LGTM http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java (right): http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java#newcode137 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java:137: public final String getCode() { I wonder if ...
12 years, 3 months ago
(2012-01-26 21:35:14 UTC)
#7
LGTM
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java
(right):
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java:137:
public final String getCode() {
I wonder if using final for security purposes is a good idea. If a user is
programming on a platform and has access to the open source, could they just
replace the libraries with their own? The use of final's makes mock testing
difficult.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java (right): http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java#newcode27 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java:27: * href="http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1">Authorization Code</a>). Seems to me that class could ...
12 years, 3 months ago
(2012-01-27 17:52:32 UTC)
#9
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java (right): http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java#newcode137 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java:137: public final String getCode() { On 2012/01/26 21:35:14, Daniel.Cardenas ...
12 years, 3 months ago
(2012-01-27 22:09:56 UTC)
#10
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java
(right):
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java:137:
public final String getCode() {
On 2012/01/26 21:35:14, Daniel.Cardenas wrote:
> I wonder if using final for security purposes is a good idea. If a user is
> programming on a platform and has access to the open source, could they just
> replace the libraries with their own? The use of final's makes mock testing
> difficult.
I don't understand what security consideration you are referring to here.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java
(right):
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java:27:
*
href="http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1">Authorization
Code</a>).
On 2012/01/27 17:52:32, rmistry wrote:
> Seems to me that class could be extended to work with different authorization
> grant types and not just authorization code. Update javadoc to instead point
to
> http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4 (Obtaining
> Authorization) ?
Done.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java:129:
* containing multiple space-separated scopes)
On 2012/01/27 17:52:32, rmistry wrote:
> same comment as below for varargs here.
See below.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationRequestUrl.java:199:
* multiple space-separated scopes)
On 2012/01/27 17:52:32, rmistry wrote:
> javadoc for varargs, maybe something like:
>
> @param scopes the scopes to be joined by a space separator (or a single value
> containing multiple space-separated scopes). The number of arguments is
variable
> and may be zero. The maximum number of arguments is limited by the maximum
> dimension of a Java array as defined by the <a
> href='http://java.sun.com/docs/books/vmspec/'>Java Virtual Machine
> Specification</a>.
>
> May be overkill, leaving it upto you.
I feel that it is overkill to explain to developers what varargs is, just based
on the JavaDoc I've seen elsewhere for varargs in the JDK and Guava. Let me
know if you can find an example that goes into this much detail.
With respect to specifying that zero args is allowed, I think any time you have
a list or a variable number of args you should assume zero parameters is
allowed. Otherwise, I would have declared it setScopes(String firstScope,
String... otherScores). Again, this JavaDoc style is consistent with JavaDoc
I've seen in other places like Guava.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/ClientParametersAuthentication.java
(right):
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/ClientParametersAuthentication.java:39:
* Sample usage can be found for {@link AuthorizationCodeTokenRequest}, except
substitute
On 2012/01/27 17:52:32, rmistry wrote:
> can be found "in".
>
> Why not just paste the sample usage here instead of pointing users somewhere
> else? is it because of having to maintain in multiple places?
Done.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java
(right):
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/Credential.java:184:
* we are 10 seconds away from expiration. If token server is unavailable, it
will try to use the
On 2012/01/27 17:52:32, rmistry wrote:
> implementation seems to refresh if token will expire in a minute
Done.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/TokenResponse.java
(right):
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/TokenResponse.java:54:
* or {@code null} for none.
On 2012/01/27 17:52:32, rmistry wrote:
> as described in http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-6
Done-ish: I point here to RefreshTokenRequest instead
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/TokenResponse.java:59:
/** Scope of the access token or {@code null} for none. */
On 2012/01/27 17:52:32, rmistry wrote:
> as described in http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3
Done.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
File
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/TokenResponseException.java
(right):
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/TokenResponseException.java:29:
* access token that uses
On 2012/01/27 17:52:32, rmistry wrote:
> incomplete sentence?
Done.
http://codereview.appspot.com/5440105/diff/8085/google-oauth-client/src/main/...
google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/TokenResponseException.java:55:
private TokenResponseException(JsonFactory jsonFactory, HttpResponse response,
On 2012/01/27 17:52:32, rmistry wrote:
> jsonFactory is unused
Done.
http://codereview.appspot.com/5440105/diff/26007/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/package-info.java File google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/package-info.java (right): http://codereview.appspot.com/5440105/diff/26007/google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/package-info.java#newcode41 google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/package-info.java:41: * Maybe add a section here about browser based ...
12 years, 3 months ago
(2012-01-28 00:17:29 UTC)
#12
Issue 5440105: OAuth 2.0: Credential, BrowserClientRequestUrl, BearerToken, & TokenResponseException
(Closed)
Created 12 years, 4 months ago by yanivi
Modified 12 years, 2 months ago
Reviewers: rmistry, danielcar, daniel.cardenas_gmail.com
Base URL: https://code.google.com/p/google-oauth-java-client/
Comments: 24