Announcement Announcement Module
No announcement yet.
After authorizing, it gets back to authorize page Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • After authorizing, it gets back to authorize page


    I'm trying to integrate Spring oauth with MapMyFitness API (oauth 1.0). Authorize request page is being displayed so far, but once I click Authorize, call back request goes to the correct service (with oauth_token and oauth_verifier values) but then it turns into a redirect back to the authorize request.

    Any advises? I'm following the Tonr example but with the
    flag due the API version.


  • #2
    Sounds like your client failed to get a token or got a duff one. Some server logs might confirm.


    • #3
      Hi Dave,

      Thanks for your reply. After the Authorize step, logs and Chrome's network trace actually show that there's a request to my controller, including the proper oAuth values. This is an example of my local server's log after the user clicks on Authorize:
      (context/service/events is the mapping for my controller, which contains the OAuthRestTemplate)
      [] /context/service/events?oauth_token=f6ca826ad9fb0c15db5568f7cb0e68490521c0f8a&oauth_verifier=5LU4P at position 11 of 12 in additional filter chain; firing Filter: 'OAuthConsumerContextFilter'
      [] Storing access tokens in request attribute 'OAUTH_ACCESS_TOKENS'.
      [] /context/service/events?oauth_token=f6ca826ad9fb0c15db5568f7cb0e68490521c0f8a&oauth_verifier=5LU4P at position 12 of 12 in additional filter chain; firing Filter: 'OAuthConsumerProcessingFilter'
      [] Checking match of request : '/context/service/events'; against '/context/service/**'
      [] Obtaining request token for resource: mapMyFitnessResource
      At the end, it goes to the "Obtaining request token" step again, even when there are valid oauth_token and oauth_verifier values, making the Authorize page appear. It's like tokens are not being related to the services correctly.

      I hope you can help me with this, I'm not identifying if is a client problem or a server problem.


      • #4
        Could be either. Did the client try to obtain an access token at all? If not then it's definitely a client problem, I guess. If it tried to get an access token and failed it might be either client or server (e.g. a bug in the signing or verification). Maybe if you get some DEBUG logs from both client and server for the duration of the dance it might help?


        • #5
          Hi Dave,
          Checking at logs, client doesn't get to the 'obtain access token' step, so it is a client problem. So it leads me to the follow dobuts:

          - What url should be my callback value? right now, at MapMyFitness admin page I set up as callback URL the URL to the controller that will execute the OAuthRestTemplate call. And it works correctly, since after the user clicks 'Authorize', there's a call to that [localhost]/context/service.html URL with proper oauth_token and oauth_verifier values. After that, no 'Access token' action is performed, but the authorization step is repeated.

          - When is the 'Obtain access token' action performed by Spring Oauth Security?

          I hope you can help me out. Thank you for taking a time and answer this thread.


          • #6
            There is (or should be) a client side filter that obtains the token for you (at least that's what I remember about the oauth1 implementation). Perhaps you should study the tonr sample and make sure it matches what you need?