Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add support for RFC 7009 OAuth 2.0 Token Revocation (thanks to https:…
- Loading branch information
Showing
12 changed files
with
215 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
104 changes: 104 additions & 0 deletions
104
scribejava-apis/src/test/java/com/github/scribejava/apis/examples/Google20RevokeExample.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
package com.github.scribejava.apis.examples; | ||
|
||
import java.util.Random; | ||
import java.util.Scanner; | ||
import com.github.scribejava.core.builder.ServiceBuilder; | ||
import com.github.scribejava.apis.GoogleApi20; | ||
import com.github.scribejava.core.model.OAuth2AccessToken; | ||
import com.github.scribejava.core.model.OAuthRequest; | ||
import com.github.scribejava.core.model.Response; | ||
import com.github.scribejava.core.model.Verb; | ||
import com.github.scribejava.core.oauth.OAuth20Service; | ||
import java.io.IOException; | ||
import java.util.HashMap; | ||
import java.util.Map; | ||
import java.util.concurrent.ExecutionException; | ||
|
||
public class Google20RevokeExample { | ||
|
||
private static final String NETWORK_NAME = "G+"; | ||
private static final String PROTECTED_RESOURCE_URL = "https://www.googleapis.com/plus/v1/people/me"; | ||
|
||
private Google20RevokeExample() { | ||
} | ||
|
||
public static void main(String... args) throws IOException, InterruptedException, ExecutionException { | ||
// Replace these with your client id and secret | ||
final String clientId = "your client id"; | ||
final String clientSecret = "your client secret"; | ||
final String secretState = "secret" + new Random().nextInt(999_999); | ||
final OAuth20Service service = new ServiceBuilder(clientId) | ||
.apiSecret(clientSecret) | ||
.scope("profile") // replace with desired scope | ||
.state(secretState) | ||
.callback("http://example.com/callback") | ||
.build(GoogleApi20.instance()); | ||
final Scanner in = new Scanner(System.in, "UTF-8"); | ||
|
||
System.out.println("=== " + NETWORK_NAME + "'s OAuth Workflow ==="); | ||
System.out.println(); | ||
|
||
// Obtain the Authorization URL | ||
System.out.println("Fetching the Authorization URL..."); | ||
//pass access_type=offline to get refresh token | ||
//https://developers.google.com/identity/protocols/OAuth2WebServer#preparing-to-start-the-oauth-20-flow | ||
final Map<String, String> additionalParams = new HashMap<>(); | ||
additionalParams.put("access_type", "offline"); | ||
//force to reget refresh token (if usera are asked not the first time) | ||
additionalParams.put("prompt", "consent"); | ||
final String authorizationUrl = service.getAuthorizationUrl(additionalParams); | ||
System.out.println("Got the Authorization URL!"); | ||
System.out.println("Now go and authorize ScribeJava here:"); | ||
System.out.println(authorizationUrl); | ||
System.out.println("And paste the authorization code here"); | ||
System.out.print(">>"); | ||
final String code = in.nextLine(); | ||
System.out.println(); | ||
|
||
System.out.println("And paste the state from server here. We have set 'secretState'='" + secretState + "'."); | ||
System.out.print(">>"); | ||
final String value = in.nextLine(); | ||
if (secretState.equals(value)) { | ||
System.out.println("State value does match!"); | ||
} else { | ||
System.out.println("Ooops, state value does not match!"); | ||
System.out.println("Expected = " + secretState); | ||
System.out.println("Got = " + value); | ||
System.out.println(); | ||
} | ||
|
||
// Trade the Request Token and Verfier for the Access Token | ||
System.out.println("Trading the Request Token for an Access Token..."); | ||
final OAuth2AccessToken accessToken = service.getAccessToken(code); | ||
System.out.println("Got the Access Token!"); | ||
System.out.println("(if your curious it looks like this: " + accessToken | ||
+ ", 'rawResponse'='" + accessToken.getRawResponse() + "')"); | ||
|
||
// Now let's go and ask for a protected resource! | ||
System.out.println("Now we're going to access a protected resource..."); | ||
OAuthRequest request = new OAuthRequest(Verb.GET, PROTECTED_RESOURCE_URL); | ||
service.signRequest(accessToken, request); | ||
Response response = service.execute(request); | ||
System.out.println(); | ||
System.out.println(response.getCode()); | ||
System.out.println(response.getBody()); | ||
System.out.println(); | ||
|
||
System.out.println("Revoking token..."); | ||
service.revokeToken(accessToken.getAccessToken()); | ||
System.out.println("done."); | ||
System.out.println("After revoke we should fail requesting any data..."); | ||
//Google Note: Following a successful revocation response, | ||
//it might take some time before the revocation has full effect. | ||
while (response.getCode() == 200) { | ||
Thread.sleep(1000); | ||
request = new OAuthRequest(Verb.GET, PROTECTED_RESOURCE_URL); | ||
service.signRequest(accessToken, request); | ||
response = service.execute(request); | ||
System.out.println(); | ||
System.out.println(response.getCode()); | ||
System.out.println(response.getBody()); | ||
System.out.println(); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
scribejava-core/src/main/java/revoke/OAuth2RevokeTokenResponseConverter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
package revoke; | ||
|
||
import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor; | ||
import com.github.scribejava.core.model.Response; | ||
import java.io.IOException; | ||
|
||
public class OAuth2RevokeTokenResponseConverter { | ||
|
||
public Void convert(Response response) throws IOException { | ||
if (response.getCode() != 200) { | ||
OAuth2AccessTokenJsonExtractor.instance().generateError(response.getBody()); | ||
} | ||
return null; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
package revoke; | ||
|
||
/** | ||
* | ||
* as stated in RFC 7009 <br> | ||
* 2.1. Revocation Request | ||
* | ||
* @see <a href="https://tools.ietf.org/html/rfc7009#section-2.1">RFC 7009, 2.1. Revocation Request</a> | ||
*/ | ||
public enum TokenTypeHint { | ||
access_token, refresh_token | ||
} |