1

I am implementing yahoo Oauth 2.0 using their developer guide using java https://developer.yahoo.com/oauth2/guide/.

At the fourth step , where it says to exchange the authorization code for Access Token , I am getting an response like "invalid request".

In the guide , they have mentioned to include the consumerKey and consumerSecret in a base64 encoded format as a response header.

I have included that also , but i am not sure whether this is causing an INVALID RESPONSE.

I have missed some where can someone help me out of this. 

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.Map;

import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/helloWorld")
public class helloWorld extends HttpServlet {
    private static final long serialVersionUID = 1L;
    private static String gUri ="";
    private static String contactsUri="";
    private static String yahooServer="";
    private static String consumer_key = "foo";

    private static String redirect_uri = "https://foo/TestServlet/helloWorld?a=process";
    private static String consumer_secret = "foo";
    private static String encodedValue="";

    public helloWorld() {
        super();
    }
    public void init(ServletConfig config) throws ServletException
    {
        super.init(config); 
    }

    protected void doGet(HttpServletRequest request,
        HttpServletResponse response) throws ServletException, IOException {

    response.setContentType("text/html");
    PrintWriter pw = response.getWriter();

    String action = request.getParameter("a");
    try {
        if (action.equals("init")) {
            String url = "https://api.login.yahoo.com/oauth2/request_auth?client_id="
                    + consumer_key
                    + "&redirect_uri="
                    + redirect_uri
                    + "&response_type=code&language=en-us";
            pw.println(url);
            response.sendRedirect(url);
        } else if (action.equalsIgnoreCase("process")) {
            String code = request.getParameter("code");
            System.out.println("code::::" + code);
            System.out.println("helloWorld:doPost:requesturl:" + request.getQueryString());
            doPost(request, response);
        }else if(action.equalsIgnoreCase("getAccessToken")){

            System.out.println("helloWorld:doGet:accessToken" +request.getAttribute("access_token") );
            System.out.println("helloWorld:doGet:accessToken" +request.getParameter("access_token") );
        }
        else{
            System.out.println("helloWorld:doGet:else" );
        }

    }finally {
        pw.close();
    }

}


protected void doPost(HttpServletRequest request,
        HttpServletResponse response) throws ServletException, IOException {
    String code = request.getParameter("code");
    redirect_uri="https://foo/TestServlet/helloWorld?a=getAccessToken";
    String getAccessToken="https://api.login.yahoo.com/oauth2/get_token?client_id="
                            +consumer_key
                            +"&client_secret="
                            +consumer_secret
                            +"&redirect_uri="
                            +redirect_uri
                            +"&code="
                            +code
                            +"&grant_type=access_token";
    encodedValue=encoder.encode(consumer_key+":"+consumer_secret);
    System.out.println("helloWorld:doPost:encodedVAlue-->" +encodedValue );
    response.setHeader("Authorization:","Basic"+encodedValue);
    response.setHeader("Content-Type:","application/x-www-form-urlencoded");

    System.out.println("helloWorld:doGet:contactsUri" +getAccessToken );
    response.sendRedirect(getAccessToken);
   }
  }
rrk
  • 109
  • 1
  • 2
  • 11

1 Answers1

1

You need to POST the parameters as form-encoded parameters in a HTTP POST request to the token endpoint (oauth2/get_token) instead of providing them as query parameters in a redirect to the token endpoint. You can use code from Sending HTTP POST Request In Java

Also, be aware that:

  1. you need a space between Basic and encodedValue
  2. the setHeader method adds the : to the Header itself, you don't need to provide it in the first parameter

But 1. and 2. are not relevant for the actual solution code as you should not be looking to set the Header on the HTTP Response to your caller, but on the HTTP request to Yahoo.

Community
  • 1
  • 1
Hans Z.
  • 41,402
  • 9
  • 80
  • 105