AccessToken with Email/Password in Java
AccessToken with Email/Password in Java
17 Aug 2017, 16:21
Hey!
I am working on my first bot. :D
Unfortunately I already have problems receiving the AccessToken :(
Regarding the bot: I do not want to make it public; and it should run just on the CLI.
Thats why my credentials are hardcoded in my code (for now -> later will be entered in CLI)
Now comes the problem:
For authentication (OAuth2.0) with email / password, I am using Scribe (see github):
https://github.com/scribejava/scribejava/
my setup looks like following:
// setup the serviceBuilder (OAuth)
final ServiceBuilder serviceBuilder = new ServiceBuilder(Constants.CLIENT_ID)
.apiSecret(Constants.SECRET)
.scope(Constants.SCOPE_ACCOUNTS)
.build(SpotwareOAuthApi.instance());
final OAuth2AccessToken token = service.getAccessTokenPasswordGrant("myEmail@iDoNotTell.you", "MyPassword");
///////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////
public class SpotwareOAuthApi extends DefaultApi20 {
protected SpotwareOAuthApi() {
}
private static class InstanceHolder {
private static final SpotwareOAuthApi INSTANCE = new SpotwareOAuthApi();
}
public static SpotwareOAuthApi instance() {
return InstanceHolder.INSTANCE;
}
@Override
public Verb getAccessTokenVerb() {
//return Verb.GET;
return Verb.POST;
}
@Override
public String getAccessTokenEndpoint() {
return Constants.AUTH_URL + "/apps/token";
}
@Override
protected String getAuthorizationBaseUrl() {
return Constants.AUTH_URL + "/apps/auth";
}
@Override
public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
return OAuth2AccessTokenExtractor.instance();
}
@Override
public OAuth2SignatureType getSignatureType() {
//return OAuth2SignatureType.BEARER_URI_QUERY_PARAMETER;
return OAuth2SignatureType.BEARER_AUTHORIZATION_REQUEST_HEADER_FIELD;
}
}
I am not able to successfully get an accessToken.
I follow the web requests via charles proxy (see below)
The clientId is not directly in the request, it is added as header like following (see Authorization):
POST https://connect.spotware.com/apps/token Authorization Basic I_WILL_NOT_TELL_YOU Content-Type application/x-www-form-urlencoded User-Agent Java/1.8.0_72 Host connect.spotware.com Accept text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection keep-alive Content-Length 99
This is how the response looks like:
{
"errorCode": "INVALID_REQUEST",
"description": "Malformed client_id parameter"
}
I hope anybody can help me...
Thanks in advance,
Lucas
Replies
testcenter
18 Aug 2017, 07:39
could you please also support grant type via password?
https://tools.ietf.org/html/rfc6749#section-4.3
@testcenter
testcenter
18 Aug 2017, 08:47
never mind, i found an other solution. (which is not that nice, but works :D)
@testcenter
testcenter
17 Aug 2017, 18:13 ( Updated at: 21 Dec 2023, 09:20 )
I played a bit around with postman (chrome application for http debugging - i guess you know what i mean :D )
turns out, when i add the client_id to the header, i will get a different response:
{ "errorCode": "INVALID_REQUEST", "description": "Unknown grant_type" }see request below:
why do you not support the grant type "password" ?
isn't it one of the defaults for OAuth2.0
https://tools.ietf.org/html/rfc6749#section-4.3.2
do i have to use an other endpoint / path?
@testcenter