Altered user authentication method in authorization code request.
Change-Id: I01a023ba5018f0ff568e787dc20231c6f088c4d5
diff --git a/full/Changes b/full/Changes
index 4589e7b..2b3e4fa 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,3 +1,10 @@
+version 0.60.3
+07/05/2018
+ - improved user authentication by using authentication filter for authorization code request (margaretha)
+ - limited client authentication to client id checking in authorization code request (margaretha)
+ - added user_id in the oauth2_access_token table (margaretha)
+ - implemented OAuth2Authentication provider for token context management (margaretha)
+
version 0.60.2
03/05/2018
- implemented OAuth2 client registration (margaretha)
diff --git a/full/pom.xml b/full/pom.xml
index 0337795..f0e16a8 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-full</artifactId>
- <version>0.60.2</version>
+ <version>0.60.3</version>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/OAuth2Authentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/OAuth2Authentication.java
new file mode 100644
index 0000000..68c815d
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/OAuth2Authentication.java
@@ -0,0 +1,79 @@
+package de.ids_mannheim.korap.authentication;
+
+import java.time.ZonedDateTime;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.FullConfiguration;
+import de.ids_mannheim.korap.constant.TokenType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.interfaces.AuthenticationIface;
+import de.ids_mannheim.korap.oauth2.dao.AccessTokenDao;
+import de.ids_mannheim.korap.oauth2.entity.AccessToken;
+import de.ids_mannheim.korap.oauth2.service.OAuth2ScopeService;
+import de.ids_mannheim.korap.security.context.TokenContext;
+import de.ids_mannheim.korap.user.User;
+
+@Component
+public class OAuth2Authentication implements AuthenticationIface {
+
+ @Autowired
+ private AccessTokenDao accessDao;
+ @Autowired
+ private OAuth2ScopeService scopeService;
+ @Autowired
+ private FullConfiguration config;
+
+ @Override
+ public TokenContext getTokenContext (String authToken)
+ throws KustvaktException {
+
+ AccessToken accessToken = accessDao.retrieveAccessToken(authToken);
+ if (accessToken.isRevoked()) {
+ throw new KustvaktException(StatusCodes.EXPIRED);
+ }
+
+ ZonedDateTime expiry =
+ accessToken.getCreatedDate().plusSeconds(config.getTokenTTL());
+ String scopes = scopeService
+ .convertAccessScopesToString(accessToken.getScopes());
+
+ TokenContext c = new TokenContext();
+ c.setUsername(accessToken.getUserId());
+ c.setExpirationTime(expiry.toEpochSecond());
+ c.setToken(authToken);
+ c.setTokenType(TokenType.BEARER);
+ c.addContextParameter(Attributes.SCOPES, scopes);
+ return c;
+ }
+
+ @Override
+ public TokenContext createTokenContext (User user, Map<String, Object> attr)
+ throws KustvaktException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void removeUserSession (String token) throws KustvaktException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public TokenContext refresh (TokenContext context)
+ throws KustvaktException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public TokenType getTokenType () {
+ return TokenType.BEARER;
+ }
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/constant/TokenType.java b/full/src/main/java/de/ids_mannheim/korap/constant/TokenType.java
index dce97fa..6d5a00b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/constant/TokenType.java
+++ b/full/src/main/java/de/ids_mannheim/korap/constant/TokenType.java
@@ -4,7 +4,7 @@
BASIC, API, SESSION,
// openid token, e.g. within oauth2 response (json body)
ID_TOKEN,
- // OAuth2 access_token, practically formulated identical as TokenType.API
+ // OAuth2 access_token
BEARER,
// OAuth2 client
CLIENT;
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/OAuth2AuthorizationRequest.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/OAuth2AuthorizationRequest.java
new file mode 100644
index 0000000..a5d9add
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/OAuth2AuthorizationRequest.java
@@ -0,0 +1,30 @@
+package de.ids_mannheim.korap.oauth2;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
+import org.apache.oltu.oauth2.common.OAuth;
+import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
+import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
+
+/**
+ * Customization of {@link OAuthAuthzRequest} from Apache Oltu.
+ * Limit extraction of client id from request's parameters since
+ * Kustvakt requires user authentication via Basic authentication for
+ * authorization code requests.
+ *
+ * @author margaretha
+ *
+ */
+public class OAuth2AuthorizationRequest extends OAuthAuthzRequest {
+
+ public OAuth2AuthorizationRequest (HttpServletRequest request)
+ throws OAuthSystemException, OAuthProblemException {
+ super(request);
+ }
+
+ @Override
+ public String getClientId () {
+ return getParam(OAuth.OAUTH_CLIENT_ID);
+ }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java
index f1507b8..c2de972 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java
@@ -4,6 +4,10 @@
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.CriteriaQuery;
+import javax.persistence.criteria.Root;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
@@ -11,6 +15,7 @@
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.oauth2.entity.AccessScope;
import de.ids_mannheim.korap.oauth2.entity.AccessToken;
+import de.ids_mannheim.korap.oauth2.entity.AccessToken_;
import de.ids_mannheim.korap.oauth2.entity.Authorization;
import de.ids_mannheim.korap.utils.ParameterChecker;
@@ -28,17 +33,31 @@
AccessToken accessToken = new AccessToken();
accessToken.setAuthorization(authorization);
+ accessToken.setUserId(authorization.getUserId());
accessToken.setToken(token);
accessToken.setScopes(authorization.getScopes());
entityManager.persist(accessToken);
}
- public void storeAccessToken (String token, Set<AccessScope> scopes)
- throws KustvaktException {
+ public void storeAccessToken (String token, Set<AccessScope> scopes,
+ String userId) throws KustvaktException {
ParameterChecker.checkObjectValue(scopes, "scopes");
AccessToken accessToken = new AccessToken();
accessToken.setToken(token);
accessToken.setScopes(scopes);
+ accessToken.setUserId(userId);
entityManager.persist(accessToken);
}
+
+
+ public AccessToken retrieveAccessToken (String accessToken) {
+ CriteriaBuilder builder = entityManager.getCriteriaBuilder();
+ CriteriaQuery<AccessToken> query =
+ builder.createQuery(AccessToken.class);
+ Root<AccessToken> root = query.from(AccessToken.class);
+ query.select(root);
+ query.where(builder.equal(root.get(AccessToken_.token), accessToken));
+ Query q = entityManager.createQuery(query);
+ return (AccessToken) q.getSingleResult();
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java
index 145f798..f99ac4a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java
@@ -31,6 +31,8 @@
private String token;
@Column(name = "created_date")
private ZonedDateTime createdDate;
+ @Column(name = "user_id")
+ private String userId;
@Column(name = "is_revoked")
private boolean isRevoked;
@Column(name = "total_attempts")
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
index 1a33155..a949c92 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
@@ -17,7 +17,6 @@
import com.sun.jersey.api.client.ClientResponse.Status;
-import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.FullConfiguration;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
@@ -36,8 +35,6 @@
@Autowired
private OAuth2ClientService clientService;
@Autowired
- private OAuth2TokenService auth2Service;
- @Autowired
private OAuth2ScopeService scopeService;
@Autowired
private OAuthIssuer oauthIssuer;
@@ -48,24 +45,30 @@
@Autowired
private FullConfiguration config;
+ /**
+ * Authorization code request does not require client
+ * authentication, but only checks if the client id exists.
+ *
+ * @param request
+ * @param authzRequest
+ * @param username
+ * @return
+ * @throws KustvaktException
+ * @throws OAuthSystemException
+ */
public OAuthResponse requestAuthorizationCode (HttpServletRequest request,
- OAuthAuthzRequest authzRequest, String authorization)
+ OAuthAuthzRequest authzRequest, String username)
throws KustvaktException, OAuthSystemException {
checkResponseType(authzRequest.getResponseType());
- OAuth2Client client = clientService.authenticateClient(
- authzRequest.getClientId(), authzRequest.getClientSecret());
+ OAuth2Client client =
+ clientService.authenticateClientId(authzRequest.getClientId());
String redirectUri = authzRequest.getRedirectURI();
boolean hasRedirectUri = hasRedirectUri(redirectUri);
redirectUri = verifyRedirectUri(client, hasRedirectUri, redirectUri);
- String username = authzRequest.getParam(Attributes.USERNAME);
- auth2Service.authenticateUser(username,
- authzRequest.getParam(Attributes.PASSWORD),
- authzRequest.getScopes());
-
String code = oauthIssuer.authorizationCode();
Set<String> scopeSet = authzRequest.getScopes();
if (scopeSet == null || scopeSet.isEmpty()) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index 30d22a6..2487b45 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -80,13 +80,15 @@
String secretHashcode = null;
if (clientJson.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
// RFC 6749:
- // The authorization server MUST NOT issue client passwords or other
- // client credentials to native application (clients installed and
- // executed on the device used by the resource owner e.g. desktop
- // application, native mobile application) or user-agent-based
- // application clients for client authentication. The authorization
- // server MAY issue a client password or other credentials
- // for a specific installation of a native application client on a
+ // The authorization server MUST NOT issue client
+ // passwords or other client credentials to native
+ // application (clients installed and executed on the
+ // device used by the resource owner e.g. desktop
+ // application, native mobile application) or
+ // user-agent-based application clients for client
+ // authentication. The authorization server MAY issue a
+ // client password or other credentials for a specific
+ // installation of a native application client on a
// specific device.
secret = encryption.createToken();
@@ -215,4 +217,16 @@
"Invalid client credentials", OAuth2Error.INVALID_CLIENT);
}
+
+ public OAuth2Client authenticateClientId (String clientId)
+ throws KustvaktException {
+ if (clientId == null || clientId.isEmpty()) {
+ throw new KustvaktException(
+ StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+ "Missing parameters: client id",
+ OAuth2Error.INVALID_REQUEST);
+ }
+
+ return clientDao.retrieveClientById(clientId);
+ }
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
index 506fde8..59b5e31 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
@@ -27,6 +27,13 @@
import de.ids_mannheim.korap.oauth2.entity.Authorization;
import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
+/**
+ * OAuth2TokenService manages business logic related to OAuth2
+ * requesting and creating access token.
+ *
+ * @author margaretha
+ *
+ */
@Service
public class OAuth2TokenService {
@@ -158,7 +165,7 @@
authenticateUser(username, password, scopes);
// verify or limit scopes ?
- return createsAccessTokenResponse(scopes);
+ return createsAccessTokenResponse(scopes, username);
}
public void authenticateUser (String username, String password,
@@ -219,7 +226,7 @@
scopes = scopeService.filterScopes(scopes,
config.getClientCredentialsScopes());
- return createsAccessTokenResponse(scopes);
+ return createsAccessTokenResponse(scopes, null);
}
/**
@@ -231,15 +238,15 @@
* @throws KustvaktException
*/
- private OAuthResponse createsAccessTokenResponse (Set<String> scopes)
- throws OAuthSystemException, KustvaktException {
+ private OAuthResponse createsAccessTokenResponse (Set<String> scopes,
+ String userId) throws OAuthSystemException, KustvaktException {
String accessToken = oauthIssuer.accessToken();
// String refreshToken = oauthIssuer.refreshToken();
Set<AccessScope> accessScopes =
scopeService.convertToAccessScope(scopes);
- tokenDao.storeAccessToken(accessToken, accessScopes);
+ tokenDao.storeAccessToken(accessToken, accessScopes, userId);
return OAuthASResponse.tokenResponse(Status.OK.getStatusCode())
.setAccessToken(accessToken)
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
index 791c226..7bd4d72 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
@@ -3,7 +3,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
-import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
@@ -11,9 +10,9 @@
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
import org.apache.oltu.oauth2.as.request.AbstractOAuthTokenRequest;
-import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
import org.apache.oltu.oauth2.as.request.OAuthUnauthenticatedTokenRequest;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
@@ -23,10 +22,16 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
+import com.sun.jersey.spi.container.ResourceFilters;
+
import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.oauth2.OAuth2AuthorizationRequest;
import de.ids_mannheim.korap.oauth2.service.OAuth2AuthorizationService;
import de.ids_mannheim.korap.oauth2.service.OAuth2TokenService;
+import de.ids_mannheim.korap.security.context.TokenContext;
import de.ids_mannheim.korap.web.OAuth2ResponseHandler;
+import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
+import de.ids_mannheim.korap.web.filter.BlockingFilter;
import de.ids_mannheim.korap.web.utils.FormRequestWrapper;
@Controller
@@ -45,9 +50,8 @@
*
* Kustvakt supports authorization only with Kalamar as the
* authorization web-frontend or user interface. Thus
- * authorization code request requires user credentials in the
- * request body, similar to access token request in
- * resource owner password grant request.
+ * authorization code request requires user authentication
+ * using authentication header.
*
* <br /><br />
* RFC 6749:
@@ -56,28 +60,33 @@
* request using a pre-defined default value or fail the request
* indicating an invalid scope.
*
- * @param request HttpServletRequest
- * @param authorization authorization header
- * @param form form parameters
+ * @param request
+ * HttpServletRequest
+ * @param form
+ * form parameters
* @return a redirect URL
*/
@POST
@Path("authorize")
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @ResourceFilters({ AuthenticationFilter.class, BlockingFilter.class })
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
public Response requestAuthorizationCode (
@Context HttpServletRequest request,
- @HeaderParam("Authorization") String authorization,
+ @Context SecurityContext context,
MultivaluedMap<String, String> form) {
+ TokenContext tokenContext = (TokenContext) context.getUserPrincipal();
+ String username = tokenContext.getUsername();
+
try {
HttpServletRequest requestWithForm =
new FormRequestWrapper(request, form);
- OAuthAuthzRequest authzRequest =
- new OAuthAuthzRequest(requestWithForm);
+ OAuth2AuthorizationRequest authzRequest =
+ new OAuth2AuthorizationRequest(requestWithForm);
OAuthResponse authResponse =
authorizationService.requestAuthorizationCode(
- requestWithForm, authzRequest, authorization);
+ requestWithForm, authzRequest, username);
return responseHandler.sendRedirect(authResponse.getLocationUri());
}
catch (OAuthSystemException e) {
@@ -95,7 +104,10 @@
/**
* Grants a client an access token, namely a string used in
* authenticated requests representing user authorization for
- * the client to access user resources.
+ * the client to access user resources. Client credentials for
+ * authentication can be provided either as an authorization
+ * header with Basic authentication scheme or as form parameters
+ * in the request body.
*
* <br /><br />
*
@@ -128,8 +140,6 @@
*
* @param request
* the request
- * @param authorization
- * authorization header
* @param form
* form parameters in a map
* @return a JSON object containing an access token, a refresh
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 41547b4..a241afa 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -56,21 +56,41 @@
.parseAuthorizationHeaderValue(authorization);
switch (authData.getAuthenticationScheme()) {
+ // EM: For testing only, must be disabled for
+ // production
case BASIC:
context = authenticationManager.getTokenContext(
TokenType.BASIC, authData.getToken(), host, ua);
break;
- // EM: has not been tested yet
-// case SESSION:
-// context = authenticationManager.getTokenContext(
-// TokenType.SESSION, authData.getToken(), host,
-// ua);
-// break;
- // EM: bearer or api
- default:
+ // EM: has not been tested yet
+ // case SESSION:
+ // context =
+ // authenticationManager.getTokenContext(
+ // TokenType.SESSION, authData.getToken(), host,
+ // ua);
+ // break;
+
+ // OAuth2 authentication scheme
+ case BEARER:
+ if (request.getPath().equals("oauth2/authorize")) {
+ throw new KustvaktException(
+ StatusCodes.AUTHENTICATION_FAILED,
+ "Bearer is not supported for user authentication at oauth2/authorize");
+ }
+
+ context = authenticationManager.getTokenContext(
+ TokenType.BEARER, authData.getToken(), host,
+ ua);
+ break;
+ // EM: JWT token-based authentication scheme
+ case API:
context = authenticationManager.getTokenContext(
TokenType.API, authData.getToken(), host, ua);
break;
+ default:
+ throw new KustvaktException(
+ StatusCodes.AUTHENTICATION_FAILED,
+ "Authentication scheme is not supported.");
}
checkContext(context, request);
request.setSecurityContext(new KustvaktContext(context));
diff --git a/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql b/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
index ff1e130..dc03098 100644
--- a/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
+++ b/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
@@ -53,6 +53,7 @@
id INTEGER PRIMARY KEY AUTOINCREMENT,
token VARCHAR(255) NOT NULL,
authorization_id INTEGER DEFAULT NULL,
+ user_id VARCHAR(100) DEFAULT NULL,
created_date timestamp DEFAULT (datetime('now','localtime')),
is_revoked BOOLEAN DEFAULT 0,
total_attempts INTEGER DEFAULT 0,
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
index 216d7a1..eda15fc 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
@@ -42,8 +42,8 @@
return resource().path("oauth2").path("authorize")
.header(Attributes.AUTHORIZATION,
- handler.createBasicAuthorizationHeaderValue(
- "fCBbQkAyYzI4NzUxMg", "secret"))
+ handler.createBasicAuthorizationHeaderValue("dory",
+ "password"))
.header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
.header(HttpHeaders.CONTENT_TYPE,
ContentType.APPLICATION_FORM_URLENCODED)
@@ -55,8 +55,6 @@
MultivaluedMap<String, String> form = new MultivaluedMapImpl();
form.add("response_type", "code");
form.add("client_id", "fCBbQkAyYzI4NzUxMg");
- form.add("username", "dory");
- form.add("password", "password");
ClientResponse response = requestAuthorizationConfidentialClient(form);
@@ -73,8 +71,6 @@
MultivaluedMap<String, String> form = new MultivaluedMapImpl();
form.add("response_type", "code");
form.add("client_id", "fCBbQkAyYzI4NzUxMg");
- form.add("username", "dory");
- form.add("password", "password");
form.add("redirect_uri", redirectUri);
ClientResponse response = requestAuthorizationConfidentialClient(form);
@@ -134,8 +130,6 @@
MultivaluedMap<String, String> form = new MultivaluedMapImpl();
form.add("response_type", "code");
form.add("client_id", "fCBbQkAyYzI4NzUxMg");
- form.add("username", "dory");
- form.add("password", "password");
form.add("scope", "read_address");
ClientResponse response = requestAuthorizationConfidentialClient(form);
@@ -164,8 +158,6 @@
MultivaluedMap<String, String> authForm = new MultivaluedMapImpl();
authForm.add("response_type", "code");
authForm.add("client_id", "fCBbQkAyYzI4NzUxMg");
- authForm.add("username", "dory");
- authForm.add("password", "password");
authForm.add("scope", "read_username");
ClientResponse response =
@@ -236,8 +228,6 @@
MultivaluedMap<String, String> authForm = new MultivaluedMapImpl();
authForm.add("response_type", "code");
authForm.add("client_id", "fCBbQkAyYzI4NzUxMg");
- authForm.add("username", "dory");
- authForm.add("password", "password");
authForm.add("scope", "read_username");
authForm.add("redirect_uri", uri);