我希望Oauth2服务器先检查从该服务器获得的令牌,然后再在另一个应用程序中使用。
但是,即使apiName和apiSecret已在身份验证服务器上注册,以下代码也会导致未经授权的异常。
import org.apache.commons.codec.binary.Base64;
import org.apache.http.client.fluent.Content;
import org.apache.http.client.fluent.Request;
import org.apache.http.client.fluent.Response;
import org.apache.http.entity.ContentType;
...
String apiName = "myApiName";
String apiSecret = "mySecret";
String auth = apiName+":"+apiSecret;
byte[] auth64 = Base64.encodeBase64(auth.getBytes());
Content c = Request.Post("https://server/connect/introspect")
.addHeader("Authorization", "Basic "+auth64)
.bodyString("token=eyJhbGcAndSoOn", ContentType.APPLICATION_FORM_URLENCODED);
.execute().returnContent();