New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Converting the request token to an access token #560

Closed
akoskm opened this Issue Jul 29, 2015 · 8 comments

Comments

Projects
None yet
3 participants
@akoskm
Contributor

akoskm commented Jul 29, 2015

Hello and thanks for the great library! I already used it for LinkedIn and it was flawless, but I have problem with Twitter sign-in. According to https://dev.twitter.com/web/sign-in/implementing 3:

To render the request token into a usable access token, your application must make a request to the POST oauth / access_token endpoint, containing the oauth_verifier value obtained in step 2. The request token is also passed in the oauth_token portion of the header, but this will have been added by the signing process.

If I understand correctly, I should be able to get an access token by passing only the oauth_token and the oauth_verifier to oaut /access_token endpoint, however I can't find any way to do this with the current API.

The best I come up with was this:

 OAuthService service = new ServiceBuilder()
            .provider(TwitterApi.class)
            .callback("https://localhost:9090/app/ui/oauth/twitter")
            .apiKey(TWITTER_CONSUMER_KEY)
            .apiSecret(TWITTER_CONSUMER_SECRET)
            .build();

Verifier verifier = new Verifier(verifierToken);
Token accessToken = service.getAccessToken(requestToken, verifier);

but getAccessToken also requires a token object which I don't have at this moment.

Any idea how I should create it?

@fernandezpablo85

This comment has been minimized.

Collaborator

fernandezpablo85 commented Jul 29, 2015

To get an access token you first need a request token, please check the Twitter example:

https://github.com/fernandezpablo85/scribe-java/blob/master/src/test/java/org/scribe/examples/TwitterExample.java

Also, this is not an issue but a question. Closing it.

@akoskm

This comment has been minimized.

Contributor

akoskm commented Jul 29, 2015

Yes, it is more a question, but I haven't found a better place to ask this, sorry!

Yes, I've checked that example and it's a completely different situation from mine. I'm working on a server application and there is a redirect between obtaining a request token and converting that request token (which isn't an object anymore after the redirect but only a combination of oauth_token and oauth_verifier) to an access token.

Looking at the public Token(String token, String secret) API, it wasn't straightforward that I can construct a new Token from the oauth_token and the oauth_verifier parameters if I supply then as token and secret. The new token can be passed to getAccessToken and it will return an access token.

I don't have any better alternatives regarding the parameter naming of the Token constructor, however I think I should write a tutorial which explains how to obtain an access token in server applications.

Thank you for your input!

@fernandezpablo85

This comment has been minimized.

Collaborator

fernandezpablo85 commented Jul 29, 2015

but getAccessToken also requires a token object which I don't have at this moment.

By "I don't have at this moment" do you mean that you generated the request token, redirected the user somewhere, got a request back with the verifier and now you have the verifier but forgot to temporarily store the token?

@akoskm

This comment has been minimized.

Contributor

akoskm commented Jul 29, 2015

No, I didn't forget to store the token temporarily because according to https://dev.twitter.com/web/sign-in/implementing 3. I don't have to. That's because after redirecting the user, the new location URL will contain the oauth_token and the oauth_verifier parameters, which are - according to the same documentation - all you need to retrieve an access token. This turned out to be true.

I just wasn't able to figure out from the API how and to which object I have to pass them to make it work.

@fernandezpablo85

This comment has been minimized.

Collaborator

fernandezpablo85 commented Jul 29, 2015

You are right, it might be confusing in cases like this, which are not at all uncommon. Do you have any idea of how can we express that clearly in scribe code (besides writing a tutorial, which I'd be delighted to include in scribe's wiki 😄 )

@akoskm

This comment has been minimized.

Contributor

akoskm commented Jul 30, 2015

Yes, I was searching for implementation details about such scenarios and I basically found nothing. I'll complete my tutorial soon, but the repository with the demo project is already up here: https://github.com/akoskm/twitter-sign-in-example

Currently I can't propose anything meaningful because the application I'm working on currently handles only Twitter Sign In and this might be a Twitter-only workflow. I'll implement Facebook Sing-in soon so with more information I might be able to identify a workflow which is common for both providers.

@akoskm

This comment has been minimized.

Contributor

akoskm commented Aug 2, 2015

@rsparkyc

This comment has been minimized.

rsparkyc commented Nov 21, 2015

I actually created #581 before realizing you were asking the same question. I'll be taking a look at the post you made now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment