Not able to get Authorization code and Client Secret from TokenRequest

by

I am trying to create a oauth provider and oauth client using nimbus.oauth2.sdk 10.13.
This is the client side code. This sends a token request using the authorization code previously received.


// Initialize client information
ClientID clientId = new ClientID("12345");
Secret secret = new Secret("abcdef");
URI redirectURL = URI.create("http://localhost:8080/tokenResponse");
AuthorizationCode authCode = new AuthorizationCode("aaa");

// Create TokenRequest
TokenRequest tokenRequest = new TokenRequest(
                    redirectURL,
                    new ClientSecretPost(clientId, secret),
                    new AuthorizationCodeGrant(authCode, redirectURL)
            );

// Send HTTP request
HTTPResponse httpResponse = tokenRequest.toHTTPRequest().send();
String responseBody = httpResponse.getContent();

// Parse and handle the token response
net.minidev.json.JSONObject tokenJson = OAuthUtil.parseJSONresponse(responseBody);
TokenResponse response = TokenResponse.parse(tokenJson);

if (response instanceof AccessTokenResponse) {
    System.out.println(new JSONObject(responseBody).toString());

} else {
    try {
        throw new OAuthException("Error in receiving token: " + tokenJson.getAsString("error"), 3);
    } catch (OAuthException e) {
        throw new RuntimeException(e);
    }
}

The above if used with any other provider (eg, Google, fakebook) returns the correct response body.

The below is my server side code:

try {
    LOGGER.log(Level.INFO,request.getParameter("client_id"));
    LOGGER.log(Level.INFO,request.getParameter("authorization_details"));

    TokenRequest tokenRequest = TokenRequest.parse(ServletUtils.createHTTPRequest(request));

    if (tokenRequest.getClientID() != null) {
        LOGGER.log(Level.INFO, "Client ID: " + tokenRequest.getClientID().getValue());
    } else {
        LOGGER.log(Level.WARNING, "Client ID is null");
    }
} catch (ParseException e) {
    LOGGER.log(Level.WARNING, "Error parsing token request: " + e.getMessage());
}

Tokens tokens = new Tokens(new BearerAccessToken(), new RefreshToken());
AccessTokenResponse accessTokenResponse = new AccessTokenResponse(tokens);
response.getWriter().write(accessTokenResponse.toJSONObject().toJSONString());

In the server side, am trying to get the client ID and client secret, authorization code. When got from request.getParameter() I am getting the client ID. But the same cannot be received using tokenRequest.getClientID(). Why is that so?

  • I’m deeply confused by what you’re trying to ask. You state twice you’re trying to get the client secret in this process, but it not something returned by any auth2 authentication flow.

    – 

  • Sorry added twice by mistake. What I mean to ask is how to get the client ID and secret from the tokenRequest body at the server side

    – 

Leave a Comment