OAuth 1 APIs can choose whether to pass empty oauth_token param in requests

s-gromov · s-gromov · commit f7f390a8cfaa · 2016-02-25T13:26:51.000+03:00
diff --git a/changelog b/changelog
@@ -2,6 +2,7 @@
  * Stack Exchange authentication via OAuth 2.0 (stackoverflow.com, askubuntu.com, etc.).
  * Support response in gzip.
  * differentiate OAuth1 Access token, OAuth 1 Request Token and OAuth 2 Access token, make them conforms RFCs
+ * OAuth 1 APIs can choose whether to pass empty oauth_token param in requests
 
 [2.2.2]
  * make all APIs to be extentable (have protected constructors, useful for testing)
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/builder/api/DefaultApi10a.java b/scribejava-core/src/main/java/com/github/scribejava/core/builder/api/DefaultApi10a.java
@@ -129,4 +129,14 @@ public Verb getRequestTokenVerb() {
     public OAuth10aService createService(OAuthConfig config) {
         return new OAuth10aService(this, config);
     }
+
+    /**
+     * http://tools.ietf.org/html/rfc5849 says that "The client MAY omit the empty "oauth_token" protocol parameter from
+     * the request", but not all oauth servers are good boys.
+     *
+     * @return whether to inlcude empty oauth_token param to the request
+     */
+    public boolean isEmptyOAuthTokenParamIsRequired() {
+        return false;
+    }
 }
diff --git a/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth10aService.java b/scribejava-core/src/main/java/com/github/scribejava/core/oauth/OAuth10aService.java
@@ -130,8 +130,7 @@ public void signRequest(OAuth1AccessToken token, AbstractRequest request) {
         final OAuthConfig config = getConfig();
         config.log("signing request: " + request.getCompleteUrl());
 
-        // Do not append the token if empty. This is for two legged OAuth calls.
-        if (!token.isEmpty()) {
+        if (!token.isEmpty() || api.isEmptyOAuthTokenParamIsRequired()) {
             request.addOAuthParameter(OAuthConstants.TOKEN, token.getToken());
         }
         config.log("setting token to: " + token);

Original file line number	Diff line number	Diff line change
`@@ -130,8 +130,7 @@ public void signRequest(OAuth1AccessToken token, AbstractRequest request) {`
`130`	`130`	`final OAuthConfig config = getConfig();`
`131`	`131`	`config.log("signing request: " + request.getCompleteUrl());`
`132`	`132`
`133`		`- // Do not append the token if empty. This is for two legged OAuth calls.`
`134`		`- if (!token.isEmpty()) {`
	`133`	`+ if (!token.isEmpty() \|\| api.isEmptyOAuthTokenParamIsRequired()) {`
`135`	`134`	`request.addOAuthParameter(OAuthConstants.TOKEN, token.getToken());`
`136`	`135`	`}`
`137`	`136`	`config.log("setting token to: " + token);`