Announcement Announcement Module
Collapse
No announcement yet.
Sparklr2/Tonr2 by Ryan Heaton fails if the user accessing the sparklr is not "tonr" Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sparklr2/Tonr2 by Ryan Heaton fails if the user accessing the sparklr is not "tonr"

    Hello everyone !
    I have been trying to have a different client_id access the sparklr photos instead of the "tonr" client_id. I took another client whose id has the same authorizedGrantTypes="authorization_code" as "tonr". This client_id is "my-less-trusted-client". This is the change I applied in the configuration on the oauth service provider side.
    On the client side
    <oauth:resource id="sparklr" type="authorization_code" clientId="tonr"
    accessTokenUri="http://localhost:8080/sparklr/oauth/authorize"
    userAuthorizationUri="http://localhost:8080/sparklr/oauth/user/authorize"/>

    I set the clientId accessing the "sparklr" resource to my-less-trusted-client clientId.
    When I try to run the have tonr2 access the photos on sparklr2 I get an exception.

    After this test I tried all the other clientIds that are set on the oauth Provider side and all of them failed in a similar way.

    After that I ran and debugged all the Junit tests and those tests do access the sparklr2 photos using one at a time the different clientIds. Those attempts are successful but most of them do not authenticate/authorize using the /oauth/user/authorize URI. They use the /oauth/authorize URI.

    Why are my attempts to have a different clientId accessing the sparklr resource fail ?

    Any clarification is greatly appreciated.

    Monica Marshall
    Sr. Software Engineer/Tracom/Denver

  • #2
    What's the exception?

    Comment


    • #3
      Exception

      I have been retesting with the client id set to "my-less-trusted-client" and now that I cleaned all cookies from the browser I do not see the 401 Error anymore.

      Clearly one of the Spring classes stores the clientId in the cookies and I do not know which Spring class does that.

      Thanks,
      Monica Marshall
      Sr. Software Developer/Tracom/Denver

      Comment

      Working...
      X