TokenState state = tokenState.get(requestToken); if (throttled) { return makeOAuthProblemReport(OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); } else if (unauthorized) { return makeOAuthProblemReport(OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); } else if (state == null) { return makeOAuthProblemReport(OAuth.Problems.TOKEN_REJECTED, "Unknown request token", HttpResponse.SC_UNAUTHORIZED); String extra = hasExtraParams(info.message); if (extra != null) { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_REJECTED, extra, HttpResponse.SC_BAD_REQUEST); String sentVerifier = info.message.getParameter("oauth_verifier"); if (state.verifier != null && !state.verifier.equals(sentVerifier)) { return makeOAuthProblemReport(OAuthConstants.PROBLEM_BAD_VERIFIER, "wrong oauth verifier", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport(OAuth.Problems.PARAMETER_ABSENT, "no oauth_session_handle", HttpResponse.SC_BAD_REQUEST); return makeOAuthProblemReport(OAuthConstants.PROBLEM_TOKEN_INVALID, "token not valid", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport(OAuth.Problems.TOKEN_REVOKED, "Revoked access token can't be renewed", HttpResponse.SC_UNAUTHORIZED);
TokenState state = tokenState.get(requestToken); if (throttled) { return makeOAuthProblemReport(OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); } else if (unauthorized) { return makeOAuthProblemReport(OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); } else if (state == null) { return makeOAuthProblemReport(OAuth.Problems.TOKEN_REJECTED, "Unknown request token", HttpResponse.SC_UNAUTHORIZED); String extra = hasExtraParams(info.message); if (extra != null) { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_REJECTED, extra, HttpResponse.SC_BAD_REQUEST); String sentVerifier = info.message.getParameter("oauth_verifier"); if (state.verifier != null && !state.verifier.equals(sentVerifier)) { return makeOAuthProblemReport(OAuthConstants.PROBLEM_BAD_VERIFIER, "wrong oauth verifier", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport(OAuth.Problems.PARAMETER_ABSENT, "no oauth_session_handle", HttpResponse.SC_BAD_REQUEST); return makeOAuthProblemReport(OAuthConstants.PROBLEM_TOKEN_INVALID, "token not valid", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport(OAuth.Problems.TOKEN_REVOKED, "Revoked access token can't be renewed", HttpResponse.SC_UNAUTHORIZED);
consumer = oauthConsumer; } else { return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_UNKNOWN, "invalid consumer: " + requestConsumer, HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota exhausted", HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_BAD_REQUEST); String extra = hasExtraParams(info.message); if (extra != null) { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_REJECTED, extra, HttpResponse.SC_BAD_REQUEST);
consumer = oauthConsumer; } else { return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_UNKNOWN, "invalid consumer: " + requestConsumer, HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota exhausted", HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_BAD_REQUEST); String extra = hasExtraParams(info.message); if (extra != null) { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_REJECTED, extra, HttpResponse.SC_BAD_REQUEST);
TokenState state = tokenState.get(requestToken); if (throttled) { return makeOAuthProblemReport(OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); } else if (unauthorized) { return makeOAuthProblemReport(OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); } else if (state == null) { return makeOAuthProblemReport(OAuth.Problems.TOKEN_REJECTED, "Unknown request token", HttpResponse.SC_UNAUTHORIZED); String extra = hasExtraParams(info.message); if (extra != null) { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_REJECTED, extra, HttpResponse.SC_BAD_REQUEST); String sentVerifier = info.message.getParameter("oauth_verifier"); if (state.verifier != null && !state.verifier.equals(sentVerifier)) { return makeOAuthProblemReport(OAuthConstants.PROBLEM_BAD_VERIFIER, "wrong oauth verifier", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport(OAuth.Problems.PARAMETER_ABSENT, "no oauth_session_handle", HttpResponse.SC_BAD_REQUEST); return makeOAuthProblemReport(OAuthConstants.PROBLEM_TOKEN_INVALID, "token not valid", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport(OAuth.Problems.TOKEN_REVOKED, "Revoked access token can't be renewed", HttpResponse.SC_UNAUTHORIZED);
consumer = oauthConsumer; } else { return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_UNKNOWN, "invalid consumer: " + requestConsumer, HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota exhausted", HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_BAD_REQUEST); String extra = hasExtraParams(info.message); if (extra != null) { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_REJECTED, extra, HttpResponse.SC_BAD_REQUEST);
consumer = signedFetchConsumer; } else { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_ABSENT, "oauth_consumer_key not found", HttpResponse.SC_BAD_REQUEST); String responseBody = null; if (throttled) { return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); TokenState state = tokenState.get(accessToken); if (state == null) { return makeOAuthProblemReport( OAuth.Problems.TOKEN_REJECTED, "Access token unknown", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport( OAuth.Problems.TOKEN_REVOKED, "User revoked permissions", HttpResponse.SC_UNAUTHORIZED); long expiration = state.issued + TOKEN_EXPIRATION_SECONDS * 1000; if (expiration < clock.currentTimeMillis()) { return makeOAuthProblemReport(OAuthConstants.PROBLEM_ACCESS_TOKEN_EXPIRED, "token needs to be refreshed", HttpResponse.SC_UNAUTHORIZED);
consumer = signedFetchConsumer; } else { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_ABSENT, "oauth_consumer_key not found", HttpResponse.SC_BAD_REQUEST); String responseBody = null; if (throttled) { return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); TokenState state = tokenState.get(accessToken); if (state == null) { return makeOAuthProblemReport( OAuth.Problems.TOKEN_REJECTED, "Access token unknown", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport( OAuth.Problems.TOKEN_REVOKED, "User revoked permissions", HttpResponse.SC_UNAUTHORIZED); long expiration = state.issued + TOKEN_EXPIRATION_SECONDS * 1000; if (expiration < clock.currentTimeMillis()) { return makeOAuthProblemReport(OAuthConstants.PROBLEM_ACCESS_TOKEN_EXPIRED, "token needs to be refreshed", HttpResponse.SC_UNAUTHORIZED);
consumer = signedFetchConsumer; } else { return makeOAuthProblemReport(OAuth.Problems.PARAMETER_ABSENT, "oauth_consumer_key not found", HttpResponse.SC_BAD_REQUEST); String responseBody = null; if (throttled) { return makeOAuthProblemReport( OAuth.Problems.CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); return makeOAuthProblemReport( OAuth.Problems.PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); TokenState state = tokenState.get(accessToken); if (state == null) { return makeOAuthProblemReport( OAuth.Problems.TOKEN_REJECTED, "Access token unknown", HttpResponse.SC_UNAUTHORIZED); return makeOAuthProblemReport( OAuth.Problems.TOKEN_REVOKED, "User revoked permissions", HttpResponse.SC_UNAUTHORIZED); long expiration = state.issued + TOKEN_EXPIRATION_SECONDS * 1000; if (expiration < clock.currentTimeMillis()) { return makeOAuthProblemReport(OAuthConstants.PROBLEM_ACCESS_TOKEN_EXPIRED, "token needs to be refreshed", HttpResponse.SC_UNAUTHORIZED);