I see samples where OAuth is returned as json as such:
{
"access_token" : "ya29.AHES6ZSHB-aaa",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/LkGHrqtU"
"scope" : "ALL"
}
My question is, is there any harm in wrapping up this in a custom object?
ie:the diff is the strong object name/wrapper being included in the return json. I just want to know if this would still be considered as a 'standard' OAuth provider.
{"OAuthResult":{"access_token":"abc","refresh_token":"123","token_type":"Bearer","expires_in":"3900"}}
I have read the spec and see that you MUST include a GET for obtaining the token, but i don't recall the return object being specifically spec'd?
thanks a lot.
From the current (v2-31) OAuth2 draft, section 5.1:
The parameters are included in the entity body of the HTTP response
using the "application/json" media type as defined by [RFC4627]. The
parameters are serialized into a JSON structure by adding each parameter
at the highest structure level. Parameter names and string values are
included as JSON strings. Numerical values are included
as JSON numbers. The order of parameters does not matter and can vary.
So you will NOT be 'standard' with such a response.
Related
By default, WSO2 returns a JSON when you send a token request to /token that looks like this:
{
"access_token": "b73fc57e-83cc-3550-87ce-d015611da33a",
"scope": "scope1 scope2",
"token_type": "Bearer",
"expires_in": 1336
}
What i want is to fully customize the JSON output, being able to add and remove attributes, to get something like this instead:
{
"access_token": "b73fc57e-83cc-3550-87ce-d015611da33a",
"scope": "scope1 scope2",
"day": "monday",
"name": "mark"
}
I have implemented a custom grant that gets some data from another service and I want the JSON to include it as part of the response. I am very new to WSO2 and all I have found about this is this other question Is it possible to modify WSO2 token response?
The proposed solution there is to implement a new TokenResponseTypeHandler, but as far as I've seen that class only sets the variables in a OAuthAuthzReqMessageContext object type, which are the ones that appear later in the JSON attributes (e.g. .setScope() sets the value for the "scope" attribute in the json), but no actual JSON formatting is done there and I can't find any information about who does it or where this OAuthAuthzReqMessageContext is being extracted after these handlers.
Is it possible to do this? If so, how can I do it and where? I am using WSO2 API Manager 3.0
Thank you
In WebAPI (.net core 2.1) I've got a URL query string that has the format of &title=fred&author=blogs&sort=-title (etc.). I'm trying out various ways of model binding this into a single "facets" dictionary of , e.g "title","fred" etc. The most flexible to is use a custom model binder.
However when I use Swashbuckle the swagger UI shows a parameter of 'request' that takes a type object. I can enter my raw querystring in here but then this gets sent on the URL as &request=title=fred&author=blogs.
Is there a way to tell Swashbuckle to not send the &request on the URL but to just send the raw contents?
I'm integrating dropwizard-swagger into a large existing project.
I've got the Swagger UI endpoint up and running now, but I'm noticing that it seems adamant that every method must have a body parameter.
Specifically, the first parameter in the method definition that doesn't have an #ApiParam annotation gets interpreted as a request body. There doesn't appear to be a way to specify a body parameter, nor does there seem to be a way to exclude parameters from being labelled as such automatically by Swagger UI. This means that the "Try it Out" functionality doesn't work for a large portion of the endpoints, as bodies are disallowed by the spec but Swagger UI keeps insisting they are present.
For example, consider the below method in the UserResource file:
#GET
#Path("v1/users/{userId}/subscriptions")
#ApiOperation(value = "Get user subscriptions", notes = "Returns information about the users current and past subscriptions.")
#UserAccessRequired
#RolesAllowed({//a list of appropriate roles})
#Produces(CompanyMediaType.APPLICATION_API_V1_JSON)
public SubscriptionsDTOV1 getSubscriptionsForUser(#Auth DashboardUser dashboardUser, #JooqInject DSLContext database,
#Context ResourceContext resourceContext,
#Context ContainerRequestContext crc,
#ApiParam(value = "ID of user", type = "Integer") #NotNull #UnwrapValidatedValue #PathParam("userId") IntParam userId) {
Swagger is interpreting the first parameter, #Auth DashboardUser dashboardUser, as being the request body, and generating the below view in Swagger UI:
Swagger UI with a body parameter
Since this is a GET, it's not permitted to have a body, and attempting to delete the contents of the body in the Swagger UI while testing it out doesn't work, as the field autofills with {}.
How do I indicate to Swagger that there is no body parameter here and get this to work? Just putting #ApiParam in front of the other method parameters doesn't work, as that annotation is ignored if there isn't also a #QueryParam/#PathParam/etc annotation present.
Turns out adding #ApiParam(hidden=true) seems to have done the trick. I tried this before and didn't get results, must have just had a typo somewhere.
I have an apache camel route that is making an HTTP POST request i.e.
from(...).setHeader(Exchange.HTTP_METHOD, constant(POST)).to("http4://myUrl?...");
The request URL includes query params (unusual for POST i know, but I have no choice here) that I need to populate from details of the exchange which are stored on the body.
i.e. The body is a POJO like so:
public class Params {
String param1;
int param2;
....
//etc. etc. including getters and setters
}
Where each field is either a primitive or string, and refers directly to an equivalent query parameter:
http4://myUrl?param1=...¶m2=...&...
Is there a way I can avoid having to manually define every parameter on the URL and instead automagically map the exchange body to query params on the request being made?
The reason I need to do this is that some of the query params are optional, and should be populated based on the contents of the exchange body.
You can set the header Exchange.HTTP_QUERY with the query parameters separated.
And its not possible to automatic map from a message bodies its fields to URI parameters (no magic included). You would need to build some code that computes the URI query with & separating the values, and setting that as the HTTP_QUERY header.
I need to make oAuth multipart request message for the API which requires some query string parameters as well as Multipart Post Part.
But there is no PrepareAuthorizedRequest Method which accepts both IDictionary type query string parameters and MultipartPostPart fields.
What should I do?
Simply create a MessageReceivingEndpoint whose URI already includes those query string parameters.