in src/main/java/com/twitter/joauth/Unpacker.java [115:158]
public void parseHeader(String header, KeyValueHandler nonTransformingHandler){
// trim, normalize encodings
KeyValueHandler handler = headerParamKeyValueHandler(nonTransformingHandler);
// check for OAuth credentials in the header. OAuth 1.0a and 2.0 have
// different header schemes, so match first on the auth scheme.
if (header != null) {
//TODO: make sure oauth1 and oauth2 check is correct.
int spaceIndex = header.indexOf(' ');
if (spaceIndex != -1 && spaceIndex != 0 && spaceIndex + 1 < header.length()) {
String authType = header.substring(0, spaceIndex);
String authString = header.substring(spaceIndex+1, header.length());
boolean shouldParse = false;
boolean oauth2 = false;
if (authType.equalsIgnoreCase(OAuthParams.OAUTH2_HEADER_AUTHTYPE)) {
shouldParse = false;
oauth2 = true;
} else if (authType.equalsIgnoreCase(OAuthParams.OAUTH1_HEADER_AUTHTYPE)) {
shouldParse = true;
oauth2 = false;
}
if (shouldParse) {
// if we were able match an appropriate auth header,
// we'll wrap that handler with a MaybeQuotedValueKeyValueHandler,
// which will strip quotes from quoted values before passing
// to the underlying handler
KeyValueHandler quotedHandler = new KeyValueHandler.MaybeQuotedValueKeyValueHandler(handler);
// now we'll pass the handler to the headerParser,
// which splits on commas rather than ampersands,
// and is more forgiving with whitespace
List<KeyValueHandler> handlers = Collections.singletonList(quotedHandler);
headerParser.parse(authString, handlers);
} else if (oauth2) {
nonTransformingHandler.handle(OAuthParams.BEARER_TOKEN, authString);
}
}
}
}