1. Accueil
  2. Question et réponse
  3. Outlook API pour le jeton d'accès renvoie 400 mauvaise demande dans Java Spring

Outlook API pour le jeton d'accès renvoie 400 mauvaise demande dans Java Spring

2017-09-05 5 views
0
  • Le code ne semble pas avoir d'erreur.
  • Ceci est une application de test et tous les ID sont utilisables.
  • Dans la fonction getToken(), vous pouvez également débloquer l'appel de ligne getScopes() et essayer plus loin.
  • J'ai un index.jsp avec un bouton.
  • La pression sur le bouton "oauthorize" est activée pour générer le code et id_token.
  • Je suis capable de me connecter, le code et id_token sont générés.
  • Ces valeurs sont affichées sur un "authtoken.jsp" qui a un bouton.
  • Le bouton presse les messages vers /common/oauth2/v2.0/token.
  • À ce stade, 400 demandes incorrectes sont affichées sur la page Microsoft.

Je ne sais pas ce qui va mal:Outlook API pour le jeton d'accès renvoie 400 mauvaise demande dans Java Spring

import java.util.UUID; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpSession; 
import javax.servlet.http.HttpServletResponse; 
import org.springframework.stereotype.Controller; 
import org.springframework.ui.Model; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RequestMethod; 
import org.springframework.web.bind.annotation.RequestParam; 
import org.springframework.web.util.UriComponentsBuilder; 


@Controller 
public class IndexController { 

    //all oauth2 urls 
    private static final String authority = "https://login.microsoftonline.com"; 
    private static final String authorizeUrl = authority + "/common/oauth2/v2.0/authorize"; 
    private static final String tokenUrl = authority + "/common/oauth2/v2.0/token"; 
    private static final String redirectUrl = "http://localhost:8080/OutlookProfiles/authtoken"; 
    private static final String reTokenUrl = "http://localhost:8080/OutlookProfiles/showToken"; 

    //credentials 
    private static final String appId = "7414b3a3-26f1-4928-9d0b-7060d01dd41c"; 
    private static final String appPassword = "cQg9F0EaxuaErNp2YEgYaz8"; 

    private static final String[] scopes = { 
       "openid", 
       "offline_access", 
       "profile", 
       "User.Read", 
       "Contacts.Read", 
       "Mail.Read" 
       }; 


    @RequestMapping(value = "/index", method = RequestMethod.GET) 
    public String index(Model model, HttpServletRequest request, HttpServletResponse response){ 

     UUID state = UUID.randomUUID(); 
     UUID nonce = UUID.randomUUID(); 

     // Save the state and nonce in the session so we can 
     // verify after the auth process redirects back 

     HttpSession session = request.getSession(); 
     session.setAttribute("expected_state", state); 
     session.setAttribute("expected_nonce", nonce); 

     return "index"; 
    } 

    @RequestMapping(value = "/oauthorize", method = RequestMethod.POST) 
    public void oauthorize(Model model, HttpServletRequest servletRequest, HttpServletResponse servletResponse) { 

     try{ 

     UUID state = UUID.randomUUID(); 
     UUID nonce = UUID.randomUUID(); 

      HttpSession session = servletRequest.getSession(); 
      session.setAttribute("expected_state", state); 
      session.setAttribute("expected_nonce", nonce); 
      session.setAttribute("error", null); 

     UriComponentsBuilder urlBuilder = UriComponentsBuilder.fromHttpUrl(authorizeUrl); 
     urlBuilder.queryParam("client_id", appId); 
     urlBuilder.queryParam("redirect_uri", redirectUrl); 
     urlBuilder.queryParam("response_type", "code id_token"); 
     urlBuilder.queryParam("scope", getScopes()); 
     urlBuilder.queryParam("state", state); 
     urlBuilder.queryParam("nonce", nonce); 
     urlBuilder.queryParam("response_mode", "form_post"); 

     String locationUri = urlBuilder.toUriString(); 
     System.out.println(locationUri); 

     servletResponse.sendRedirect(locationUri); 

     }catch(Exception e){ 
      e.printStackTrace(); 
     } 

    } 


    @RequestMapping(value = "/authtoken", method = RequestMethod.POST) 
    public String authorize(
       @RequestParam("code") String code, 
       @RequestParam("id_token") String idToken, 
       @RequestParam("state") UUID state, 
       HttpServletRequest servletRequest, 
       HttpServletResponse servletResponse) { 

     // Get the expected state value from the session 
     HttpSession session = servletRequest.getSession(); 
     UUID expectedState = (UUID) session.getAttribute("expected_state"); 
     UUID expectedNonce = (UUID) session.getAttribute("expected_nonce"); 


     String strState = state.toString().trim().toLowerCase(); 
     String strExState = expectedState.toString().trim().toLowerCase(); 


     // Make sure that the state query parameter returned matches 
     // the expected state 
     if (strState.equals(strExState)){ 
      session.setAttribute("authCode", code); 
      session.setAttribute("idToken", idToken); 
      System.out.println("Expectedstate : NO Error"); 
     }else { 
      session.setAttribute("error", "Unexpected state returned from authority."); 
      System.out.println("\n\nUnexpected state returned from authority."); 
     } 

     return "authtoken"; 
    } 

    @RequestMapping(value = "/getToken", method = RequestMethod.POST) 
    public void getToken(
      HttpServletRequest servletRequest, 
      HttpServletResponse servletResponse) { 

     try{ 

     HttpSession session = servletRequest.getSession(); 
     String strCode = (String) session.getAttribute("authCode"); 

     UriComponentsBuilder urlBuilder = UriComponentsBuilder.fromHttpUrl(tokenUrl); 
     urlBuilder.queryParam("client_id", appId); 
     urlBuilder.queryParam("client_secret", appPassword); 
     urlBuilder.queryParam("code", strCode); 
     urlBuilder.queryParam("redirect_uri", redirectUrl); 
     urlBuilder.queryParam("grant_type", "authorization_code"); 
     urlBuilder.queryParam("scope", getScopes()); 

     String locationUri = urlBuilder.toUriString(); 
     System.out.println("getToken : " + locationUri); 

     servletResponse.setHeader("Content-Type", "application/x-www-form-urlencoded"); 

     servletResponse.sendRedirect(locationUri); 

     }catch(Exception e){ 
      e.printStackTrace(); 
     } 
    } 

    @RequestMapping(value = "/showToken", method = RequestMethod.POST) 
    public String showToken(
      @RequestParam("token_type") String code, 
      @RequestParam("expires_in") String idToken, 
      @RequestParam("access_token") String accessToken, 
      //@RequestParam("scope") String paramScope, 
      HttpServletRequest servletRequest, 
      HttpServletResponse servletResponse) { 

     return "getToken"; 

    } 

    @RequestMapping("/logout") 
    public String logout(HttpServletRequest request) { 
     HttpSession session = request.getSession(); 
     session.invalidate(); 
     return "index"; 
    } 

    private static String getScopes() { 
      StringBuilder sb = new StringBuilder(); 
      for (String scope: scopes) { 
       sb.append(scope + " "); 
      } 

      String strscope = sb.toString().trim(); 
      System.out.println(strscope); 

      return strscope; 
    } 
}

La 400 erreur est de déconner avec ma tête sans raison.

Source

2017-09-05 Surya Kameswara Rao Ravi

+1

Je ne vois pas l'utilisation du swing dans votre code. Vouliez-vous dire le printemps? – pcarter

+0

Merci carter. J'ai corrigé la faute de frappe de Swing au printemps. –

Répondre

0
  • point final API Microsoft Outlook pour jeton d'accès: https://login.microsoftonline.com/common/oauth2/v2.0/token attend un formulaire basé POST à ​​savoir l'application/x-www-form-urlencoded.
  • Ce qui signifie que tous les paramètres d'entrée doivent être sous forme base et non url joint en annexe
  • Donc, techniquement, le code est erroné en utilisant UriComponentsBuilder
  • Le code devrait plutôt utiliser en fonction ou forme approche basée sur JSON en utilisant HttpClient et HttpPost OU utiliser en fonction OKHttp3 OKHttpClient et RequestBody.

Je publierai bientôt le code de travail ici.

... voici le code de travail ...

import java.util.List; 
import java.util.ArrayList; 
import java.util.UUID; 
import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpSession; 
import javax.servlet.http.HttpServletResponse; 

import org.apache.http.HttpResponse; 
import org.apache.http.client.HttpClient; 
import org.apache.http.client.entity.UrlEncodedFormEntity; 
import org.apache.http.client.methods.HttpPost; 
import org.apache.http.impl.client.HttpClients; 
import org.apache.http.message.BasicNameValuePair; 
import org.apache.http.util.EntityUtils; 
import org.json.JSONArray; 
import org.json.JSONObject; 
import org.springframework.stereotype.Controller; 
import org.springframework.ui.Model; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RequestMethod; 
import org.springframework.web.bind.annotation.RequestParam; 
import org.springframework.web.util.UriComponentsBuilder; 


@Controller 
public class IndexController { 

    //all oauth2 urls 
    private static final String authority = "https://login.microsoftonline.com"; 
    private static final String authorizeUrl = authority + "/common/oauth2/v2.0/authorize"; 
    private static final String tokenUrl = authority + "/common/oauth2/v2.0/token"; 
    private static final String redirectUrl = "http://localhost:8080/OutlookProfiles/authtoken"; 
    private static final String reTokenUrl = "http://localhost:8080/OutlookProfiles/showToken"; 

    //credentials 
    private static final String appId = "7414b3a3-26f1-4928-9d0b-7060d01dd41c"; 
    private static final String appPassword = "cQg9F0EaxuaErNp2YEgYaz8"; 

    private static final String[] scopes = { 
       "openid", 
       "offline_access", 
       "profile", 
       "User.Read", 
       "Contacts.Read", 
       "Mail.Read" 
       }; 


    @RequestMapping(value = "/index", method = RequestMethod.GET) 
    public String index(Model model, HttpServletRequest request, HttpServletResponse response){ 

     UUID state = UUID.randomUUID(); 
     UUID nonce = UUID.randomUUID(); 

     // Save the state and nonce in the session so we can 
     // verify after the auth process redirects back 

     HttpSession session = request.getSession(); 
     session.setAttribute("expected_state", state); 
     session.setAttribute("expected_nonce", nonce); 

     return "index"; 
    } 

    @RequestMapping(value = "/oauthorize", method = RequestMethod.POST) 
    public void oauthorize(Model model, HttpServletRequest servletRequest, HttpServletResponse servletResponse) { 

     try{ 

     UUID state = UUID.randomUUID(); 
     UUID nonce = UUID.randomUUID(); 

      HttpSession session = servletRequest.getSession(); 
      session.setAttribute("expected_state", state); 
      session.setAttribute("expected_nonce", nonce); 
      session.setAttribute("error", null); 

     UriComponentsBuilder urlBuilder = UriComponentsBuilder.fromHttpUrl(authorizeUrl); 
     urlBuilder.queryParam("client_id", appId); 
     urlBuilder.queryParam("redirect_uri", redirectUrl); 
     urlBuilder.queryParam("response_type", "code id_token"); 
     urlBuilder.queryParam("scope", getScopes()); 
     urlBuilder.queryParam("state", state); 
     urlBuilder.queryParam("nonce", nonce); 
     urlBuilder.queryParam("response_mode", "form_post"); 

     String locationUri = urlBuilder.toUriString(); 
     System.out.println(locationUri); 

     servletResponse.sendRedirect(locationUri); 

     }catch(Exception e){ 
      e.printStackTrace(); 
     } 

    } 


    @RequestMapping(value = "/authtoken", method = RequestMethod.POST) 
    public String authorize(
       @RequestParam("code") String code, 
       @RequestParam("id_token") String idToken, 
       @RequestParam("state") UUID state, 
       HttpServletRequest servletRequest, 
       HttpServletResponse servletResponse) { 

     // Get the expected state value from the session 
     HttpSession session = servletRequest.getSession(); 
     UUID expectedState = (UUID) session.getAttribute("expected_state"); 
     UUID expectedNonce = (UUID) session.getAttribute("expected_nonce"); 


     String strState = state.toString().trim().toLowerCase(); 
     String strExState = expectedState.toString().trim().toLowerCase(); 


     // Make sure that the state query parameter returned matches 
     // the expected state 
     if (strState.equals(strExState)){ 
      session.setAttribute("authCode", code); 
      session.setAttribute("idToken", idToken); 
      System.out.println("Expectedstate : NO Error"); 
     }else { 
      session.setAttribute("error", "Unexpected state returned from authority."); 
      System.out.println("\n\nUnexpected state returned from authority."); 
     } 

     return "authtoken"; 
    } 

    @RequestMapping(value = "/getToken", method = RequestMethod.POST) 
    public void getToken(
      HttpServletRequest servletRequest, 
      HttpServletResponse servletResponse) { 

     try{ 

     HttpSession session = servletRequest.getSession(); 
     String strCode = (String) session.getAttribute("authCode"); 

     HttpClient httpClient = HttpClients.createDefault(); 
     HttpPost httpPost = new HttpPost(tokenUrl); 
     httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded"); 
      List <BasicNameValuePair> params = new ArrayList<>(); 
      params.add(new BasicNameValuePair("client_id", appId)); 
      params.add(new BasicNameValuePair("client_secret", appPassword)); 
      params.add(new BasicNameValuePair("redirect_uri", redirectUrl)); 
      params.add(new BasicNameValuePair("code", strCode)); 
      params.add(new BasicNameValuePair("grant_type", "authorization_code")); 

      httpPost.setEntity(new UrlEncodedFormEntity(params, "UTF-8")); 
      httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded"); 

      HttpResponse httpResponse = httpClient.execute(httpPost); 
      org.apache.http.HttpEntity entity = httpResponse.getEntity(); 
      //String theString = IOUtils.toString(entity.getContent(), "UTF-8"); 
      String strResponse = EntityUtils.toString(entity, "UTF-8"); 
      System.out.println(strResponse); 
      strResponse = "{\"response\":["+strResponse+"]}"; 
      System.out.println(strResponse); 

      JSONObject result = new JSONObject(strResponse); //Convert String to JSON Object 
      JSONArray tokenList = result.getJSONArray("response"); 
      JSONObject objJson = tokenList.getJSONObject(0); 
      String accessToken = objJson.getString("access_token"); 
      System.out.println(accessToken); 

      session.setAttribute("accessToken", accessToken); 

     }catch(Exception e){ 
      e.printStackTrace(); 
     } 
    } 

    @RequestMapping(value = "/showToken", method = RequestMethod.POST) 
    public String showToken(
      @RequestParam("token_type") String code, 
      @RequestParam("expires_in") String idToken, 
      @RequestParam("access_token") String accessToken, 
      //@RequestParam("scope") String paramScope, 
      HttpServletRequest servletRequest, 
      HttpServletResponse servletResponse) { 

     return "getToken"; 

    } 

    @RequestMapping("/logout") 
    public String logout(HttpServletRequest request) { 
     HttpSession session = request.getSession(); 
     session.invalidate(); 
     return "index"; 
    } 

    private static String getScopes() { 
      StringBuilder sb = new StringBuilder(); 
      for (String scope: scopes) { 
       sb.append(scope + " "); 
      } 

      String strscope = sb.toString().trim(); 
      System.out.println(strscope); 

      return strscope; 
    } 
}

Source

2017-09-06 16:12:44

 Questions connexes

  • Aucun problème connexe^_^