On 19/08/12 23:21, mayankeagle wrote:
Ok, I have a strange issue like a vicious circle now. I got through that
authorize URL because I was not setting the 'Accept' header properly.
However, now if I make a call from the client as
"MyAppName/services/authorize?oauth_token=...." and set everything in the
Authorization header, then the server gives me an error that the oauth_token
parameter was rejected (this comes from the net.oauth validator because it
perhaps doesn't want the oauth_token in the signature generation for the
authorize request),
and if I remove the "oauth_token" parameter from the
URL, then it goes through the OAuth message validation but then the
authorization service itself says that it didn't find the token.
When the client requests a token authorization, no signature has to be
calculated and no Authorization header is expected by the service. I
think the validation fails because a single oauth_token is expected but
if you also include Authorization header we end up with more than one
parameter
Why do you prepare Authorization ? Is it because you get a JavaScript
client running ? I have not seen anything in the spec that suggests that
Authorization service needs to accept Authorization
Cheers, Sergey
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth-1-0-in-Apache-CXF-tp5712720p5712772.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
