0
    clientId = xxxxxx
    clientSecret = xxxxxxxx
    applicationHost = xxxxxxxxx

My authorization code request:

   OAuthClientRequest oAuthClientRequest = OAuthClientRequest
                .authorizationProvider(OAuthProviderType.GOOGLE)
                .setResponseType("code")
                .setClientId(clientId)
                .setParameter("access_type", "online")
                .setRedirectURI(applicationHost + "auth/google/callback")
                .setScope("https://www.googleapis.com/auth/plus.login")
                .buildQueryMessage();

        response.sendRedirect(oAuthClientRequest.getLocationUri());

I am getting an authorization code with this. but whenever I send a request for the access_token using this code I am getting an error. (Code 400)

My access_token request:

    OAuthClientRequest oAuthClientRequest = OAuthClientRequest
            .tokenProvider(OAuthProviderType.GOOGLE)
            .setGrantType(GrantType.AUTHORIZATION_CODE)
            .setClientId(clientId)
            .setClientSecret(clientSecret)
            .setParameter("access_type", "online")
            .setRedirectURI(applicationHost + "auth/google/callback")
            .setCode(code)
            .buildQueryMessage();

    GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(
            oAuthClientRequest, GitHubTokenResponse.class);
    return oAuthResponse.getAccessToken();

OAuth2 Playground response:

    HTTP/1.1 400 Bad Request
    Alternate-protocol: 443:quic
    Content-length: 37
    X-xss-protection: 1; mode=block
    X-content-type-options: nosniff
    X-google-cache-control: remote-fetch
    -content-encoding: gzip
    Server: GSE
    Via: HTTP/1.1 GWA
    Pragma: no-cache
    Cache-control: no-cache, no-store, max-age=0, must-revalidate
    Date: Mon, 17 Feb 2014 09:03:52 GMT
    X-frame-options: SAMEORIGIN
    Content-type: application/json
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    {
       "error": "unauthorized_client"
    }

Please help me out. Thanks in advance.

Suva
  • 55
  • 2
  • 9
  • https://developers.google.com/oauthplayground/ oauth playground generates an access token and a refresh token when provided with an authorization code. – Suva Feb 18 '14 at 06:19

1 Answers1

3

You're taking an auth code from your application (ie. client id XXXXX) and pasting that into a different app (oauth playground with client id YYYYY) and expecting it to work?

That's not gonna work.

It might work if you go into the Gear option and enter your app's credentials. But I'm slightly confused why you're doing this. What is the problem you are trying to solve?

This answer might help How do I authorise an app (web or installed) without user intervention? (canonical ?)

Community
  • 1
  • 1
pinoyyid
  • 21,499
  • 14
  • 64
  • 115
  • I basically wanted to generate a demo access token with the authorization code. Even if I run my code (check the access_token request part) and send an http request, I still get the error code 400. – Suva Feb 18 '14 at 10:02
  • My goal here is to enable users to login via facebook, google, twitter etc. I have already succeeded with facebook but something's going wrong for Google. – Suva Feb 18 '14 at 10:03
  • Oh and thanks a lot for the Oauth playground link. It lacked my own configs. – Suva Feb 18 '14 at 10:07