- OAuth dance overview
- OAuth dance with Twitter, LinkedIn and Facebook
- Using Spring Social templates
OAuth Dance Overview
In a nutshell, OAuth allows you to share your private data reside on Facebook, Twitter, or LinkedIn with another site without having to hand out your user name and password. OAuth protocol defines a series of steps to acquire an access token and these steps are known as the OAuth dance. The OAuth dance is kind of like the “Texas Two Step” dance, it consists mainly of three steps (OAuth 1.0), which seem deceptively simple, but require time and dedication to master them.
Here is a short list of resources about OAuth dance:
- Establish request token
- Redirect user to authorization server – this is when user will enter his/her user name and password as well as granting authorizations for a website to access his/her data on his/her behalf
- Request access token
All major social network platforms implement OAuth protocol (some are on OAuth 1.0 and a few are on OAuth 2.0), which requires them to expose URLs for the above steps. The beauty about a standard protocol is once you figure out how to work with one of these platforms, working with the next one is just a mattering of using the correct URLs. OAuth libraries are widely available and there is a good chance you will find more than one library for your favorite language.
OAuth Dance With Twitter, LinkedIn and Facebook
In my Java Spring powered web application, I used a Java OAuth library called scribe. One thing I really like about this library is that it provides examples to demonstrate how the OAuth dance works. You just plugin the api key and api secret key into the sample code, and you are ready to go. Another thing I like about scribe is that it has built in support for LinkedIn and Twitter, where the LinkedInApi.java and TwitterApi.java classes contain the appropriate request token and access token URLs. Before showing the code I would like to mention a couple of important classes in scribe for dealing OAuth dance. They are ServiceBuilder.java and OAuthService.java. ServiceBuilder.java uses builder design pattern to build an implementation of OAuthService for a specific OAuth version (currently 1.0) implementation. OAuthService.java interface defines a set of methods for the retrieval of request and access tokens and for the signing of HTTP requests.
The code below is for a use case where a user clicks on Sign In with LinkedIn”, and this request goes to a Spring MVC handler, which then initiates the request token process by asking SocialNetworkOAuthManager factory to create an instance of SocialNetworkOAuthManger for LinkedIn. Once the request token is successfully retrieved from LinkedIn, this handler returns a URL to LinkedIn OAuth authorization server, which displays a form to require user to enter user name and password, and to authorize access to his/her profile on LinkedIn. After the authorization step is successful, LinkedIn OAuth server will redirect user to a provided callback URL “liEndOAuth.htm” with OAuth verifier token. A handler for “liEndOAuth.htm” URL then goes and request an access token and access token secret using the provided verifier token. That concludes the OAuth dance.
The actual work of dealing OAuth dance is in the following classes: SocialNetworkOAuthManager.java, LinkedInOAuthManager.java and SocialNetworkFactory.java.
As you can see, the scribe library makes it pretty easy to deal with OAuth dance.
Once the access token is available, it is just a matter of providing that to Spring Social
LinkedInTemplate.java. Below is an example of retrieving LinkedIn member profile URL and using TwitterTemplate.java to tweet.
Unfortunately the LinkedInTemplate.java in Spring Social M1 doesn’t have a method to update network status. However it is not difficult to add such functionality yourself or see how that is done in this blog.
The code to implement the OAuth dance with Twitter is nearly identical to the code above so I won’t bore you with that code. The Spring Social TwitterTemplate.java does have a method to send a tweet, so it is fairly trivial to send tweets.
The “perms” attribute of the
The snippet of Java code below shows how to get to the access token and user id using Spring Social custom annotations @FacebookAccessToken and @FacebookUserId.
NOTE: In order to get @FacebookAccessToken and @FacebookUserId annotations to work correctly, the FacebookWebArgumentResolver.java must be properly configured. There are two ways to do this, but the end goal is the same, which is to set FacebookWebArgumentResolver.java as one of the custom argument resolvers in AnnotationMethodHandlerAdapter.java. The first way is if you are using the convenient
In my application I want to provide a small popup with a text box so a user can quickly send a tweet or send an update to his/her FB wall or send a network update on their LinkedIn member profile. I stumbled upon qTip library, a tooltip plugin for jQuery framework and really like the functionality this library provides. It makes it so easy to display a very professional looking tool tip.