By far the most popular post on this blog is the one regarding using OAuth and Java. At that time OAuth, was still fairly new and I was interested in using the Java implementation with some Android applications I had been working on. The Java reference implementation was new, difficult to build, sparsely documented, and the API was confusing to say the least. Months passed and very little was done to the library. I would probably attribute this to the lack of OAuth enabled web services. Public key signing was added eventually, but when Android upgraded to HttpClient 4.0, it broke compatibility with the original OAuth library. A ported version was eventually added to the repository by Sean Sullivan but the library was still fairly difficult to use. I, like many people, swore that I would eventually get around to eventually writing a Java OAuth library that was straight forward and easy to use.
Fortunately for us, Matthias Kappler has written an excellent library called Signpost that uses the standard Java URL class, and also supports HttpClient requests. Signpost does not attempt to perform both signing and requesting like the original library and focuses solely on token acquisition and request signing, which really should be the key parts of any implementation. There are many examples of using Signpost with a number of services, including Twitter and using the new OAuth 1.0a spec that addresses the vulnerability found in the OAuth spec recently.
You can go to the google code site to check out the library and the basics of token request and authorization (including the new “pin” authorization), but I will show you some quick code to perform a status update request with Twitter. This code assumes that you have a valid access token and secret.
Update the user’s status using URL:
OAuthConsumer consumer = new DefaultOAuthConsumer(
"yourappkey",
"yourappsecret",
SignatureMethod.HMAC_SHA1);
OAuthProvider provider = new DefaultOAuthProvider(consumer,
"http://twitter.com/oauth/request_token",
"http://twitter.com/oauth/access_token",
"http://twitter.com/oauth/authorize");
consumer.setTokenAndSecret(AUTH_TOKEN,TOKEN_SECRET);//load these from a db or file
URL url = new URL("http://twitter.com/statuses/update.xml?status=" + URLEncoder.encode("test one two three"));
HttpURLConnection request = (HttpURLConnection) url.openConnection();
request.setRequestMethod("POST");
consumer.sign(request);
request.connect();
if(request.getResponseCode() == 200)
return true;
else
return false;
Performing a status update using HttpClient, assumes mClient is an already initialized HttpClient and excludes exception handling code:
OAuthConsumer consumer = new DefaultOAuthConsumer(
"yourappkey",
"yourappsecret",
SignatureMethod.HMAC_SHA1);
OAuthProvider provider = new DefaultOAuthProvider(consumer,
"http://twitter.com/oauth/request_token",
"http://twitter.com/oauth/access_token",
"http://twitter.com/oauth/authorize");
consumer.setTokenAndSecret(AUTH_TOKEN,TOKEN_SECRET);//load these from a db or file
Uri.Builder builder = new Uri.Builder();
builder.appendPath("statuses").appendPath("update.json")
.appendQueryParameter("status", status);
Uri man = builder.build();
HttpPost post = new HttpPost("http://twitter.com" + man.toString());
consumer.sign( post);
HttpResponse resp = mClient.execute(post);
if (resp.getStatusLine().getStatusCode() == 200) {
return true;
} else {
return false;
}
Hopefully you will also find Signpost to be as useful as I did. I was able to migrate my twitter application from using basic authentication to using OAuth with Signpost in an hour compared to the hours of pain spent trying to use the original implementation.
[...] 2 See this post or just skip straight to this excellent library for all of your OAuth and Java [...]