Hi On 13/04/12 16:30, jordi wrote:
Hi Sergey, I've downloaded 2.5.3-SNAPSHOT-43 and I'm afraid the problem still remains.In org.apache.cxf.rs.security.oauth.services.RequestTokenHandler handle() method we can find: List<String> scopes = OAuthUtils.parseParamValue( oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE), defaultScope); RequestTokenRegistration reg = new RequestTokenRegistration(); reg.setClient(client); reg.setCallback(callback); reg.setState(oAuthMessage.getParameter("*state*")); And OAuthConstants.X_OAUTH_SCOPE is defined as: public static final String X_OAUTH_SCOPE = "*scope*"; So extra OAuth parameters use "scope" and "state" names, but with net.oauth 1.0 reference implementation, when authorization header is built inside net.oauth.OAuthMessage getAuthorizationHeader() method only parameters whose names begin with "oauth_" are included: for (Map.Entry parameter : parameters) { String name = toString(parameter.getKey()); *if (name.startsWith("oauth_")) {* if (into.length()> 0) into.append(","); into.append(" "); into.append(OAuth.percentEncode(name)).append("=\""); into.append(OAuth.percentEncode(toString(parameter.getValue()))).append('"'); } } To solve the problem "scope", "state" should be renamed to something like "oauth_scope" and "oauth_state"
AFAIK, 'oauth' is reserved in OAuth 1.0 for the parameters defined in the spec. Please use OAuthClientUtils to build the authorization header, in CXF we do not depend on the 'consumer' part of the Google library, (at the demo level only). I have a demo in the Talend distro that works with custom scopes...
Cheers, Sergey
-- View this message in context: http://cxf.547215.n5.nabble.com/jira-Created-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5164840p5638679.html Sent from the cxf-issues mailing list archive at Nabble.com.
-- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com
