How to authenticate linkedin users with java using scribe in xPages
https://stackoverflow.com/questions/9817327
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
I am trying to authenticate linkedin users for my site. I am using Scribe to handle the authentication.
I am trying to do this in a two step process.
step1 just gets the correct url and redirects the user to the confirmation page. this is working fine. and after I confirmed I am redirected back to a page on my site.
step 2 is the one I am having problem with. when the redirected xpage is opening I am calling the step2 method using the token and verifyer key from the url.
One thing that I do not get is if I really need to build the service in both steps and if this is what is causing my problems. how do I send the requestToken between my two steps. please advice how to get this scenario working
Thanks - Thomas
import org.scribe.builder.ServiceBuilder;
import org.scribe.oauth.OAuthService;
import java.util.Scanner;
import org.scribe.builder.*;
import org.scribe.model.*;
import org.scribe.oauth.*;
import org.scribe.builder.api.*;
import javax.faces.context.*;
public class DoDance
{
private static final String PROTECTED_RESOURCE_URL = "http://api.linkedin.com/v1/people/~/connections:(id,last-name)";
public void step1()
{
try {
OAuthService service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey("key")
.apiSecret("secret")
.callback("http://www.acme.com/linkedin.xsp")
.build();
Token requestToken = service.getRequestToken();
String authUrl = service.getAuthorizationUrl(requestToken);
// Redirects the user to linkedin confirmation page
// This is working fine
FacesContext.getCurrentInstance().getExternalContext().redirect(authUrl);
} catch (Exception e) {
e.printStackTrace();
}
}
public String step2(String tok,String ver){
// this method is called in the beforeRenderResponse in the redirected xpage
// I get the token and verifyer in from the url parameters
Response response = null;
try {
OAuthService service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey("key")
.apiSecret("secret")
.build();
Token accessToken = service.getAccessToken(???,new Verifier(ver));
OAuthRequest request = new OAuthRequest(Verb.GET, PROTECTED_RESOURCE_URL);
service.signRequest(accessToken, request);
response = request.send();
} catch (Exception e) {
e.printStackTrace();
}
return "Body = " + response.getBody();
}
}
Soluzione
Try storing and retrieving the requestToken in a (session scoped) user bean.
public class User {
private Token requestToken;
private static String BEAN_NAME = "userBean";
public static User get() {
FacesContext context = FacesContext.getCurrentInstance();
return (User) context.getApplication().getVariableResolver().resolveVariable(context, BEAN_NAME);
}
public Token getRequestToken() {
return requestToken;
}
public void setRequestToken(Token requestToken) {
this.requestToken = requestToken;
}
}
You'll also probably need to change the JVM's security settings to use Scribe. Add this to the Domino server's java.policy file:
grant {
permission java.util.PropertyPermission
"http.keepAlive", "read, write";
};
Finally: you don't need to pass the token and verifier from the beforeRenderResponse event. They can easily be retrieved in the step2 function using
XSPContext context = XSPContext.getXSPContext( FacesContext.getCurrentInstance() );
String oauth_verifier = context.getUrlParameter("oauth_verifier");
Altri suggerimenti
Don't try to reinvent the wheel. The social enabler does exactly this and much more.
Here is some early doc I wrote: http://www.openntf.org/Projects/pmt.nsf/DA2F4D351A9F15B28625792D002D1F18/%24file/SocialEnabler111006.pdf
Re "social enabler is closely tied to a key store" - this is in fact a big benefit. If you want to do more than a prototype you need to come up with a solution how and where to centrally manage both app keys and user keys.
You also don't want to put this OAuth dance code in every NSF, but use the social enabler plugin which can be deployed globally.
We're tried social enabler with LinkedIn and it works. We were just not allowed to open source this sample.
