This blog will cover the following topics:
- OAuth dance overview
- OAuth dance with Twitter, LinkedIn and Facebook
- Using Spring Social templates
Spring Social’s main objective is to make it easy for Java applications to integrate with social network platforms, i.e. Facebook, Twitter, LinkedIn, etc. It uses the same template technique that was used to make it very simple to work with JDBC or REST operations. The templates I am referring to are FacebookTemplate.java, TwitterTemplate.java, and LinkedInTemplate.java. Before you can use any of these templates, you need to provide an access token and/or access token secret. What is an access token you ask? Well, it all starts with OAuth dance.
OAuth Dance OverviewIn a nutshell, OAuth allows you to share your private data reside on Facebook, Twitter, or LinkedIn with another site without having to hand out your user name and password. OAuth protocol defines a series of steps to acquire an access token and these steps are known as the OAuth dance. The OAuth dance is kind of like the “Texas Two Step” dance, it consists mainly of three steps (OAuth 1.0), which seem deceptively simple, but require time and dedication to master them.
Here is a short list of resources about OAuth dance:
The OAuth dance consists of three steps and the last step is when the access token is handed out.
- Establish request token
- Redirect user to authorization server – this is when user will enter his/her user name and password as well as granting authorizations for a website to access his/her data on his/her behalf
- Request access token
All major social network platforms implement OAuth protocol (some are on OAuth 1.0 and a few are on OAuth 2.0), which requires them to expose URLs for the above steps. The beauty about a standard protocol is once you figure out how to work with one of these platforms, working with the next one is just a mattering of using the correct URLs. OAuth libraries are widely available and there is a good chance you will find more than one library for your favorite language.
OAuth Dance With Twitter, LinkedIn and FacebookIn my Java Spring powered web application, I used a Java OAuth library called
scribe. One thing I really like about this library is that it provides examples to demonstrate how the OAuth dance works. You just plugin the api key and api secret key into the sample code, and you are ready to go. Another thing I like about scribe is that it has built in support for LinkedIn and Twitter, where the LinkedInApi.java and TwitterApi.java classes contain the appropriate request token and access token URLs. Before showing the code I would like to mention a couple of important classes in scribe for dealing OAuth dance. They are ServiceBuilder.java and OAuthService.java. ServiceBuilder.java uses builder design pattern to build an implementation of OAuthService for a specific OAuth version (currently 1.0) implementation. OAuthService.java interface defines a set of methods for the retrieval of request and access tokens and for the signing of HTTP requests.
The code below is for a use case where a user clicks on
Sign In with LinkedIn”, and this request goes to a Spring MVC handler, which then initiates the request token process by asking SocialNetworkOAuthManager factory to create an instance of SocialNetworkOAuthManger for LinkedIn. Once the request token is successfully retrieved from LinkedIn, this handler returns a URL to LinkedIn OAuth authorization server, which displays a form to require user to enter user name and password, and to authorize access to his/her profile on LinkedIn. After the authorization step is successful, LinkedIn OAuth server will redirect user to a provided callback URL “liEndOAuth.htm” with OAuth verifier token. A handler for “liEndOAuth.htm” URL then goes and request an access token and access token secret using the provided verifier token. That concludes the OAuth dance.
02 | @SessionAttributes ({ "userLinkedInProfile" , "linkedIn" }) |
03 | public class LinkedInController { |
04 | @RequestMapping (value = "/liStartOAuth.htm" , method = RequestMethod.GET) |
05 | public ModelAndView startAuthentication() throws TwitterException { |
06 | SocialNetworkOAuthManager linkedInOAuthMgr = |
07 | SocialNetworkFactory.getLinkedInOAuthManager( |
08 | linkedInApiKeyPair.getApiKey(), |
09 | linkedInApiKeyPair.getApiKeySecret()); |
11 | ModelAndView mv = new ModelAndView( "redirect:" + linkedInOAuthMgr.getAuthorizationURL()); |
12 | mv.addObject( "linkedIn" , linkedInOAuthMgr); |
16 | @RequestMapping (value = "/liEndOAuth.htm" , method = RequestMethod.GET) |
17 | public ModelAndView endAuthentication( |
18 | @RequestParam (value = "oauth_token" , required = false ) String oauth_token, |
19 | @RequestParam (value = "oauth_verifier" ) String oauth_verifier, |
20 | @ModelAttribute ( "linkedIn" ) SocialNetworkOAuthManager linkedInOAuthMgr) { |
22 | AccessToken accessToken = linkedInOAuthMgr.getOAuthAccessToken(oauth_verifier); |
24 | UserLinkedInProfile userLinkedInProfile = new UserLinkedInProfile(); |
25 | userLinkedInProfile.setAccessToken(accessToken.getAccessCode()); |
26 | userLinkedInProfile.setAccessTokenSecret(accessToken.getAccessSecretCode()); |
28 | ModelAndView mv = new ModelAndView( "close" ); |
29 | mv.addObject( "userLinkedInProfile" , userLinkedInProfile); |
The actual work of dealing OAuth dance is in the following classes: SocialNetworkOAuthManager.java, LinkedInOAuthManager.java and SocialNetworkFactory.java.
01 | public class SocialNetworkFactory { |
02 | public static SocialNetworkOAuthManager getLinkedInOAuthManager(String apiKey, |
03 | String apiSecretKey) { |
04 | return new LinkedInOAuthManager(apiKey, apiSecretKey); |
08 | import org.scribe.builder.ServiceBuilder; |
09 | import org.scribe.builder.api.LinkedInApi; |
10 | import org.scribe.model.Token; |
11 | import org.scribe.model.Verifier; |
12 | import org.scribe.oauth.OAuthService; |
14 | public class LinkedInOAuthManager extends AbstractOAuthManager { |
17 | private OAuthService service; |
18 | private Token requestToken; |
20 | public LinkedInOAuthManager(String apiKey, String apiSecretKey) { |
21 | super (apiKey, apiSecretKey); |
23 | service = new ServiceBuilder() |
24 | .provider(LinkedInApi. class ) |
26 | .apiSecret(getApiSecretKey()) |
31 | public String getAuthorizationURL() { |
32 | requestToken = service.getRequestToken(); |
33 | return AUTHORIZE_URL + requestToken.getToken(); |
36 | public AccessToken getOAuthAccessToken(String verifierCode) { |
37 | Verifier verifier = new Verifier(verifierCode); |
38 | Token token = service.getAccessToken(requestToken, verifier); |
39 | AccessToken accessToken = new AccessToken(token.getToken(), token.getSecret()); |
As you can see, the scribe library makes it pretty easy to deal with OAuth dance.
Once the access token is available, it is just a matter of providing that to Spring Social
LinkedInTemplate.java. Below is an example of retrieving LinkedIn member profile URL and using TwitterTemplate.java to tweet.
1 | LinkedInTemplate linkedInTemplate = LinkedInTemplate(apiKey, apiSecret, accessToken, accessTokenSecret); |
2 | linkedInTemplate.getProfileUrl(); |
4 | TwitterTemplate twitterTemplate = TwitterTemplate(apiKey, apiSecret, accessToken, accessTokenSecret); |
5 | twitterTemplate.updateStatus( "This is amazing!!" ); |
Unfortunately the LinkedInTemplate.java in Spring Social M1 doesn’t have a method to update network status. However it is not difficult to add such functionality yourself or see how that is done in this
blog.
The code to implement the OAuth dance with Twitter is nearly identical to the code above so I won’t bore you with that code. The Spring Social TwitterTemplate.java does have a method to send a tweet, so it is fairly trivial to send tweets.
The OAuth dance with Facebook is a bit different from LinkedIn and Twitter. I guess because Facebook is now on OAuth 2.0. There are two ways (that I know of) to get an access token from Facebook. The first way is very simple, but it requires using Facebook JavaScript SDK and the second way is directly interacting with Facebook OAuth server via RESTful API. In this blog, I will only go over the details of the first approach, which is based on the documentation at
Facebook Developers site.
At a high level, FB JavaScript SDK provides an easy way using custom tag to display FB login/logout button and handles the redirection to their authorization server. One important thing to know is once the authorization is successfully completed, the access token is saved in a cookie with name as fbs_
. This means the server side of your application can easily get its hand on the access token. Spring Social comes with a handler method argument resolver (FacebookWebArgumentResolver.java) to extract the access token and user id out of the FB access token cookie for you.
Here is JavaScript code snippet.
3 | FB.init({appId: '' , status: true , cookie: true , xfbml: true }); |
5 | "true" perms= "publish_stream" >
|
The “perms” attribute of the tag is a very important attribute because there is where you can specify what are the different resources that your application would like to have access to on behalf of users of your application.
The snippet of Java code below shows how to get to the access token and user id using Spring Social custom annotations @FacebookAccessToken and @FacebookUserId.
01 | @RequestMapping (value= "/fbUpdateStatus.htm" , method = RequestMethod.POST) |
02 | public ModelAndView updateStatus( @RequestParam ( "status" ) String fbStatus, |
03 | @FacebookAccessToken String accessToken, |
04 | @FacebookUserId String userId) { |
05 | ModelAndView mv = null ; |
07 | FacebookTemplate facebook = new FacebookTemplate(accessToken); |
08 | facebook.updateStatus(fbStatus); |
10 | mv = ModelAndViewUtil.buildSuccessfulAjaxStatus(); |
11 | } catch (Exception e) { |
12 | mv = ModelAndViewUtil.buildFailedAjaxStatus(e.getMessage()); |
NOTE: In order to get @FacebookAccessToken and @FacebookUserId annotations to work correctly, the FacebookWebArgumentResolver.java must be properly configured. There are two ways to do this, but the end goal is the same, which is to set FacebookWebArgumentResolver.java as one of the custom argument resolvers in AnnotationMethodHandlerAdapter.java. The first way is if you are using the convenient tag, then pass an instance of FacebookWebArgumentResolver.java to AnnotationMethodHandlerAdapter inside a custom BeanPostProcessor. The second way is don’t use the convenient tag and define both the DefaultAnnotationHandlerMapping bean and AnnotationMethodHandlerAdapter bean manually. This way you can wire in an instance of FacebookWebArgumentResolver to the property customArgumentResolver of AnnotationMethodHandlerAdapter.
In my application I want to provide a small popup with a text box so a user can quickly send a tweet or send an update to his/her FB wall or send a network update on their LinkedIn member profile. I stumbled upon qTip library, a tooltip plugin for jQuery framework and really like the functionality this library provides. It makes it so easy to display a very professional looking tool tip.
Courtesy:http://fantastic.wordpress.com/2011/01/01/using-spring-social-to-update-status-on-facebook-twiiter-and-linkedin/#comment-663
{ 0 comments... read them below or add one }
Post a Comment