I've been toying around with jersey's OAuth2.0 Client Support Library. And it works like a charm too. However I can't seem to find a way to specify the state parameter which gets sent in the authorization request. Jersey generates a random UUID for me and lets me retrieve it when I get the authorization provider's response. Before that the only option I have come up with is to manually parse the URI string which start() returns. But this shouldn't be right, right? Either I am missing something in jersey or I am missing the point of the state parameter...
So do you know of any (more elegant than mine) way to extract the state parameter just after I start() the flow? Or a way to put my own state variable in the flowBuilder?
I'm using jersey 2.5.1 by the way.
Edit to include a code sample:
final ClientIdentifier clientIdentifier = new ClientIdentifier(CLIENT_ID, CLIENT_SECRET);
final OAuth2CodeGrantFlow codeGrantFlow = OAuth2ClientSupport
.googleFlowBuilder(clientIdentifier, redirectURI, scope)
.prompt(OAuth2FlowGoogleBuilder.Prompt.CONSENT).build();
final String googleAuthURI = codeGrantFlow.start();
How do I get/set the state somewhere in there?
Edit2: Here is the feature request on Jersey's JIRA https://java.net/jira/browse/JERSEY-2342 In the meantime what Michal Gajdos suggested works fine for me.
You can use OAuth2CodeGrantFlow.Builder#property(...) method to set the state parameter:
final OAuth2CodeGrantFlow codeGrantFlow = OAuth2ClientSupport
.googleFlowBuilder(clientIdentifier, redirectURI, scope)
.prompt(OAuth2FlowGoogleBuilder.Prompt.CONSENT)
.property(OAuth2CodeGrantFlow.Phase.AUTHORIZATION, OAuth2Parameters.STATE, state)
.build();
I agree, it's not very convenient. If you have a legitimate use-case to modify builder/flow, feel free to file an improvement to our JIRA.