Hi

On 13/04/12 16:30, jordi wrote:
Hi Sergey,
I've downloaded 2.5.3-SNAPSHOT-43 and I'm afraid the problem still remains.

In org.apache.cxf.rs.security.oauth.services.RequestTokenHandler handle()
method we can find:

             List<String>  scopes = OAuthUtils.parseParamValue(
                     oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE),
defaultScope);

             RequestTokenRegistration reg = new RequestTokenRegistration();
             reg.setClient(client);
             reg.setCallback(callback);
             reg.setState(oAuthMessage.getParameter("*state*"));

And OAuthConstants.X_OAUTH_SCOPE is defined as:
             public static final String X_OAUTH_SCOPE = "*scope*";

So extra OAuth parameters use "scope" and "state" names, but with net.oauth
1.0 reference implementation, when authorization header is built inside
net.oauth.OAuthMessage getAuthorizationHeader() method only parameters whose
names begin with "oauth_" are included:
             for (Map.Entry parameter : parameters) {
                 String name = toString(parameter.getKey());
                 *if (name.startsWith("oauth_")) {*
                     if (into.length()>  0) into.append(",");
                     into.append(" ");
                     into.append(OAuth.percentEncode(name)).append("=\"");

into.append(OAuth.percentEncode(toString(parameter.getValue()))).append('"');
                 }
             }

To solve the problem "scope", "state" should be renamed to something like
"oauth_scope" and "oauth_state"

AFAIK, 'oauth' is reserved in OAuth 1.0 for the parameters defined in the spec. Please use OAuthClientUtils to build the authorization header, in CXF we do not depend on the 'consumer' part of the Google library, (at the demo level only). I have a demo in the Talend distro that works with custom scopes...

Cheers, Sergey


--
View this message in context: 
http://cxf.547215.n5.nabble.com/jira-Created-CXF-4051-Custom-OAuth-scopes-are-not-supported-tp5164840p5638679.html
Sent from the cxf-issues mailing list archive at Nabble.com.


--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Reply via email to