Doing oauth with Scribe for GWT
https://stackoverflow.com/questions/8991955
-
13-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
I'm trying to implement "Twitter" login for my web application. I use scribe to simplify things a bit.
My implementation relies of GWT RPC mechanism to get the Authorization url back to the client so the client can call a popup window to redirect to the Autorization Url.
However, when the URL is opened to the new tab and user log in with Twitter account, the page provides the PIN number (from this site: https://api.twitter.com/oauth/authorize) that needs to be typed back into the org.scribe.model.Modifier
This kind of approach will be cumbersome to users. What is needed is that when the user typed in the Twitter username/password that should be it. Or at least automate all the other process.
Am I missing something?
Here's my code:
twitterLogin.addClickHandler(new ClickHandler() {
@Override
public void onClick(ClickEvent event) {
TwitterService.Util.getInstance().getAuthorizationUrl(new AsyncCallback<String>() {
@Override
public void onSuccess(String result) {
if (result != null)
Window.open(result, "__blank", null);
}
@Override
public void onFailure(Throwable caught) {
}
});
}
});
Soluzione
To authenticate with OAuth, you need to send out 2 requests to the authenticating server: - First to get the "Request Token" - Then to get the "Access Token"
Twitter does open the authentication page in a new window where they can type their Twitter username/password, so that's to be expected.
if (req.getRequestURI().equals("/twitter")) {
Token requestToken = service.getRequestToken();
System.out.println("Got the Request Token!" + requestToken.getToken());
session = request.getSession(true);
session.setAttribute("TOKEN", requestToken);
response.sendRedirect(service.getAuthorizationUrl(requestToken));
} else if (req.getRequestURI().equals("/twitter/callback")) {
String code = request.getParameter("oauth_verifier");
System.out.println("Verifier :: " + code);
System.out.println("service.getRequestToken()" + service.getRequestToken());
session = request.getSession(false);
Token requestToken = (Token) session.getAttribute("TOKEN");
System.out.println("requestToken from Session " + service.getRequestToken().getToken() + " Secr" + service.getRequestToken().getSecret());
if (code != null && !code.isEmpty()) {
Verifier verifier = new Verifier(code);
Token accessToken = service.getAccessToken(requestToken, verifier);
OAuthRequest req = new OAuthRequest(Verb.GET, OAUTH_PROTECTED_URL);
service.signRequest(accessToken, req);
Response res = req.send();
response.setContentType("text/plain");
response.getWriter().println(res.getBody());
}
}
