Apache Amber: How to exchange OAuth code for an access token with Bearer Header?

Question

I am trying to receive an authentication token for Stripe Connect using Apache Amber. There is an example of how to exchange OAuth code for an access token here :

However, Stripe requires additional "Authorization: Bearer" header:

  curl -X POST https://connect.stripe.com/oauth/token \
      -H "Authorization: Bearer xxxxxxxxxxxxxx" \
      -d code=AUTHORIZATION_CODE \
      -d grant_type=authorization_code

I tried the following:

            OAuthAuthzResponse oar = OAuthAuthzResponse.oauthCodeAuthzResponse(request);
            String error = oar.getParam("error");
            String errorDescription = oar.getParam("error_description");
            String code = oar.getCode();


            if (null != error && !error.isEmpty()){
                System.err.println ("Authentication failed: " + errorDescription);
                System.exit(1);
            }

            OAuthClientRequest exchangeRequest = OAuthClientRequest
            .tokenLocation("https://connect.stripe.com/oauth/token")
            .setGrantType(GrantType.AUTHORIZATION_CODE)
            .setClientId("my-client-id")
            .setCode(code)
            .buildBodyMessage();

            Map<String,String> headers =new HashMap<String, String>();
            headers.put("Authorization", "Bearer xxxxxxxxxxxxxx");

            exchangeRequest.setHeaders(headers);

           //create OAuth client that uses custom http client under the hood
           OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());


           GitHubTokenResponse oAuthResponse = oAuthClient.accessToken(exchangeRequest, GitHubTokenResponse.class);

           String accessToken = oAuthResponse.getAccessToken();

but it crashes with:

Server returned HTTP response code: 401 for URL: https://connect.stripe.com/oauth/token

Any ideas on how to add the bearer header? Thanks!

Answer 1

只要我能看到您正在将Bearer Token提前一步，就可以了……您确实仍处于令牌端点阶段 。

Answer 2

probably the easiest thing to do is to get rid of the bearer part on the snippet above and once you have the access token

String accessToken = oAuthResponse.getAccessToken();

use the

GET /resource?access_token=mF_9.B5f-4.1JqM HTTP/1.1

as for http://tools.ietf.org/html/rfc6750#section-2.3

Answer 3

您还可以关注https://issues.apache.org/jira/browse/AMBER-70

Answer 4

The answer was offered by Pinak Shah here: https://support.stripe.com/questions/how-can-i-use-the-java-bindings-with-oauth

  OAuthClientRequest oAuthRequest = OAuthClientRequest
                .tokenLocation(
                        paymnetInfoMsgs
                                .getMessage("stripe.website.token.url"))
                .setGrantType(GrantType.AUTHORIZATION_CODE)
                .setClientId(paymnetInfoMsgs.getMessage("stripe.clientID"))
                .setParameter("Authorization",
                        paymnetInfoMsgs.getMessage("stripe.aouthorization"))
                .setCode(code).buildBodyMessage();

        Map<String, String> headers = new HashMap<String, String>();
        headers.put("Authorization", paymnetInfoMsgs
                .getMessage("stripe.aouthorization"));
        headers.put("Content-Type", "application/x-www-form-urlencoded");

        // create OAuth client that uses custom http client under the hood
        URLConnectionClient urlConnectionClient = new URLConnectionClient();
        oAuthResponse = urlConnectionClient.execute(oAuthRequest, headers,
                "POST", OAuthJSONAccessTokenResponse.class);

Thanks, Pinak!