Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

jsConnect .. so close please HELP !!!

Hy guy's,

  • I have a Java based website "Jboss + Seam in Eclipse and many more (JSF,Beans,richfaces,PrimeFaces etc", in my project i have a login form that a normal user can connect to the website in the backend of the website i have a really big DB with with information.
  • I have "Vanilla - Version 2.0.18.8" instaled and downloaded "jsConnect 1.0.3b" and "jsConnect Auto SignIn 0.1.5b" - * copyed in the plugins and enabled in the dashboard.
  • My Java website has a db and vanilla uses another db, i copyed the users from from my db to vanilla db so the already existed users just login and the new jsConnect will createat new ones.
  • made in my project the index.jsp that has the user info into my WEB direct, and in my Java Dir creade the package for the jsConnect.java.
  • I copyed the clientID and the secret from jsConnect to my index.jsp
  • When i try to connect, jsConnect automaticly log's in the user that is in the index.jsp if its not in the vanilla db create a new user and log's him in. it's ok until now. so the jsConnect log's is a user or create a user based on the information in the "index.jsp"
    if (signedIn) { user.put("uniqueid", "3"); user.put("name", "joedoe"); user.put("email", "joedoe@joedoe.de"); }

  • If i call the ../index.jsp page i can see the folowing result ["Boolean secure = false;"] so i can see the values

{ "uniqueid": "3", "name": "joedoe", "email": "joedoe@joedoe.de", "clientid": "xxxxxxx", "signature": "xxxxxxxxxxxxxxxxxxxxxxxx" }

  • If i call the ../index.jsp page and i have ["Boolean secure = true;"] i get the folowing:

{ "message": "The client_id parameter is missing.", "error": "invalid_request" }

  • What am i doing wrong... and how can i get the "index.jsp" to get my login user from my website ?

Please help.
Thank you very very much guy's any help any sugestion is very welcome !!

«1

Comments

  • Anyone ? Any ideea ? please help ...

  • I think the issue is here:

    { "uniqueid": "3", "name": "joedoe", "email": "joedoe@joedoe.de", "clientid": "xxxxxxx", "signature": "xxxxxxxxxxxxxxxxxxxxxxxx" }

    And the error message says:

    { "message": "The client_id parameter is missing.", "error": "invalid_request" }

  • client_id need to be sent in the request handler that calls GetJsConnectString

    There error is from this line

    if (Val(request, "client_id") == null) {
                error = jsConnect.Error("invalid_request", "The client_id parameter is missing.");
    

    it is understandable he is a bit confused @businessdad, becuase the example he is using does uses both variations in different places.

    grep is your friend.

  • edited July 2013

    @x00
    where is the request handler that calls GetJsConnectString ? maby i dont understand exactly ...
    Thank you for the answer !
    BTW- even if i put the ["Boolean secure = true;"] and get the error i still can login using the data i writte in the if (signedIn) { user.put("uniqueid", "3"); user.put("name", "joedoe"); user.put("email", "joedoe@joedoe.de"); }

  • That exactly the point is better if you do understand the code you are using.

    Java is your language of choice, yes?

    There are only two relevant files in that example One of them we can call client or what processing the request (index.jsp), so it is the 'request handler' or client, and it references a class with various methods.

    You should be able to anatomise what is going on.

    grep is your friend.

  • edited July 2013

    I have a different question after a lot of searching and reading....
    The JsConnect "connsumes" String js = Vanilla.JsConnect.GetJsConnectString(user, request.getParameterMap(), clientID, secret, secure); from the "index.jsp" and in the "JsConnect.java" i have to make the public static String GetJsConnectString(Map user, Map request, String clientID, String secret, Boolean secure) the name = to the username(ex. benutzername)?.

    Or if its not such a big deal can some one just show me how they done it ( don't need to explain) just some example files or something ... would be a really big healp. Thank you very much !

  • x00x00 MVP
    edited July 2013

    Read the code

       if (secure) {
             if (Val(request, "client_id") == null) {
                error = jsConnect.Error("invalid_request", "The client_id parameter is missing.");
    

    I don't what you are on about, but it couldn't be clearer you need to pass client_id in the request, and it need to match clientID which is pre-set. If if not client_id being passed you need to change the check.

             } else if (!Val(request, "client_id").equals(clientID)) {
                error = jsConnect.Error("invalid_client", "Unknown client " + Val(request, "client_id") + ".");
    

    I presume you have some knowledge of java since you are working in it,

    grep is your friend.

  • @x00 said:
    I don't what you are on about, but it couldn't be clearer you need to pass client_id in the request, and it need to match clientID which is pre-set. If if not client_id being passed you need to change the check.

    In addition to what x00 wrote, and using your first post as a reference, your page is producing this:

    { "uniqueid": "3", "name": "joedoe", "email": "joedoe@joedoe.de", "clientid": "xxxxxxx", "signature": "xxxxxxxxxxxxxxxxxxxxxxxx" }
    

    While it should be producing this:

    // Note the client_id parameter, with an underscore in its name
    { "uniqueid": "3", "name": "joedoe", "email": "joedoe@joedoe.de", "client_id": "xxxxxxx", "signature": "xxxxxxxxxxxxxxxxxxxxxxxx" }
    
  • x00x00 MVP
    edited July 2013

    @businessdad true but the check is in the request that is what is causing the error in this case.

    However this could be clearer given the code examples are not all correct

    grep is your friend.

  • @x00 said:
    businessdad true but the check is in the request that is what is causing the error in this case.

    You are right! I read the message multiple times and I only noticed it now! Apologies for having increased the entropy of this discussion, I'm really getting old faster than I thought.

  • @businessdad said:
    You are right! I read the message multiple times and I only noticed it now! Apologies for having increased the entropy of this discussion,

    I'm really getting old faster than I thought.

    and more entropic :) every day both my and entropicity increases. What's a guy gonna' do.

    a midpoint along the arc between "A foolish consistency is the hobgoblin of little minds," and "chaos" might be the ticket.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I have also in the index.jsp file the String clientID = "xxxxxxxxx"; String secret = "xxxxxxxxxxxxxxxxxxxxxxxxxx"; Boolean signedIn = true; java.util.HashMap user = new java.util.LinkedHashMap();
    wich is exact in the JsConnect.java, i don't understand were is the problem ...

  • You need to log your requests and debug. The problem is there is no client_id in the request.

    grep is your friend.

  • x00x00 MVP
    edited July 2013

    @peregrine said:
    and more entropic :) every day both my and entropicity increases. What's a guy gonna' do.

    >

    a midpoint along the arc between "A foolish consistency is the hobgoblin of little minds," and "chaos" might be the tick

    wha..?

    grep is your friend.

  • I do something similar, except I use a tuba.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I do something similar, except I use a tuba.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited July 2013

    @vrijvlinder, you didn't find the duplicate funny as well. or was once enough :).

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • edited July 2013

    I figured you were on the fossilized computer ;) or each comment for each ear ?

  • peregrineperegrine MVP
    edited July 2013

    you keep on finding photos of me :) One of the few times I had a tie on, i hate'em

    friends, romans vanillans, lend me your ears.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • @peregrine said:
    you keep on finding photos of me :) One of the few times I had a tie on, i hate'em
    friends, romans vanillans, lend me your ears.

    lol ! if it's been published , I will find it watch out !!

Sign In or Register to comment.