the header it expects the value to be in '<authMethod> >> <base64Hash>' format. >> >> So actually what's wrong here is the curl you have posted. It should be >> like below. >> >> curl -k -d "grant_type=password&username=admin&password=admin" -H >> "Authorization:Basic xxxxxxxxxxxxxx" -H "Content-Type: >> application/x-www-form-urlencoded" https://localhost:9443/oauth2/token >> >> So this adds the two headers properly. >> In your case the value of the 'Authorization' header is 'Basic >> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, Content-Type: >> application/x-www-form-urlencoded' which is not in the expected format. >> That's why you see the error 'Error decoding authorization header. Space >> delimited \"<authMethod> <base64Hash>\" format violated.' >> >> Further, if you try out the curl command that Pushpalanka has posted you >> will note that it works. >> >> [1] >> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86 >> >> Thanks, >> Malithi. >> >> >> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa <[email protected]> >> wrote: >> >>> Hi All, >>> >>> @Pushpalanka I used that then it gives me an error indicating "Client >>> Authentication failed". >>> >>> This issues was not there in the IS 5.0.0. I did a debugging and found >>> the issue. I have send a pull request regarding this. >>> >>> Thanks and Regards. >>> Kamidu Sachith Punchihewa >>> *Software Engineer* >>> WSO2, Inc. >>> lean . enterprise . middleware >>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>> >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. >>> If you are not the intended recipient/s, or believe that you may have >>> received this communication in error, please reply to the sender indicating >>> that fact and delete the copy you received and in addition, you should not >>> print, copy, retransmit, disseminate, or otherwise use the information >>> contained in this communication. Internet communications cannot be >>> guaranteed to be timely, secure, error or virus-free. The sender does not >>> accept liability for any errors or omissions. >>> >>> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana <[email protected] >>> > wrote: >>> >>>> Hi, >>>> >>>> Optionally, can you try with below command format and check, >>>> >>>> curl --user Client_Id:Client_Secret -k -d >>>> "grant_type=password&username=admin&password=admin" -H >>>> "Content-Type:application/x-www-form-urlencoded" >>>> https://localhost:9443/oauth2/token >>>> >>>> Thanks, >>>> Pushpalanka. >>>> -- >>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>> Mobile: +94779716248 >>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>> >>>> >>>> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> I am currently using a locally build of IS Server from the latest >>>>> code.When i try to get a OAuth Access token via a curl execution i am >>>>> getting an error. >>>>> >>>>> Curl Format used : >>>>> >>>>> *curl**<SPACE>**-k**<SPACE>**-d**<SPACE>* >>>>>> *"grant_type=password&username=userNamepasswork&=**passWord* >>>>>> *&tenantDomain=carbon.super"**<SPACE>**-H**<SPACE>* >>>>>> *"Authorization:Basic**<SPACE>**Base 64 encoded >>>>>> clientID:clientSecret,**<SPACE>**Content-Type:**<SPACE>* >>>>>> *application/x-www-form-urlencoded"**<SPACE>**https://localhost:9443/oauth2/token >>>>>> <https://localhost:9443/oauth2/token>* >>>>> >>>>> >>>>> Actual command : >>>>> >>>>> curl -k -d >>>>>> "grant_type=password&username=xxxxx&password=xxxxx&tenantDomain=carbon.super" >>>>>> -H "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, >>>>>> Content-Type: application/x-www-form-urlencoded" >>>>>> https://localhost:9443/oauth2/token >>>>> >>>>> >>>>> Error : >>>>> >>>>> "Error decoding authorization header. Space delimited \"<authMethod> >>>>>> <base64Hash>\" format violated." >>>>> >>>>> >>>>> >>>>> Is there is a issue with the curl command i am using here ? >>>>> >>>>> Thanks and Regards. >>>>> Kamidu Sachith Punchihewa >>>>> *Software Engineer* >>>>> WSO2, Inc. >>>>> lean . enterprise . middleware >>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>> >>>>> >>>>> Disclaimer: This communication may contain privileged or other >>>>> confidential information and is intended exclusively for the addressee/s. >>>>> If you are not the intended recipient/s, or believe that you may have >>>>> received this communication in error, please reply to the sender >>>>> indicating >>>>> that fact and delete the copy you received and in addition, you should not >>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>> contained in this communication. Internet communications cannot be >>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>> accept liability for any errors or omissions. >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> *Malithi Edirisinghe* >> Senior Software Engineer >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> [email protected] >> > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Hasintha Indrajee Software Engineer WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
