我正在使用java https://developer.yahoo.com/oauth2/guide/使用他们的开发人员指南实现yahoo Oauth 2.0。
在第四步,它说要交换访问令牌的授权代码,我收到的响应类似于"无效请求"。
在指南中,他们提到过将baseK编码格式的consumerKey和consumerSecret包含在响应头中。
我也包括了,但我不确定这是否会导致无效响应。
我错过了一些可以帮助我的人。
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.Map;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@WebServlet("/helloWorld")
public class helloWorld extends HttpServlet {
private static final long serialVersionUID = 1L;
private static String gUri ="";
private static String contactsUri="";
private static String yahooServer="";
private static String consumer_key = "foo";
private static String redirect_uri = "https://foo/TestServlet/helloWorld?a=process";
private static String consumer_secret = "foo";
private static String encodedValue="";
public helloWorld() {
super();
}
public void init(ServletConfig config) throws ServletException
{
super.init(config);
}
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter pw = response.getWriter();
String action = request.getParameter("a");
try {
if (action.equals("init")) {
String url = "https://api.login.yahoo.com/oauth2/request_auth?client_id="
+ consumer_key
+ "&redirect_uri="
+ redirect_uri
+ "&response_type=code&language=en-us";
pw.println(url);
response.sendRedirect(url);
} else if (action.equalsIgnoreCase("process")) {
String code = request.getParameter("code");
System.out.println("code::::" + code);
System.out.println("helloWorld:doPost:requesturl:" + request.getQueryString());
doPost(request, response);
}else if(action.equalsIgnoreCase("getAccessToken")){
System.out.println("helloWorld:doGet:accessToken" +request.getAttribute("access_token") );
System.out.println("helloWorld:doGet:accessToken" +request.getParameter("access_token") );
}
else{
System.out.println("helloWorld:doGet:else" );
}
}finally {
pw.close();
}
}
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String code = request.getParameter("code");
redirect_uri="https://foo/TestServlet/helloWorld?a=getAccessToken";
String getAccessToken="https://api.login.yahoo.com/oauth2/get_token?client_id="
+consumer_key
+"&client_secret="
+consumer_secret
+"&redirect_uri="
+redirect_uri
+"&code="
+code
+"&grant_type=access_token";
encodedValue=encoder.encode(consumer_key+":"+consumer_secret);
System.out.println("helloWorld:doPost:encodedVAlue-->" +encodedValue );
response.setHeader("Authorization:","Basic"+encodedValue);
response.setHeader("Content-Type:","application/x-www-form-urlencoded");
System.out.println("helloWorld:doGet:contactsUri" +getAccessToken );
response.sendRedirect(getAccessToken);
}
}
答案 0 :(得分:1)
您需要将参数作为表单编码参数在HTTP POST请求中发布到令牌端点(oauth2/get_token),而不是在重定向到令牌端点时将它们作为查询参数提供。您可以使用Sending HTTP POST Request In Java
另外,请注意:
Basic和encodedValue setHeader方法将:添加到标题本身,您不需要在第一个参数中提供它但是1.和2.与实际的解决方案代码无关,因为您不应该将HTTP响应的Header设置为调用者,而是根据对Yahoo的HTTP请求。