Clever Geek Handbook

Difference between Java Post Request and Browser Post Request

I am trying to use api of one popular Russian social network. I am using OAuth via Java HttpUrlConnection. The problem is, when I post data after Java, I get a 401 response code. When I copy the request and paste it into the browser, I get a redirect to the URL containing the access token I need. This means that my post request is correct, but why, when I submit from Java, I get a 401 error? When I submit a request with the wrong password, I get 200. This means that the request is also correct.

private void getHomeAuth() throws Exception {
        String url = "https://oauth.vk.com/authorize?client_id=APP_ID&scope=friends&redirect_uri=https://oauth.vk.com/blank.html&display=page&v=5.34&response_type=token";

        URL oauth = new URL(url);
        HttpURLConnection connection = (HttpURLConnection) oauth.openConnection();
        connection.setRequestMethod("GET");
        connection.setRequestProperty("User-Agent", USER_AGENT);
        int responseCode = connection.getResponseCode();
        System.out.println("Response code: " + responseCode);

        BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
        String inputLine;
        StringBuilder response = new StringBuilder();

        while((inputLine = reader.readLine()) != null)
            response.append(inputLine + "\n");
        reader.close();
        PrintWriter writer = new PrintWriter("auth.html");
        writer.print(response);
        writer.close();
        parse();
        cookies = connection.getHeaderField("Set-Cookie");
        referer = connection.getURL().toString();
    }



private void postAuth() throws Exception {
        email = URLEncoder.encode("example@gmail.com", "UTF-8");
        password = "password";
        _origin = URLEncoder.encode(_origin, "UTF-8");
        String url = "https://login.vk.com/?act=login&soft=1";
        URL post = new URL(url);
        String urlParameters = "ip_h=" + ip_h + "&_origin=" + _origin + "&to=" + to + "&expire=" + expire + "&email=" + email + "&pass=" + password;
        HttpsURLConnection con = (HttpsURLConnection) post.openConnection();
        con.setRequestMethod("POST");
        con.setRequestProperty("User-Agent", USER_AGENT);
        con.setRequestProperty("Cookie", cookies);
        con.setDoOutput(true);
        DataOutputStream wr = new DataOutputStream(con.getOutputStream());
        wr.writeBytes(urlParameters);
        wr.flush();
        wr.close();
        int responseCode = con.getResponseCode();



        System.out.println("Sent post. Response code: " + responseCode + "\nRequest: " + post.toString() + urlParameters + "\nRequestMethod: " + con.getRequestMethod());

    }

I also tried to send this request via an addon in the browser and the result was correct. I got the access token from the redirect link.

Perhaps the problem is that something inside the request is wrong. I tried to track requests from a java application, but I failed.

+3


source to share


1 answer


My experience with this problem is that an HTTP request that first authenticates the user also puts cookies (scope varies from case to case) in the response, and subsequent HTTP requests are expected to contain those cookies. Take a close look at the full response headers returned to see which cookies might have been returned.



+1


source






More articles:


All Articles