1 | /*
|
---|
2 | * Copyright (c) 2009 Matthias Kaeppler Licensed under the Apache License,
|
---|
3 | * Version 2.0 (the "License"); you may not use this file except in compliance
|
---|
4 | * with the License. You may obtain a copy of the License at
|
---|
5 | * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law
|
---|
6 | * or agreed to in writing, software distributed under the License is
|
---|
7 | * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
---|
8 | * KIND, either express or implied. See the License for the specific language
|
---|
9 | * governing permissions and limitations under the License.
|
---|
10 | */
|
---|
11 | package oauth.signpost;
|
---|
12 |
|
---|
13 | import java.io.Serializable;
|
---|
14 | import java.util.Map;
|
---|
15 |
|
---|
16 | import oauth.signpost.basic.DefaultOAuthConsumer;
|
---|
17 | import oauth.signpost.basic.DefaultOAuthProvider;
|
---|
18 | import oauth.signpost.exception.OAuthCommunicationException;
|
---|
19 | import oauth.signpost.exception.OAuthExpectationFailedException;
|
---|
20 | import oauth.signpost.exception.OAuthMessageSignerException;
|
---|
21 | import oauth.signpost.exception.OAuthNotAuthorizedException;
|
---|
22 | import oauth.signpost.http.HttpParameters;
|
---|
23 |
|
---|
24 | /**
|
---|
25 | * <p>
|
---|
26 | * Supplies an interface that can be used to retrieve request and access tokens
|
---|
27 | * from an OAuth 1.0(a) service provider. A provider object requires an
|
---|
28 | * {@link OAuthConsumer} to sign the token request message; after a token has
|
---|
29 | * been retrieved, the consumer is automatically updated with the token and the
|
---|
30 | * corresponding secret.
|
---|
31 | * </p>
|
---|
32 | * <p>
|
---|
33 | * To initiate the token exchange, create a new provider instance and configure
|
---|
34 | * it with the URLs the service provider exposes for requesting tokens and
|
---|
35 | * resource authorization, e.g.:
|
---|
36 | * </p>
|
---|
37 | *
|
---|
38 | * <pre>
|
---|
39 | * OAuthProvider provider = new DefaultOAuthProvider("http://twitter.com/oauth/request_token",
|
---|
40 | * "http://twitter.com/oauth/access_token", "http://twitter.com/oauth/authorize");
|
---|
41 | * </pre>
|
---|
42 | * <p>
|
---|
43 | * Depending on the HTTP library you use, you may need a different provider
|
---|
44 | * type, refer to the website documentation for how to do that.
|
---|
45 | * </p>
|
---|
46 | * <p>
|
---|
47 | * To receive a request token which the user must authorize, you invoke it using
|
---|
48 | * a consumer instance and a callback URL:
|
---|
49 | * </p>
|
---|
50 | * <p>
|
---|
51 | *
|
---|
52 | * <pre>
|
---|
53 | * String url = provider.retrieveRequestToken(consumer, "http://www.example.com/callback");
|
---|
54 | * </pre>
|
---|
55 | *
|
---|
56 | * </p>
|
---|
57 | * <p>
|
---|
58 | * That url must be opened in a Web browser, where the user can grant access to
|
---|
59 | * the resources in question. If that succeeds, the service provider will
|
---|
60 | * redirect to the callback URL and append the blessed request token.
|
---|
61 | * </p>
|
---|
62 | * <p>
|
---|
63 | * That token must now be exchanged for an access token, as such:
|
---|
64 | * </p>
|
---|
65 | * <p>
|
---|
66 | *
|
---|
67 | * <pre>
|
---|
68 | * provider.retrieveAccessToken(consumer, nullOrVerifierCode);
|
---|
69 | * </pre>
|
---|
70 | *
|
---|
71 | * </p>
|
---|
72 | * <p>
|
---|
73 | * where nullOrVerifierCode is either null if your provided a callback URL in
|
---|
74 | * the previous step, or the pin code issued by the service provider to the user
|
---|
75 | * if the request was out-of-band (cf. {@link OAuth#OUT_OF_BAND}.
|
---|
76 | * </p>
|
---|
77 | * <p>
|
---|
78 | * The consumer used during token handshakes is now ready for signing.
|
---|
79 | * </p>
|
---|
80 | *
|
---|
81 | * @see DefaultOAuthProvider
|
---|
82 | * @see DefaultOAuthConsumer
|
---|
83 | * @see OAuthProviderListener
|
---|
84 | */
|
---|
85 | public interface OAuthProvider extends Serializable {
|
---|
86 |
|
---|
87 | /**
|
---|
88 | * Queries the service provider for a request token.
|
---|
89 | * <p>
|
---|
90 | * <b>Pre-conditions:</b> the given {@link OAuthConsumer} must have a valid
|
---|
91 | * consumer key and consumer secret already set.
|
---|
92 | * </p>
|
---|
93 | * <p>
|
---|
94 | * <b>Post-conditions:</b> the given {@link OAuthConsumer} will have an
|
---|
95 | * unauthorized request token and token secret set.
|
---|
96 | * </p>
|
---|
97 | *
|
---|
98 | * @param consumer
|
---|
99 | * the {@link OAuthConsumer} that should be used to sign the request
|
---|
100 | * @param callbackUrl
|
---|
101 | * Pass an actual URL if your app can receive callbacks and you want
|
---|
102 | * to get informed about the result of the authorization process.
|
---|
103 | * Pass {@link OAuth.OUT_OF_BAND} if the service provider implements
|
---|
104 | * OAuth 1.0a and your app cannot receive callbacks. Pass null if the
|
---|
105 | * service provider implements OAuth 1.0 and your app cannot receive
|
---|
106 | * callbacks. Please note that some services (among them Twitter)
|
---|
107 | * will fail authorization if you pass a callback URL but register
|
---|
108 | * your application as a desktop app (which would only be able to
|
---|
109 | * handle OOB requests).
|
---|
110 | * @param customOAuthParams
|
---|
111 | * you can pass custom OAuth parameters here which will go directly
|
---|
112 | * into the signer, i.e. you don't have to put them into the request
|
---|
113 | * first. This is useful for pre-setting OAuth params for signing.
|
---|
114 | * Pass them sequentially in key/value order.
|
---|
115 | * @return The URL to which the user must be sent in order to authorize the
|
---|
116 | * consumer. It includes the unauthorized request token (and in the
|
---|
117 | * case of OAuth 1.0, the callback URL -- 1.0a clients send along
|
---|
118 | * with the token request).
|
---|
119 | * @throws OAuthMessageSignerException
|
---|
120 | * if signing the request failed
|
---|
121 | * @throws OAuthNotAuthorizedException
|
---|
122 | * if the service provider rejected the consumer
|
---|
123 | * @throws OAuthExpectationFailedException
|
---|
124 | * if required parameters were not correctly set by the consumer or
|
---|
125 | * service provider
|
---|
126 | * @throws OAuthCommunicationException
|
---|
127 | * if server communication failed
|
---|
128 | */
|
---|
129 | public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl,
|
---|
130 | String... customOAuthParams) throws OAuthMessageSignerException,
|
---|
131 | OAuthNotAuthorizedException, OAuthExpectationFailedException,
|
---|
132 | OAuthCommunicationException;
|
---|
133 |
|
---|
134 | /**
|
---|
135 | * Queries the service provider for an access token.
|
---|
136 | * <p>
|
---|
137 | * <b>Pre-conditions:</b> the given {@link OAuthConsumer} must have a valid
|
---|
138 | * consumer key, consumer secret, authorized request token and token secret
|
---|
139 | * already set.
|
---|
140 | * </p>
|
---|
141 | * <p>
|
---|
142 | * <b>Post-conditions:</b> the given {@link OAuthConsumer} will have an
|
---|
143 | * access token and token secret set.
|
---|
144 | * </p>
|
---|
145 | *
|
---|
146 | * @param consumer
|
---|
147 | * the {@link OAuthConsumer} that should be used to sign the request
|
---|
148 | * @param oauthVerifier
|
---|
149 | * <b>NOTE: Only applies to service providers implementing OAuth
|
---|
150 | * 1.0a. Set to null if the service provider is still using OAuth
|
---|
151 | * 1.0.</b> The verification code issued by the service provider
|
---|
152 | * after the the user has granted the consumer authorization. If the
|
---|
153 | * callback method provided in the previous step was
|
---|
154 | * {@link OAuth.OUT_OF_BAND}, then you must ask the user for this
|
---|
155 | * value. If your app has received a callback, the verfication code
|
---|
156 | * was passed as part of that request instead.
|
---|
157 | * @param customOAuthParams
|
---|
158 | * you can pass custom OAuth parameters here which will go directly
|
---|
159 | * into the signer, i.e. you don't have to put them into the request
|
---|
160 | * first. This is useful for pre-setting OAuth params for signing.
|
---|
161 | * Pass them sequentially in key/value order.
|
---|
162 | * @throws OAuthMessageSignerException
|
---|
163 | * if signing the request failed
|
---|
164 | * @throws OAuthNotAuthorizedException
|
---|
165 | * if the service provider rejected the consumer
|
---|
166 | * @throws OAuthExpectationFailedException
|
---|
167 | * if required parameters were not correctly set by the consumer or
|
---|
168 | * service provider
|
---|
169 | * @throws OAuthCommunicationException
|
---|
170 | * if server communication failed
|
---|
171 | */
|
---|
172 | public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier,
|
---|
173 | String... customOAuthParams) throws OAuthMessageSignerException,
|
---|
174 | OAuthNotAuthorizedException, OAuthExpectationFailedException,
|
---|
175 | OAuthCommunicationException;
|
---|
176 |
|
---|
177 | /**
|
---|
178 | * Any additional non-OAuth parameters returned in the response body of a
|
---|
179 | * token request can be obtained through this method. These parameters will
|
---|
180 | * be preserved until the next token request is issued. The return value is
|
---|
181 | * never null.
|
---|
182 | */
|
---|
183 | public HttpParameters getResponseParameters();
|
---|
184 |
|
---|
185 | /**
|
---|
186 | * Subclasses must use this setter to preserve any non-OAuth query
|
---|
187 | * parameters contained in the server response. It's the caller's
|
---|
188 | * responsibility that any OAuth parameters be removed beforehand.
|
---|
189 | *
|
---|
190 | * @param parameters
|
---|
191 | * the map of query parameters served by the service provider in the
|
---|
192 | * token response
|
---|
193 | */
|
---|
194 | public void setResponseParameters(HttpParameters parameters);
|
---|
195 |
|
---|
196 | /**
|
---|
197 | * Use this method to set custom HTTP headers to be used for the requests
|
---|
198 | * which are sent to retrieve tokens. @deprecated THIS METHOD HAS BEEN
|
---|
199 | * DEPRECATED. Use {@link OAuthProviderListener} to customize requests.
|
---|
200 | *
|
---|
201 | * @param header
|
---|
202 | * The header name (e.g. 'WWW-Authenticate')
|
---|
203 | * @param value
|
---|
204 | * The header value (e.g. 'realm=www.example.com')
|
---|
205 | */
|
---|
206 | @Deprecated
|
---|
207 | public void setRequestHeader(String header, String value);
|
---|
208 |
|
---|
209 | /**
|
---|
210 | * @deprecated THIS METHOD HAS BEEN DEPRECATED. Use
|
---|
211 | * {@link OAuthProviderListener} to customize requests.
|
---|
212 | * @return all request headers set via {@link #setRequestHeader}
|
---|
213 | */
|
---|
214 | @Deprecated
|
---|
215 | public Map<String, String> getRequestHeaders();
|
---|
216 |
|
---|
217 | /**
|
---|
218 | * @param isOAuth10aProvider
|
---|
219 | * set to true if the service provider supports OAuth 1.0a. Note that
|
---|
220 | * you need only call this method if you reconstruct a provider
|
---|
221 | * object in between calls to retrieveRequestToken() and
|
---|
222 | * retrieveAccessToken() (i.e. if the object state isn't preserved).
|
---|
223 | * If instead those two methods are called on the same provider
|
---|
224 | * instance, this flag will be deducted automatically based on the
|
---|
225 | * server response during retrieveRequestToken(), so you can simply
|
---|
226 | * ignore this method.
|
---|
227 | */
|
---|
228 | public void setOAuth10a(boolean isOAuth10aProvider);
|
---|
229 |
|
---|
230 | /**
|
---|
231 | * @return true if the service provider supports OAuth 1.0a. Note that the
|
---|
232 | * value returned here is only meaningful after you have already
|
---|
233 | * performed the token handshake, otherwise there is no way to
|
---|
234 | * determine what version of the OAuth protocol the service provider
|
---|
235 | * implements.
|
---|
236 | */
|
---|
237 | public boolean isOAuth10a();
|
---|
238 |
|
---|
239 | public String getRequestTokenEndpointUrl();
|
---|
240 |
|
---|
241 | public String getAccessTokenEndpointUrl();
|
---|
242 |
|
---|
243 | public String getAuthorizationWebsiteUrl();
|
---|
244 |
|
---|
245 | public void setListener(OAuthProviderListener listener);
|
---|
246 |
|
---|
247 | public void removeListener(OAuthProviderListener listener);
|
---|
248 | }
|
---|