Reputation: 5168
Authorization request header OAuth 2.0
I am trying to implement OAuth 2.0 on a project I am working on. I am able to authenicate with the authenication server however I am having problems with the resource server. We are using a MAC token(spec). You can see in 3.1 of the spec that I need to send a Authorization request header which includes the following. I can't make any sense of that. Can somebody show me what I am suppose to do here?
credentials = "MAC" [ RWS 1#param ]
param = id /
nonce /
body-hash /
ext /
mac
id = "id" "=" <"> plain-string <">
nonce = "nonce" "=" <"> 1*DIGIT ":" plain-string <">
body-hash = "bodyhash" "=" <"> plain-string <">
ext = "ext" "=" <"> plain-string <">
mac = "mac" "=" <"> plain-string <">
plain-string = 1*( %x20-21 / %x23-5B / %x5D-7E )
UPDATE
I feel I am getting somewhere but feel like I am still so far from solving this problem.
So I am building something like the following
StringBuilder header = new StringBuilder("MAC ").append("id=\"").append(sharedPrefs.getString(Constants.ACCESS_TOKEN, "error")).append("\",nonce=\"").append(createNonce()).
append("\",bodyhash=\"").append(bodyHash).append("\",mac=\"").append(mac).append("\"");
I calculate the body hash like so
public static String SHA256(String text) throws UnsupportedEncodingException {
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
byte[] shahash = new byte[40];
md.update(text.getBytes("iso-8859-1"), 0, text.length());
shahash = md.digest();
return Base64.encodeToString(shahash, Base64.DEFAULT);
}
And the mac like this
private String hmacSHA256(String data) throws Exception {
String key = sharedPrefs.getString(Constants.SECRET, "error");
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes("UTF-8"), "HmacSHA256");
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(secretKey);
byte[] hmacData = mac.doFinal(data.getBytes("UTF-8"));
//Log.i(TAG, "BYTE ARRAY TO STRING: " + Base64.encodeToString(hmacData, Base64.DEFAULT));
String value = Base64.encodeToString(hmacData, Base64.DEFAULT);
return value;
}
I am having problems as the server just doesn't respond. This is really driving me crazy, I can't image that this documentation is clear to anybody.
Upvotes: 1
Views: 942
Answers (1)
Reputation: 1650
you need to be aware that the MAC access authentication scheme is an extension of the oauth2 protocol, similar to the HTTP Basic access, but optional, so there is no need to implement this in every resource server.
So if you make an unauthenticated request and the resource server respond something like:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: MAC
The MAC, means that you are allowed to use this scheme of authentication.
The most common authentication scheme implemented nowadays for oauth2-based resource servers is: bearer.
If you still have concerns about how to implement this spec, there is an excelent source for Android on Github to accomplish it. And probably the java class you need is this.
Have fun!
Upvotes: 1
Related Questions
- OAuth 2.0 Authorization Header
- How to implement OAuth2 authorization on Android
- How do I add a custom authorization header to my JSON request?
- Spring fo Android : request authorization headers (not basic)
- Android Volley Request with OAuth2 Authorization
- Adding auth token as header to okhttp
- How to set the (OAuth token) Authorization Header on an Android OKHTTPClient request
- OAuth 2.0 Server
- Setting the oauth "Authorization"header in Java - Android
- Android & OAUTH 2.0