Hi Sergey,
I've downloaded 2.5.3-SNAPSHOT-43 and I'm afraid the problem still remains.
In org.apache.cxf.rs.security.oauth.services.RequestTokenHandler handle()
method we can find:
List<String> scopes = OAuthUtils.parseParamValue(
oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE),
defaultScope);
RequestTokenRegistration reg = new RequestTokenRegistration();
reg.setClient(client);
reg.setCallback(callback);
reg.setState(oAuthMessage.getParameter("*state*"));
And OAuthConstants.X_OAUTH_SCOPE is defined as:
public static final String X_OAUTH_SCOPE = "*scope*";
So extra OAuth parameters use "scope" and "state" names, but with net.oauth
1.0 reference implementation, when authorization header is built inside
net.oauth.OAuthMessage getAuthorizationHeader() method only parameters whose
names begin with "oauth_" are included:
for (Map.Entry parameter : parameters) {
String name = toString(parameter.getKey());
*if (name.startsWith("oauth_")) {*
if (into.length() > 0) into.append(",");
into.append(" ");
into.append(OAuth.percentEncode(name)).append("=\"");
into.append(OAuth.percentEncode(toString(parameter.getValue()))).append('"');
}
}
To solve the problem "scope", "state" should be renamed to something like
"oauth_scope" and "oauth_state"
--
View this message in context:
http://cxf.547215.n5.nabble.com/jira-Created-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5164840p5638679.html
Sent from the cxf-issues mailing list archive at Nabble.com.
