SimpleOAuthValidator checks nonces, but not very well. See the
javadoc for details. For a scalable service provider, you need a
database to store nonces that have been used recently.
On Oct 21, 11:51 pm, Anuradha Thota anuradha.th...@gmail.com wrote:
i need to check the nonce value to see if
The latest core .jar is in
http://oauth.googlecode.com/svn/code/maven/net/oauth/core/oauth/20090825/
HttpRequestMessage and OAuthServlet are in
http://oauth.googlecode.com/svn/code/maven/net/oauth/core/oauth-provider/20090531/
SampleOAuthProvider is in the .war file in
Hi,
Iam passing accessToken as null now.Even then i get the same exception
that token has been expired inside SampleOAuthProvider.getAccessor()
Inside this method,it is checking for tokens and since they are coming
as null accessor object is set to null as a result of which we are
getting
Sorry I believe you are correct that the EchoServlet is currently written to
only support 3-Legged OAuth. I think by changing the EchoServlet in the
following ways it should support 2-Legged.
1) Instead of
OAuthAccessor accessor = SampleOAuthProvider.getAccessor(requestMessage);
Use
final
As John pointed out you should not set the accessToken to you should
leave it null. I believe if you change this it will fix your problem. Two
legged OAuth does not specify the access token on the request (since access
token is never requested) [1]. I think the error you are seeing occurs since
Hi I have tried validating the signature.It throws
net.oauth.OAuthProblemException: signature_invalid.
What can be done to this?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
OAuth group.
To post to this group,
Yes I have seen this example.I do not see signature verification
process anywhere.According to http://oauth.net/core/1.0, the Service
Provider verifies the request by generating a new request signature
octet string, and comparing it to the signature provided by the
Consumer.Could you plesae
OAuthAccessor.accessToken should be initialized to null, not (to
indicate that the consumer has not yet obtained a valid access token).
The example oauth-provider validates requests like this:
SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage,
accessor);
It calls
When using this library you can use an OAuthValidator implementation, like
SimpleOAuthValidator, to check the signature, timestamp, nounce. An
example of it being used can be found in the EchoServlet on line 52
SampleOAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor);
[1]. More
Did you see this example
http://oauth.googlecode.com/svn/code/java/example/oauth-provider/ ?
HTH,
Rob
On Mon, Oct 12, 2009 at 2:19 AM, Anuradha Thota anuradha.th...@gmail.comwrote:
Hi,
Iam trying to implement a sample oauth consumer(plain java) and a
service provider(servlet).
In my client
10 matches
Mail list logo