I'm trying to use the Unsigned-request flow as documented (note this is not the signed request flow) and only get an HTTP 400: { "error": "invalid_request"} back. Here is the Java code I'm using (Apache HTTP Client 4.2.x).
HttpPost httpPost = new HttpPost("https://accounts.google.com/o/oauth2/token");
httpPost.setHeader(new BasicHeader("Content-Type", "application/x-www-form-urlencoded"));
List<BasicNameValuePair> nameValuePairs = new ArrayList<>();
nameValuePairs.add(new BasicNameValuePair("grant_type", "urn:ietf:params:oauth:grant-type:migration:oauth1"));
nameValuePairs.add(new BasicNameValuePair("client_id", getClientId()));
nameValuePairs.add(new BasicNameValuePair("client_secret", getClientSecret()));
nameValuePairs.add(new BasicNameValuePair("scope", getScope()));
nameValuePairs.add(new BasicNameValuePair("oauth_consumer_key", getOauthConsumerKey()));
nameValuePairs.add(new BasicNameValuePair("oauth_consumer_secret", getOauthConsumerSecret()));
nameValuePairs.add(new BasicNameValuePair("oauth_token", getOauthToken()));
nameValuePairs.add(new BasicNameValuePair("oauth_token_secret", getOauthTokenSecret()));
httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse httpResponse = httpClient.execute(httpPost);
Sample Request/Response
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
oauth_consumer_secret=consumerSecret&oauth_consumer_key=consumerKey&oauth_token=token&oauth_token_secret=tokenSecret&client_id=clientId&client_secret=clientSecret&scope=http%3A%2F%2Fspreadsheets.google.com%2Ffeeds%2F+http%3A%2F%2Fdocs.google.com%2Ffeeds+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Amigration%3Aoauth1
Response
Status: 400 Bad Request
{
error: "invalid_request"
}
I'm not familiar with the HttpPost.setEntity method, however it appears it is setting the post body, not the headers as required by an OAuth 2.0 request. From the documentation you linked:
...
Authorization: OAuth realm="example",
oauth_consumer_key="9djdj82h48djs9d2",
oauth_token="kkk9d7dh3k39sjv7",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="137131201",
oauth_nonce="7d8f3e4a",
oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D"
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Amigration%3Aoauth1&client_id=8819981768.apps.googleusercontent.com&client_secret=YOUR_CLIENT_SECRET
You can see that oauth_* goes into the HTTP request header while grant_type, client_id, client_secret and scope should be in the HTTP body.
In the unsigned-request flow, the OAuth 1.0 access token is revoked immediately after a refresh token is issued. This flow is allowed only for native applications. Requests from web applications that use this flow are denied.
Related
I am trying to POST a request using JAVA HTTPCLIENT, and while doing so, I am getting 404 Bad Request.
I tried writing the JAVA code in Eclipse and got 404 Bad Request and tried sending the request through POSTMAN and received HTTP Status 500
package com.apex.customer.service;
public class CustServicePostTest {
public static void main(String[] args) throws ClientProtocolException, IOException {
String url = "http://www.thomas-bayer.com/sqlrest/CUSTOMER/102";
//create the http client
HttpClient client = HttpClientBuilder.create().build();
//create the post message
HttpPost post = new HttpPost(url);
List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
urlParameters.add(new BasicNameValuePair("ID", "102"));
urlParameters.add(new BasicNameValuePair("FIRSTNAME", "Apex"));
urlParameters.add(new BasicNameValuePair("LASTNAME", "Consultancy"));
urlParameters.add(new BasicNameValuePair("STREET", "Shell Blvd"));
urlParameters.add(new BasicNameValuePair("CITY", "Fremont"));
post.setEntity(new UrlEncodedFormEntity(urlParameters));
HttpResponse response = client.execute(post);
System.out.println(response.getStatusLine().getStatusCode());
System.out.println("Parameters : " + urlParameters);
System.out.println("Response Code: " + response);
System.out.println(response.getStatusLine().getReasonPhrase());
}
}
I am looking for 200 OK request.
The issue here is due few mistakes:
First is related to the input format. The code you're using tries to map key and values, but as I could see from this guide, it expects a XML format in a plain text as input.
The second mistake is that you are trying to post over an existing ID. In this case, to create a resource you should use http://www.thomas-bayer.com/sqlrest/CUSTOMER/
So in this case in order to make it work, try something like this:
String url = "http://www.thomas-bayer.com/sqlrest/CUSTOMER/";
HttpClient client = HttpClientBuilder.create().build();
HttpPost post = new HttpPost(url);
String xml = "<resource>";
xml += "<ID>102</ID>";
xml += "<FIRSTNAME>Apex</FIRSTNAME>";
xml += "<LASTNAME>Consultancy</LASTNAME>";
xml += "<STREET>Shell Blvd</STREET>";
xml += "<CITY>Fremont</CITY>";
xml += "</resource>";
post.setEntity(new StringEntity(xml));
HttpResponse response = client.execute(post);
System.out.println(response.getStatusLine().getStatusCode());
System.out.println("Response Code: " + response);
System.out.println(response.getStatusLine().getReasonPhrase());
It is also very useful to learn another way to test it with tools like curl command line utility. For example you can POST a product like this:
curl -X POST http://www.thomas-bayer.com/sqlrest/PRODUCT/ -d '<resource><ID>103</ID><NAME>X</NAME><PRICE>2.2</PRICE></resource>'
Once you solve this, it will be important to get used with HTTP codes. For example a 500 error means something wrong on the server side while a 404 usually means that you're hitting an invalid endpoint (it does not exists).
Finally, I'll not discuss why are you using this project to send HTTP requests to a server - but keep in mind that this is not a very common way to go. Currently the REST with JSON would be much more interesting and enjoyable :) In case you're interested on it, take a look on Spring Boot REST
I'm working on Telegram api in my java application. I need to do authentication and authorization with my telegram account and get message list of my specific group. For this purpose, first I got api_id, api_hash and MTProto servers from telegram site. Second, I tried to authorize my account with auth.sendCode method in this way:
...
String url = "https://149.154.167.40:443/auth.sendCode";
HttpClient httpClient = HttpClients.createDefault();
HttpPost httpPost = new HttpPost(url);
httpPost.addHeader("Content-type", "application/x-www-form-urlencoded");
httpPost.addHeader("charset", "UTF-8");
List<NameValuePair> nameValuePairs = new ArrayList<>();
nameValuePairs.add(new BasicNameValuePair("phone_number", myPhoneNumber));
nameValuePairs.add(new BasicNameValuePair("sms_type", "5"));
nameValuePairs.add(new BasicNameValuePair("api_id", api_id));
nameValuePairs.add(new BasicNameValuePair("api_hash", api_hash));
nameValuePairs.add(new BasicNameValuePair("lang_code", "en"));
httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs, "UTF-8"));
HttpResponse response = httpClient.execute(httpPost);
...
But this returns me javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake exception. I tested url with http instead of https and this returned 404 Not Found html content. What is the correct way for calling telegram api method in java?
Update:
I tried using java socket for sending TCP post request, but this returns me 404 not found.
Since it's mproto protocol, you must obey their specification - https://core.telegram.org/mtproto
I suggest you to use this project, since it has working examples - https://github.com/badoualy/kotlogram
I'm trying to do a request using a small Java program but I'm getting a 400 - Bad Request as response:
URI uri = new URIBuilder().setScheme("https")
.setHost("somehost.com")
.setPath("/API/v1/export").build();
HttpPost post = new HttpPost(uri);
post.setHeader("X-API-ID", "myId");
post.setHeader("Accept", "application/json");
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("format", "csv"));
params.add(new BasicNameValuePair("userId", "userId"));
post.setEntity(new UrlEncodedFormEntity(params));
JsonNode responseJson = sendResponseEngineRequest(post);
This responseJson returns the following value:
{"meta":{"httpStatus":"400 - Bad
Request","error":{"errorMessage":"Invalid Content-Type.
expected=application/json
found=application/x-www-form-urlencoded","errorCode":"RP_0.1"}}}
Thanks in advance.
The answer is literally in the error you're getting.
You specify you will only accept post.setHeader("Accept", "application/json"); and the error is telling you that what you're requesting is found=application/x-www-form-urlencoded
If you have control over the endpoint you're requesting data, change it to application/json. If you don't change post.setHeader("Accept", "application/json"); to post.setHeader("Accept", "application/x-www-form-urlencoded");
Since this is a POST request, you may need to provide both Accept and Content-Type headers.
Accept: What you are expecting to receive.
Content-Type: What you are sending to server
post.setHeader("Accept", "application/json");
post.setHeader("Content-Type", "application/json");
In my program i am also got this error and found that the link not accepting repeated values.
so please check your link It may not accept any repeated parameters which is already available in that link.
im trying to work with yahoo Gemini api
which need first to implement using Ouath 2.0
going into this link
Its saying i need to create a request to a URL with "Request Parameters"
client_id
redirect_uri
now lets say i do it in java:
this is my HTTP request:
HttpClient httpclient = HttpClients.createDefault();
HttpPost httppost = new
HttpPost("https://api.login.yahoo.com/oauth2/request_auth");
is this how i added paramters to the request ?
List<NameValuePair> params = new ArrayList<NameValuePair>(2);
params.add(new BasicNameValuePair("client_id", "ABCDEFGH"));
params.add(new BasicNameValuePair("redirect_uri", "http://www.goTo.Com"));
is this is how i execute the entire request ?
httppost.setEntity(new UrlEncodedFormEntity(params, "UTF-8"));
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
is this the currect way to Get an authorization URL and authorize access ?
is there any other way / simpler doing that ?
what should i expect in the response ?
i believe that when you're working with Yahoo Gemini, you have to use a specific couple of consumer_key/consumer_secret according to my little investigation as stated in this issue
You check the guide out for an implementation of oauth2 for yahoo apis.
Hope it helped
I have been trying to send a POST request from a servlet and the code that I wrote is this:
HttpPost post = new HttpPost(url.build());
post.setEntity(new UrlEncodedFormEntity(nameValue));
post.setHeader("content-type", "application/json");
HttpClient client = new DefaultHttpClient();
HttpResponse res = client.execute(post);
The URL is "https://accounts.google.com/o/oauth2/token" and I send some parameters with this request.
However, when I run this I get AccessControlException.
The HttpPost method that I use here comes from org.apache.http i.e., commons HttpClient API. I have tried a lot but it doesn't seem to work.
So the question is "Is it possible to send a cross domain request using HttpClient?"