X-OAUTH2 encoding issue

We work on a google cloud print integration and need to connect to google talk via oauth2.
While testing the smack library I could not login to talk.google.com with the auth error response of incorrect-encoding.

On investigating the issue I found it seems to be related to a double base64 encoding of the authentication text. (I’m no expert in smack so I might be wrong) Here is what I think is going on:

  1. SASLXOauth2Mechanism.getAuthenticationText():
    encodes the authentication text to a base64 encoded byte array with
    Base64.encode(toBytes(’\u0000’ + authenticationId + ‘\u0000’ + password));
    This would be Base64.encode(byte[] ) for the first time.
  2. SASLMechanism.authenticate():
    Calls the SASLXOauth2Mechanism.getAuthenticationText() to get the authentication text as a byte array.
    It then converts the byte array to a string with Base64.encodeToString(byte[])
  3. Base64.encodeToString(byte[]):
    Before calling the String constructor it calls Base64.encode(byte[] ) on the byte array input argument.
    This would be Base64.encode(byte[] ) for the second time.
    So as far as I can see the authentication text is double base64 encoded and hence the incorrect-encoding issue. (google can’t find the ‘\u0000’ separators)

When I replaced the original SASLXOauth2Mechanism.getAuthenticationText() with the simple line
return toBytes(’\u0000’ + authenticationId + ‘\u0000’ + password);
The login returned with a success message.

Let me know if you can reproduce the issue.

Thanks and regards


Thanks for reporting https://igniterealtime.org/issues/browse/SMACK-722

I’ve uploaded Samck 4.2.0-beta2-SNAPSHOT with Do not base64 twice in SASL X-OAUTH2 · Flowdalic/Smack@ac5d9d5 · GitHub

Could you test and report back if it fixes the issue for you?

Yes the fix worked for me.
On a side note I used 4.1.7 and the switch to 4.2.0 had a little hick up.
Before I could test the fix I got a “java.security.KeyStoreException: Uninitialized keystore” exception.

So I needed to set XMPPTCPConnectionConfiguration.builder().setKeystoreType(null) to get it working.
As a user I would have expected it to just run with the default value for this advanced setting.

Nonetheless…:slight_smile: Thank you very much for the fast response and fix.



Do you have the full stacktrace of that exception for me?

Sure… here is the log output with the stacktrace

02:54:08 PM SENT (0): <stream:stream xmlns=‘jabber:client’ to=‘gmail.com’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ xml:lang=‘en’>

02:54:08 PM RECV (0): <stream:stream from=“gmail.com” id=“038FCFDCE42EFD49” version=“1.0” xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client”>stream:featuresX-OAUTH2X-GOOGLE-TOKEN</stream:features>

02:54:08 PM SENT (0):

02:54:08 PM RECV (0):

Jun 02, 2016 2:54:08 PM org.jivesoftware.smack.AbstractXMPPConnection callConnectionClosedOnErrorListener

WARNING: Connection XMPPTCPConnection[not-authenticated] (0) closed with error

java.security.KeyStoreException: Uninitialized keystore

at java.security.KeyStore.aliases(KeyStore.java:1221)

at sun.security.ssl.SunX509KeyManagerImpl.(SunX509KeyManagerImpl.java:127)

at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl .java:70)

at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:732)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java :146)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1017)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:951)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:966)

at java.lang.Thread.run(Thread.java:745)

1 Like