1

I am trying to implement the OpenID + OAuth hybrid protocol in my application for Google. I am getting the request token. So the next step as document in the Federated Login is exchange request token for an access token.

I tried it using OAuth java library but i am not getting the access token. I am trying both the 3-legged and 2-legged approaches not succeed.

Is anyone succeed in doing the hybrid protocol.

    GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters();
        oauthParameters.setOAuthConsumerKey(consumerKey);
        oauthParameters.setOAuthConsumerSecret(consumerSecret);

        calendarService = new CalendarService("marketplace-hello");
        try {
            calendarService.setOAuthCredentials(oauthParameters, 
new OAuthHmacSha1Signer());
            CalendarEventFeed results = calendarService.query(calendarFeedUrl, 
CalendarFeed.class);
        }
 catch (OAuthException e) 
{      
throw new ServletException("Unable to initialize calendar service", e); 
}

This is throwing the com.google.gdata.client.authn.oauth.OAuthException: oauth_token does not exist.

oAuthParameters.setOAuthType(OAuthType.TWO_LEGGED_OAUTH); and xoauth_requestor_id attibute to feedURL if i add these lines in the code i am getting Invalid AuthSub Token exception i don't know why it is saying Invalid AuthSub.

JAVAC
  • 1,230
  • 3
  • 17
  • 38
  • You need to include more information. *Why* doesn't it work? What goes wrong? Are there any error messages? Explain how you are trying to do it. We aren't mind readers. – Qwerky Oct 22 '10 at 09:17
  • The OAuth specifications have 2 specifications 1) 3-Legged and 2) 2-legged. In the three legged there are 3 parties involved 1) service provider 2) Consumer and 3) User In 2-legged only 2 parties invovled 1) service provider and 2) consumer and user are same entity (belongs to same domain). The above code i mentioned is for 2-legged authentication process which does not need an access token. But needs the consumer key and secret key while requesting he needs to give the email id of the same domain e.g:user@cosnumerkey. This is the only scenario we use 2-legged authentication process. – JAVAC Oct 29 '10 at 06:39
  • Why don't you use an existing library? – Andreas Kuckartz Nov 23 '10 at 17:22

1 Answers1

1

My answer here may help you.

Or try this with your requestToken:

import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.OAuthServiceProvider;
import net.oauth.client.OAuthClient;
import net.oauth.client.httpclient4.HttpClient4;

public class Try {

    public static void doit(String requestToken) throws Exception {

        String requestUrl = "https://www.google.com/accounts/OAuthGetRequestToken";
        String authorizeUrl = "https://www.google.com/accounts/OAuthAuthorizeToken";
        String accessUrl = "https://www.google.com/accounts/OAuthGetAccessToken";
        String consumerKey = "XXXXX";
        String consumerSecret = "XXXXX";
        String callbackUrl = "XXXXX";

        OAuthServiceProvider provider = new OAuthServiceProvider(requestUrl,
                authorizeUrl, accessUrl);

        OAuthConsumer consumer = new OAuthConsumer(callbackUrl, consumerKey,
                consumerSecret, provider);

        consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);

        OAuthClient client = new OAuthClient(new HttpClient4());

        OAuthAccessor accessor = new OAuthAccessor(consumer);
        accessor.requestToken = requestToken;

        OAuthMessage result = client.getAccessToken(accessor, null, null);

        System.out.println(accessor.accessToken);
        System.out.println(accessor.tokenSecret);
    }
}
Community
  • 1
  • 1
Ali Shakiba
  • 20,549
  • 18
  • 61
  • 88