Home/ Questions/Q 467921
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T23:37:49+00:00

I’m working with client who provided me with somewhat vague instructions. Here’s what I’m

  • 0

I’m working with client who provided me with somewhat vague
instructions. Here’s what I’m doing (using CommonsHttpOAuthConsumer as
consumer and DefaultOAuthProvider as provider)

  1. I’m able to get response token from doing this:

    String requestToken = provider.retrieveRequestToken
(OAuth.OUT_OF_BAND);

    this is in form of URL with params so I’m parsing the actual token
    out for example:
    https://foobar.com/oauth/login_authorize?oauth_token=XRFCGPbES3M2bYZy...

  2. Now – the instructions that I get say:
    Given the request token obtained in step 1, login with the user’s
    credentials (name and password) as POST parameters and sign the
    request with the request token/secret
    POST https://foobar.com/oauth/login_authorize

That’s where I’m having difficulties. Obviously I have to input that
requestToken somewhere so I do this (post is HttpPost that contains user credentials):

consumer.setTokenWithSecret(requestToken, SECRET);
consumer.sign(post);

It doesn’t work. It actually generates 200 status but what I get is a
generic error message.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    retrieveRequestToken does not return a request token, it returns an authenticationUrl that you need to send your users to so they can sign in. Request token is saved in provider object.

    String authenticationUrl = provider.retrieveRequestToken( call_back_url )

    Note: According to the oauth standard the users sign in on the providers site with their credentials. After they have done that you (as a consumer) can get the Access Token and after that you can access their data on the providers site.

    // After user has signed in
provider.retrieveAccessToken(null)

// access token is saved in provider and provider knows which consumer uses it
// so now you can sign with your consumer and connect with the request
URL url = new URL( protected_resources_url )
HttpURLConnection request = (HttpURLConnection) url.openConnection();
consumer.sign(request)
request.connect()

    If you have the user credentials you can do the authorization in your script

    // Using grails and functional-tests
get(authenticationUrl)
// Image the site shows a simple form with username/password and a login button
setRedirectEnabled false
form {
  username = "mario"
  password = "peach"

  click "login"
}

    And then do retrieveRequestToken and the code mentioned above

    Hope this helps you
    // Jonas

    • 0