Scribe - don't ask for permission when the application has already been accepted
Domanda
I'm using Scribe for login with google and Twitter. It works nicely, but I would like to allow the application to connect directly without the user's intervention if he already accepted it.
Is it possible with Scribe ? If yes, how can I do that ?
Soluzione
Yes. You can save the access_token
and access_token_secret
anywhere (db, key-value storage, session, etc) and use them until they expire (they are longlived for most providers).
EDIT (answer to the comments)
I guess you have a way of identifying your users, assuming this is called user_id
, I'd store it in a persistent medium (not a session), something like this:
user_id
access_token
access_token_secret
Then, fetch the token and secret from the medium, and re-create the token with:
new Token(access_token, access_token_secret);
Altri suggerimenti
Yes. Use the following value of the authorize url for twitter:
Scribe scribe = new ServiceBuilder()
.provider(org.scribe.builder.api.TwitterApi.class)
.apiKey(...)
.apiSecret(...)
.callback(...);
Token requestToken = scribe.getRequestToken();
String authorizationUrl = "https://twitter.com/oauth/authenticate?oauth_token="
+ requestToken.getToken();
// and redirect user to the authorization URL
// twitter will redirect it back to the callback URL if
// the user has already been authorized your app.