Scribd
Upload
87 views

Generating OAuth Token

The document provides steps to generate an OAuth token for accessing the Twitter API: 1. Send a request to Twitter's request token endpoint to get a token and secret. 2. Generate an authorization header string using the token and secret for authenticating requests. 3. Redirect to Twitter's authorization URL with the request token to get user authorization and a verification PIN.

Uploaded by

Imran Mehmood
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
87 views

Generating OAuth Token

The document provides steps to generate an OAuth token for accessing the Twitter API: 1. Send a request to Twitter's request token endpoint to get a token and secret. 2. Generate an authorization header string using the token and secret for authenticating requests. 3. Redirect to Twitter's authorization URL with the request token to get user authorization and a verification PIN.

Uploaded by

Imran Mehmood
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

How to generate OAuth Token.

http://code.google.com/p/qfacebookconnect/issues/detail?id=6

1) Send a post request to http://twitter.com/oauth/request_token 2) Set the request Authorization header with the AuthorizeTokenString. You need to set this header for every request [POST or GET]. 3) Set the request Content-Type header with the application/x-www-form-urlencoded. You need to set this header for every request [POST or GET] You can generate AuthorizeTokenString with the help of following code.
// call to method 1 //request method (POST, GET) // url you want to hit // parameters if available otherwise pass array of parameters of size 0 // token if available otherwise pass null

AuthorizeTokenString = generateAuthorizationHeader(requestMethod, url, params, token);


// method 1 //need to tell abt method (POST, GET) //url to which you want to send request // PostParameter is class containing 2 properties (parameter and value) // OAuthToken is a class containing 2 properties (token and tokensecret) private String generateAuthorizationHeader(String method, String url, PostParameter[] params, OAuthToken token) { // time in milli seconds long timestamp = System.currentTimeMillis() / 1000; // just add a randomly generated no. and timestemp to generate nounce long nonce = timestamp + Math.abs(RAND.nextInt()); // call to method 2 return generateAuthorizationHeader(method, url, params, String.valueOf(nonce), String.valueOf(timestamp), token); } //method 2 private String generateAuthorizationHeader(String method, String url, PostParameter[] params, String nonce, String timestamp, OAuthToken otoken) { if (null == params) {

params = new PostParameter[0]; } // vector containing the header parameter Vector oauthHeaderParams = new Vector(); // CONSUMER_KEY consumer key of your application registered with Twitter oauthHeaderParams.addElement(new PostParameter("oauth_consumer_key", CONSUMER_KEY)); oauthHeaderParams.addElement(new PostParameter("oauth_signature_method", "HMAC-SHA1")); oauthHeaderParams.addElement(new PostParameter("oauth_timestamp", timestamp)); oauthHeaderParams.addElement(new PostParameter("oauth_nonce", nonce)); oauthHeaderParams.addElement(new PostParameter("oauth_version", "1.0")); if (null != otoken) { oauthHeaderParams.addElement(new PostParameter("oauth_token", otoken.getToken())); } Vector signatureBaseParams = new Vector();

//call to method 3. This method will add all the entries of second vector to 1st one.
addAll(signatureBaseParams, oauthHeaderParams); ########################################################### # // method 3 # private void addAll(Vector to, Vector from){ # for(int i=0; i<from.size(); i++) # to.addElement(from.elementAt(i)); # } ###########################################################

//call to method 4. This method will add all the pasing parameters to the passing vector addAllParam(signatureBaseParams, params); ########################################################### # // method 4 # private void addAllParam(Vector to, PostParameter[] params) { # for(int i=0; i<params.length; i++) # to.addElement(params[i]); # }

########################################################### //call to method 5. This will parse all the querystring parameters from the url and add them to the passing vector parseGetParameters(url, signatureBaseParams);

StringBuffer base = new StringBuffer(method); base.append("&"); //call 1st method 6 and then 7. base.append(encode(constructRequestURL(url))); base.append("&"); // call method 8 1st and then 7. base.append(encode(normalizeRequestParameters(signatureBaseParams))); String oauthBaseString = base.toString(); // call to method 9. String signature = generateSignature(oauthBaseString, otoken); oauthHeaderParams.addElement(new PostParameter("oauth_signature", signature)); //call to method 10. return "OAuth " + encodeParameters(oauthHeaderParams, ",", true); }

// method 5. private void parseGetParameters(String url, Vector signatureBaseParams) { int queryStart = url.indexOf("?"); if (-1 != queryStart) { //tokenizing the string with the & String[] queryStrs = StringUtil.split(url.substring(queryStart + 1), "&"); for (int i=0; i<queryStrs.length; i++) { //tokenizing the string with the = String[] split = StringUtil.split(queryStrs[i], "="); if (split.length == 2) { //adding the parameters to vector after decoding. signatureBaseParams.addElement( new PostParameter(URLDecoder.decode(split[0]), URLDecoder.decode(split[1]

))); } else { signatureBaseParams.addElement( new PostParameter(URLDecoder.decode(split[0]), "")); } } } }

// method 6. public String constructRequestURL(String url) { int index = url.indexOf("?"); if (-1 != index) { url = url.substring(0, index); } int slashIndex = url.indexOf("/", 8); String baseURL = url.substring(0, slashIndex).toLowerCase(); int colonIndex = baseURL.indexOf(":", 8); if (-1 != colonIndex) { // url contains port number if (baseURL.startsWith("http://") && baseURL.endsWith(":80")) { // http default port 80 MUST be excluded baseURL = baseURL.substring(0, colonIndex); } else if (baseURL.startsWith("https://") && baseURL.endsWith(":443")) { // http default port 443 MUST be excluded baseURL = baseURL.substring(0, colonIndex); } } url = baseURL + url.substring(slashIndex); return url; }

// method 7. public String encode(String value) { String encoded = null; try { encoded = URLEncoder.encode(value, "UTF-8"); } catch (UnsupportedEncodingException ignore) { } StringBuffer buf = new StringBuffer(encoded.length());

char focus; for (int i = 0; i < encoded.length(); i++) { focus = encoded.charAt(i); if (focus == '*') { buf.append("%2A"); } else if (focus == '+') { buf.append("%20"); } else if (focus == '%' && (i + 1) < encoded.length() && encoded.charAt(i + 1) == '7' && encoded.charAt(i + 2) == 'E') { buf.append('~'); i += 2; } else { buf.append(focus); } } return buf.toString(); } // method 8. public String normalizeRequestParameters(Vector params) { //call 1st method 8-1 and then 8-2 return encodeParameters(sort(params)); } // method 8-1.sort the passing parameter public final Vector sort(Vector params){ Vector v=new Vector(); Enumeration e = params.elements(); while (e.hasMoreElements()) { PostParameter param =(PostParameter)e.nextElement(); int i=0; for (i=0; i<v.size(); i++) { int c=param.getName().compareTo(((PostParameter)v.elementAt(i)).getName()); if (c<0) { // s should go before i v.insertElementAt(param, i); break; } else if (c==0) { // s already there break; } } if (i>=v.size()) { // add s at end v.addElement(param); } } return v; } //Method 8-2. public String encodeParameters(Vector postParams) {

return encodeParameters(postParams, "&", false); } // method 9. private String generateSignature(String data, OAuthToken token) { byte[] mac = null; try { String oauthSignature = ""; if (null == token) { //consumer key of your registered application oauthSignature = encode(CONSUMER_SECRET) + "&"; } else {

// consumer secret of your register application oauthSignature = encode(CONSUMER_SECRET) + "&" + encode(token.getTokenSecret()); }

//this code will generate hmac-sha1 based signature. //use your api accordingly to generate this signature
HMAC m=new HMAC(new HMACKey(oauthSignature.getBytes()),new SHA1Digest()); byte[] bytes=data.getBytes("UTF-8"); m.update(bytes, 0, bytes.length); mac = new byte[m.getLength()]; m.getMAC(mac, 0); }catch (CryptoTokenException cte) { // should never happen } catch (CryptoUnsupportedOperationException cuoe) { // should never happen }catch(Exception e){} return new Base64().encode(mac); } -----------------------------------------------------

4) Encode the passing parameters and then write to stream. //call to method 11 query = encodeParameters(parameters) 5) Set the header for content length and set it with query.lenght(). You need to set this header for every request [POST or GET] 6) You will get the similar response after sending request to http://twitter.com/oauth/request_token

oauth_token=94tgf5JeAF5aCSqzSFZQrzJON2DXPIXKlxkkOiRcQA&oauth_toke n_secret=9sAHn709oIuBNgu9FbLAqiPXPmAVyvPSsYkm7jGYsM&oauth_callbac k_confirmed=true 7) Initialize OAuthToken after extracting oauth_token and oauth_token_secret from the above response 8) Send a GET Request to http://twitter.com/oauth/authorize?oauth_token=" + oToken.getToken() and this will return you html based response 9) Take parameter array of size 4 10) Extract the required data from response

PostParameter [] params = new PostParameter[4]; params[0] = new PostParameter("authenticity_token" //call to method 12. Response is html string which we get by calling above url. , catchPattern(response, "\"authenticity_token\" type=\"hidden\" value=\"", "\" />")); params[1] = new PostParameter("oauth_token", catchPattern(response,"name=\"oauth_token\" type=\"hidden\" value=\"","\" />")); params[2] = new PostParameter("session[username_or_email]", username); params[3] = new PostParameter("session[password]", password);

11) Get the authorize url from the response String authorizeURL = catchPattern(response, "<form action=\"","\" id=\"login_form\""); // method 12
private String catchPattern(String body, String before, String after){ int beforeIndex = body.indexOf(before); int afterIndex = body.indexOf(after, beforeIndex); return body.substring(beforeIndex + before.length(), afterIndex); }

12) Extract the cookie from the response header and set it to the header of authorizeURL request 13) Send a POST Request to extracted authorizeURL with above parameters. This will return you html based response. 14) Extract the pin with the help of following code from the response

pin = catchPattern(response, "<div id=\"oauth_pin\">\n ","\n</div>"); 15) Send a POST request to http://twitter.com/oauth/access_token with the following parameter new PostParameter[]{new PostParameter("oauth_verifier", pin)} 16) The above request will return you a response like

oauth_token=94tgf5JeAF5aCSqzSFZQrzJON2DXPIXKlxkkOiRcQA&oauth_toke n_secret=9sAHn709oIuBNgu9FbLAqiPXPmAVyvPSsYkm7jGYsM 17) Initialize OAuthToken with above response. This is your required token and persist this token. You need to send this token with every request [timeline, tweeting etc]

You might also like