UnverifiedRequestTokenException

**Hunger** · Feb 3rd, 2011, 09:02 AM

Hi,
I'm trying to impement integration with linkedin and have such problem:
When user is asked about authorization (linkedin popup), user can press cancel button or close popup or press proteced link 2 times. For second time I've got this Error, thrown by CoreOAuthConsumerSupport, because consumer filter treats request token, saved earlier, as verified, but it is not.
Maybe I'm wrong but for such situation, filter shouldn't ask for access token, having only unverified request token, it should fire authorizatin proccess again.

My suggestion is to replace line 129 in OAuthConsumerContextFilter:

Code:

if (token == null) { //no token associated with the resource, start the oauth flow.

to:

Code:

if (token == null || request.getParameter(OAuthProviderParameter.oauth_verifier.toString())==null) { //no verified token associated with the resource, start the oauth flow.

What do you think?

**stoicflame** · Feb 4th, 2011, 09:50 AM

Sounds reasonable. Could you open a JIRA issue for this?

**Hunger** · Feb 4th, 2011, 11:52 AM

Done. https://jira.springsource.org/browse/SECOAUTH-41

Thread: UnverifiedRequestTokenException

Thread Tools

Display

UnverifiedRequestTokenException

Posting Permissions