May 17th, 2011, 02:23 PM
Sparklr2/Tonr2 by Ryan Heaton fails if the user accessing the sparklr is not "tonr"
Hello everyone !
I have been trying to have a different client_id access the sparklr photos instead of the "tonr" client_id. I took another client whose id has the same authorizedGrantTypes="authorization_code" as "tonr". This client_id is "my-less-trusted-client". This is the change I applied in the configuration on the oauth service provider side.
On the client side
<oauth:resource id="sparklr" type="authorization_code" clientId="tonr"
I set the clientId accessing the "sparklr" resource to my-less-trusted-client clientId.
When I try to run the have tonr2 access the photos on sparklr2 I get an exception.
After this test I tried all the other clientIds that are set on the oauth Provider side and all of them failed in a similar way.
After that I ran and debugged all the Junit tests and those tests do access the sparklr2 photos using one at a time the different clientIds. Those attempts are successful but most of them do not authenticate/authorize using the /oauth/user/authorize URI. They use the /oauth/authorize URI.
Why are my attempts to have a different clientId accessing the sparklr resource fail ?
Any clarification is greatly appreciated.
Sr. Software Engineer/Tracom/Denver
May 17th, 2011, 09:53 PM
May 18th, 2011, 03:15 PM
I have been retesting with the client id set to "my-less-trusted-client" and now that I cleaned all cookies from the browser I do not see the 401 Error anymore.
Clearly one of the Spring classes stores the clientId in the cookies and I do not know which Spring class does that.
Sr. Software Developer/Tracom/Denver