Jasha,
Thank you for help!
On Thu, Dec 17, 2015 at 9:49 PM, Jasha Joachimsthal <ja...@apache.org>
wrote:
>
>
> On 17 December 2015 at 13:02, Anders <innocentl...@gmail.com> wrote:
>
>> Jasha,
>>
>> I found two work-around ways:
>>
>>
>> return OAuthASResponse.tokenResponse(HttpServletResponse.SC_FOUND)
>> .location(redirectURI)
>> .setAccessToken(null)
>> .setParam(OAuthError.OAUTH_ERROR,
>> OAuthError.CodeResponse.UNAUTHORIZED_CLIENT)
>> .setParam(OAuthError.OAUTH_ERROR_DESCRIPTION,
>> errorDescription)
>> .setParam(OAuth.OAUTH_STATE, state)
>> .buildQueryMessage();
>>
>> or
>>
>> return OAuthResponse.status(HttpServletResponse.SC_FOUND)
>> .location(redirectURI)
>> .setParam(OAuthError.OAUTH_ERROR,
>> OAuthError.CodeResponse.ACCESS_DENIED)
>> .setParam(OAuth.OAUTH_STATE, state)
>> .setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
>> .buildQueryMessage();
>>
>> If you have any better ways, please kindly let me know.
>>
>
> I've found the cause. The "access_token" parameter needs to be present to
> switch from ? to # in OAuthResponse.
>
> OAuthProblemException ex =
> OAuthProblemException.error(OAuthError.CodeResponse.ACCESS_DENIED, "Access
> is denied");
> final OAuthResponse oAuthResponse =
> OAuthASResponse.errorResponse(403).error(ex)
> .location("http://www.example.com";)
> .setParam(OAuth.OAUTH_STATE, state)
> .setParam(OAuth.OAUTH_ACCESS_TOKEN, null)
> .buildQueryMessage();
>
> produces
>
>
> http://www.example.com#error=access_denied&state=mystate&error_description=Access+is+denied
>
> Jasha
>
>
>> Thank you.
>>
>> On Thu, Dec 17, 2015 at 5:13 PM, Anders <innocentl...@gmail.com> wrote:
>>
>>> Jasha,
>>>
>>> Sorry to bother you again.
>>> My code is:
>>>
>>> OAuthProblemException ex =
>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT).uri("
>>> https://google.com";).setParameter("1", "2");
>>>
>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND).location(redirectURI).error(ex).buildQueryMessage();
>>>
>>> But I still get: https://redirect.uri/oauth/callback?
>>> error=unauthorized_client&error_uri=https%3A%2F%2Fgoogle.com
>>>
>>> Please let me know if I'm doing wrong.
>>> Thank you.
>>>
>>> On Thu, Dec 17, 2015 at 4:52 PM, Jasha Joachimsthal <ja...@apache.org>
>>> wrote:
>>>
>>>>
>>>>
>>>> On 17 December 2015 at 09:13, Anders <innocentl...@gmail.com> wrote:
>>>>
>>>>> Jasha,
>>>>>
>>>>> I checked OAuthASResponse you mentioned and found:
>>>>>
>>>>> @Test
>>>>> public void testAuthzImplicitResponseWithState() throws Exception {
>>>>> HttpServletRequest request =
>>>>> createMock(HttpServletRequest.class);
>>>>>
>>>>> expect(request.getParameter(OAuth.OAUTH_STATE)).andStubReturn("ok");
>>>>> replay(request);
>>>>> OAuthResponse oAuthResponse =
>>>>> OAuthASResponse.authorizationResponse(request,200)
>>>>> .location("http://www.example.com";)
>>>>> .setAccessToken("access_111")
>>>>> .setExpiresIn("400")
>>>>> .setParam("testValue", "value2")
>>>>> .buildQueryMessage();
>>>>>
>>>>> String url = oAuthResponse.getLocationUri();
>>>>> Assert.assertEquals("
>>>>> http://www.example.com#testValue=value2&state=ok&expires_in=400&access_token=access_111";,
>>>>> url);
>>>>> Assert.assertEquals(200, oAuthResponse.getResponseStatus());
>>>>> }
>>>>>
>>>>> Then I wrote my code as below:
>>>>>
>>>>> OAuthProblemException ex =
>>>>> OAuthProblemException.error(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT);
>>>>> return
>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST)
>>>>> .error(ex)
>>>>> .location(oauthReq.getRedirectURI())
>>>>> .buildQueryMessage();
>>>>>
>>>>> I got this:
>>>>> https://redirect.uri/oauth/callback?error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>>> But I expect this one: https://redirect.uri/oauth/callback#
>>>>> error_description=Not+allowed+to+go+IMPLICIT+grant+flow&error=unauthorized_client
>>>>>
>>>>> I can't use OAuthASResponse.authorizationResponse(), because it
>>>>> doesn't accept OAuthProblemException as argument.
>>>>> DoI miss anything?
>>>>>
>>>>
>>>>
>>>> You are using a success method to return an error. See the
>>>> testErrorResponse method for the example with the error response.
>>>>
>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_BAD_REQUEST).error(ex)...
>>>>
>>>>
>>>>
>>>>>
>>>>> Thank you very much.
>>>>>
>>>>> On Thu, Dec 17, 2015 at 2:20 PM, Jasha Joachimsthal <ja...@apache.org>
>>>>> wrote:
>>>>>
>>>>>> Hi Anderson,
>>>>>>
>>>>>> On 17 December 2015 at 07:00, Anders <innocentl...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm using Oltu version 1.0.1.
>>>>>>> According to OAuth 2.0 spec, I need to put error parameter in HTTP
>>>>>>> fragment, like below:
>>>>>>>
>>>>>>> HTTP/1.1 302 Found
>>>>>>> Location: https://client.example.com/cb#error=access_denied&state=xyz
>>>>>>>
>>>>>>> But I can't use OAuthASResponse.errorResponse() to put error parameter
>>>>>>> in fragment.
>>>>>>>
>>>>>>> OAuthASResponse.errorResponse(HttpServletResponse.SC_FOUND)
>>>>>>> .location(oauthReq.getRedirectURI())
>>>>>>>
>>>>>>> .setError(OAuthError.CodeResponse.ACCESS_DENIED)
>>>>>>> .setState(oauthReq.getState())
>>>>>>> .buildQueryMessage();
>>>>>>>
>>>>>>> Is there any way to do this?
>>>>>>> Thank you for any comments.
>>>>>>> --
>>>>>>>
>>>>>>> Anderson
>>>>>>>
>>>>>>
>>>>>> First create an OAuthProblemException with the error and pass this
>>>>>> exception to the OAuthASResponse. You can find examples in the test class
>>>>>> of OAuthASResponse:
>>>>>>
>>>>>> https://svn.apache.org/repos/asf/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/response/OAuthASResponseTest.java
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Jasha
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ------------------
>>>>> ~Mia は 最高!~
>>>>> ------------------
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> ------------------
>>> ~Mia は 最高!~
>>> ------------------
>>>
>>
>>
>>
>> --
>> ------------------
>> ~Mia は 最高!~
>> ------------------
>>
>
>
--
------------------
~Mia は 最高!~
------------------
