On 28/08/12 15:56, mayankeagle wrote:
I just need the value of the verifier so that I can use it to retrieve the
access token.
I wrote a custom authorization handler which uses Response.ok ( new
StringBuilder ( "oauth_token=" ).append ( token ).append (
"&&oauth_verifier=" ).append ( verifier ).toString () ).build () ;
I don't need to do any redirects in this case because its a stand-alone Java
client which wants to invoke the REST service that is OAuth protected.
With this change, I'm able to make it work with Signpost on the client side.
I'll try a custom JAX-RS Message Body writer and see if I can get it to
work.
After you've made this code-change in the framework to support Java clients
out of the box, then will it be provided as a patch that I can download from
the Apache site and use, or will I have to wait until the next release of
CXF?
You do not need to wait for a new release to get it working with a pure
Java client - simply register a message body writer (and reader - if
using CXF or other JAX-RS client api) for OOBAuthorizationResponse
presented as needed.
My understanding is that typically 'oob' means a client is not capable
of receiving callbacks and thus a user has to be presented with HTML
form so that the user can then copy the verifier and enter it somehow
into some sort of the device, etc. For this kind of scenario,
RequestDispatcherProvider can be very useful.
But if you use a pure Java client then providing a custom JAX-RS MBW and
possibly MBR will be enough for the alternative formats be supported.
What I've just done is made it possible for the default XML and JSON
providers to handle this response, and also added a utility form provider:
http://svn.apache.org/viewvc?rev=1378202&view=rev
But again, you can work with 2.6.2 by registering custom MBR/MBW
HTH
Sergey
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth-1-0-in-CXF-2-6-2-tp5713150p5713216.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
