tags:

views:

351

answers:

1
+1  Q: 

OAuts with Signpost - how to sign POST to get Access token

I'm working with client who provided me with somewhat vague instructions. Here's what I'm doing (using CommonsHttpOAuthConsumer as consumer and DefaultOAuthProvider as provider)

  1. I'm able to get response token from doing this:

    String requestToken = provider.retrieveRequestToken
(OAuth.OUT_OF_BAND);

    this is in form of URL with params so I'm parsing the actual token out for example: https://foobar.com/oauth/login_authorize?oauth_token=XRFCGPbES3M2bYZy...

  2. Now - the instructions that I get say: Given the request token obtained in step 1, login with the user’s credentials (name and password) as POST parameters and sign the request with the request token/secret POST https://foobar.com/oauth/login_authorize

That's where I'm having difficulties. Obviously I have to input that requestToken somewhere so I do this (post is HttpPost that contains user credentials):

consumer.setTokenWithSecret(requestToken, SECRET);
consumer.sign(post);

It doesn't work. It actually generates 200 status but what I get is a generic error message.

A: 

retrieveRequestToken does not return a request token, it returns an authenticationUrl that you need to send your users to so they can sign in. Request token is saved in provider object.

String authenticationUrl = provider.retrieveRequestToken( call_back_url )

Note: According to the oauth standard the users sign in on the providers site with their credentials. After they have done that you (as a consumer) can get the Access Token and after that you can access their data on the providers site.

// After user has signed in
provider.retrieveAccessToken(null)

// access token is saved in provider and provider knows which consumer uses it
// so now you can sign with your consumer and connect with the request
URL url = new URL( protected_resources_url )
HttpURLConnection request = (HttpURLConnection) url.openConnection();
consumer.sign(request)
request.connect()

If you have the user credentials you can do the authorization in your script

// Using grails and functional-tests
get(authenticationUrl)
// Image the site shows a simple form with username/password and a login button
setRedirectEnabled false
form {
  username = "mario"
  password = "peach"

  click "login"
}

And then do retrieveRequestToken and the code mentioned above

Hope this helps you // Jonas

Jonas Söderström  2009-11-25 13:34:58

related questions

Compare Strings given in $_POST with php
Ruby: How to post a file via HTTP as multipart/form-data?
How can I upload more than one file from a single HTML form in IE?
Is there any way instead of a JS hack where I can post from an iframe to another page outside the iframe?
How do I POST from an iframe to another page outside the iframe?
Javascript Post on Form Submit open a new window
POST multiple parameters
HTML: POST for images?
Sensible HTTP POST timeout values to use when programmatically issuing requests?
How do you post to an Iframe?
How do I prevent ServerXMLHTTP from automatically following redirects (HTTP 303 See Other responses)?
How can I send an HTTP POST request to a server from Excel using VBA?
What is the preferred way to redirect a request in Pylons without losing form data?
Send file using POST from a Python script
Javascript Post Request like a Form Submit
Problem POSTing to webservice in .net 3.5 solution
Python and POST data
How would one log into a phpBB3 forum through a Python script using urllib, urllib2 and ClientCookie?
Parsing HTTP Headers
jQuery ajax $.post successfull ?
PHP Multiform Validation and Redirection
When do you use POST and when do you use GET?
Security advice for jquery ajax data post?
Passing $_POST values with cURL
What is the best way to upload a file via an HTTP POST with a web form?