We have the same logic in few places to extract authorization header (Not only in Oauth).
On Wed, Oct 7, 2015 at 10:59 PM, Malithi Edirisinghe <[email protected]> wrote: > Hi Hasintha, > > I don't see any usecase for using multiple authorization header values > here. This is used for OAuth Client Authentication [1]. There we don't have > multiple client credentials right. > > [1] https://tools.ietf.org/html/rfc6749#section-2.3 > > On Wed, Oct 7, 2015 at 10:21 PM, Hasintha Indrajee <[email protected]> > wrote: > >> Hi Malithi, >> >> What happens if we include multiple authorization header values in the >> same header ? As [1] says we can use comma separated values for the same >> header values. Is there a valid use case where we can use two authorization >> header values ?. If so we need to handle this within the logic you stated. >> >> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 >> >> On Wed, Oct 7, 2015 at 9:13 PM, Sachith Punchihewa <[email protected]> >> wrote: >> >>> @Malithi, >>> Thank you very much for the detailed explanation.Yes when i was >>> debugging the method extract* "Authorization:Basic xxxxxxxxxxxxxx" -H >>> "Content-Type: application/x-www-form-urlencoded"* and then split >>> it.thanks again for the explanation. >>> >>> Cheers. >>> >>> Kamidu Sachith Punchihewa >>> *Software Engineer* >>> WSO2, Inc. >>> lean . enterprise . middleware >>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>> >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. >>> If you are not the intended recipient/s, or believe that you may have >>> received this communication in error, please reply to the sender indicating >>> that fact and delete the copy you received and in addition, you should not >>> print, copy, retransmit, disseminate, or otherwise use the information >>> contained in this communication. Internet communications cannot be >>> guaranteed to be timely, secure, error or virus-free. The sender does not >>> accept liability for any errors or omissions. >>> >>> On Wed, Oct 7, 2015 at 8:59 PM, Malithi Edirisinghe <[email protected]> >>> wrote: >>> >>>> Hi Sachith, >>>> >>>> Here EndpointUtil.extractCredentialsFromAuthzHeader() method expects >>>> the value of the 'Authorization' header. Please refer [1]. Here the value >>>> of the 'Authorization' header is passed to the method which is directly >>>> taken from the servlet request. >>>> And when decoding the header it expects the value to be in >>>> '<authMethod> <base64Hash>' format. >>>> >>>> So actually what's wrong here is the curl you have posted. It should be >>>> like below. >>>> >>>> curl -k -d "grant_type=password&username=admin&password=admin" -H >>>> "Authorization:Basic xxxxxxxxxxxxxx" -H "Content-Type: >>>> application/x-www-form-urlencoded" https://localhost:9443/oauth2/token >>>> >>>> So this adds the two headers properly. >>>> In your case the value of the 'Authorization' header is 'Basic >>>> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, Content-Type: >>>> application/x-www-form-urlencoded' which is not in the expected format. >>>> That's why you see the error 'Error decoding authorization header. >>>> Space delimited \"<authMethod> <base64Hash>\" format violated.' >>>> >>>> Further, if you try out the curl command that Pushpalanka has posted >>>> you will note that it works. >>>> >>>> [1] >>>> https://github.com/wso2/carbon-identity/blob/master/components/oauth/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java#L86 >>>> >>>> Thanks, >>>> Malithi. >>>> >>>> >>>> On Wed, Oct 7, 2015 at 5:57 PM, Sachith Punchihewa <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> @Pushpalanka I used that then it gives me an error indicating "Client >>>>> Authentication failed". >>>>> >>>>> This issues was not there in the IS 5.0.0. I did a debugging and found >>>>> the issue. I have send a pull request regarding this. >>>>> >>>>> Thanks and Regards. >>>>> Kamidu Sachith Punchihewa >>>>> *Software Engineer* >>>>> WSO2, Inc. >>>>> lean . enterprise . middleware >>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>> >>>>> >>>>> Disclaimer: This communication may contain privileged or other >>>>> confidential information and is intended exclusively for the addressee/s. >>>>> If you are not the intended recipient/s, or believe that you may have >>>>> received this communication in error, please reply to the sender >>>>> indicating >>>>> that fact and delete the copy you received and in addition, you should not >>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>> contained in this communication. Internet communications cannot be >>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>> accept liability for any errors or omissions. >>>>> >>>>> On Wed, Oct 7, 2015 at 5:47 PM, Pushpalanka Jayawardhana < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Optionally, can you try with below command format and check, >>>>>> >>>>>> curl --user Client_Id:Client_Secret -k -d >>>>>> "grant_type=password&username=admin&password=admin" -H >>>>>> "Content-Type:application/x-www-form-urlencoded" >>>>>> https://localhost:9443/oauth2/token >>>>>> >>>>>> Thanks, >>>>>> Pushpalanka. >>>>>> -- >>>>>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >>>>>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >>>>>> Mobile: +94779716248 >>>>>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: >>>>>> lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka >>>>>> >>>>>> >>>>>> On Wed, Oct 7, 2015 at 5:40 PM, Sachith Punchihewa <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi, >>>>>>> I am currently using a locally build of IS Server from the latest >>>>>>> code.When i try to get a OAuth Access token via a curl execution i am >>>>>>> getting an error. >>>>>>> >>>>>>> Curl Format used : >>>>>>> >>>>>>> *curl**<SPACE>**-k**<SPACE>**-d**<SPACE>* >>>>>>>> *"grant_type=password&username=userNamepasswork&=**passWord* >>>>>>>> *&tenantDomain=carbon.super"**<SPACE>**-H**<SPACE>* >>>>>>>> *"Authorization:Basic**<SPACE>**Base 64 encoded >>>>>>>> clientID:clientSecret,**<SPACE>**Content-Type:**<SPACE>* >>>>>>>> *application/x-www-form-urlencoded"**<SPACE>**https://localhost:9443/oauth2/token >>>>>>>> <https://localhost:9443/oauth2/token>* >>>>>>> >>>>>>> >>>>>>> Actual command : >>>>>>> >>>>>>> curl -k -d >>>>>>>> "grant_type=password&username=xxxxx&password=xxxxx&tenantDomain=carbon.super" >>>>>>>> -H "Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, >>>>>>>> Content-Type: application/x-www-form-urlencoded" >>>>>>>> https://localhost:9443/oauth2/token >>>>>>> >>>>>>> >>>>>>> Error : >>>>>>> >>>>>>> "Error decoding authorization header. Space delimited \"<authMethod> >>>>>>>> <base64Hash>\" format violated." >>>>>>> >>>>>>> >>>>>>> >>>>>>> Is there is a issue with the curl command i am using here ? >>>>>>> >>>>>>> Thanks and Regards. >>>>>>> Kamidu Sachith Punchihewa >>>>>>> *Software Engineer* >>>>>>> WSO2, Inc. >>>>>>> lean . enterprise . middleware >>>>>>> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> >>>>>>> >>>>>>> >>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>> confidential information and is intended exclusively for the >>>>>>> addressee/s. >>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>> received this communication in error, please reply to the sender >>>>>>> indicating >>>>>>> that fact and delete the copy you received and in addition, you should >>>>>>> not >>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>> contained in this communication. Internet communications cannot be >>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>> not >>>>>>> accept liability for any errors or omissions. >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Malithi Edirisinghe* >>>> Senior Software Engineer >>>> WSO2 Inc. >>>> >>>> Mobile : +94 (0) 718176807 >>>> [email protected] >>>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Hasintha Indrajee >> Software Engineer >> WSO2, Inc. >> Mobile:+94 771892453 >> >> > > > -- > > *Malithi Edirisinghe* > Senior Software Engineer > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] > -- Hasintha Indrajee Software Engineer WSO2, Inc. Mobile:+94 771892453
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
