AnsweredAssumed Answered

X-OAUTH2 encoding issue

Question asked by mbecker on Jun 1, 2016
Latest reply on Jun 2, 2016 by mbecker

We work on a google cloud print integration and need to connect to google talk via oauth2.
While testing the smack library I could not login to talk.google.com with the auth error response of incorrect-encoding.

On investigating the issue I found it seems to be related to a double base64 encoding of the authentication text. (I'm no expert in smack so I might be wrong) Here is what I think is going on:

  1. SASLXOauth2Mechanism.getAuthenticationText():
    encodes the authentication text to a base64 encoded byte array with
    Base64.encode(toBytes('\u0000' + authenticationId + '\u0000' + password));
    This would be Base64.encode(byte[] ) for the first time.
  2. SASLMechanism.authenticate():
    Calls the SASLXOauth2Mechanism.getAuthenticationText() to get the authentication text as a byte array.
    It then converts the byte array to a string with Base64.encodeToString(byte[])
  3. Base64.encodeToString(byte[]):
    Before calling the String constructor it calls Base64.encode(byte[] ) on the byte array input argument.
    This would be Base64.encode(byte[] ) for the second time.

So as far as I can see the authentication text is double base64 encoded and hence the incorrect-encoding issue. (google can't find the '\u0000' separators)

 

When I replaced the original SASLXOauth2Mechanism.getAuthenticationText() with the simple line
return toBytes('\u0000' + authenticationId + '\u0000' + password);
The login returned with a success message.

 

Let me know if you can reproduce the issue.

Thanks and regards

Matt

Outcomes