source: josm/trunk/src/oauth/signpost/OAuthProvider.java@ 10224

Last change on this file since 10224 was 6849, checked in by stoecker, 11 years ago

see #9710 - update oauth library code

File size: 10.5 KB
Line 
1/*
2 * Copyright (c) 2009 Matthias Kaeppler Licensed under the Apache License,
3 * Version 2.0 (the "License"); you may not use this file except in compliance
4 * with the License. You may obtain a copy of the License at
5 * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law
6 * or agreed to in writing, software distributed under the License is
7 * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
8 * KIND, either express or implied. See the License for the specific language
9 * governing permissions and limitations under the License.
10 */
11package oauth.signpost;
12
13import java.io.Serializable;
14import java.util.Map;
15
16import oauth.signpost.basic.DefaultOAuthConsumer;
17import oauth.signpost.basic.DefaultOAuthProvider;
18import oauth.signpost.exception.OAuthCommunicationException;
19import oauth.signpost.exception.OAuthExpectationFailedException;
20import oauth.signpost.exception.OAuthMessageSignerException;
21import oauth.signpost.exception.OAuthNotAuthorizedException;
22import oauth.signpost.http.HttpParameters;
23
24/**
25 * <p>
26 * Supplies an interface that can be used to retrieve request and access tokens
27 * from an OAuth 1.0(a) service provider. A provider object requires an
28 * {@link OAuthConsumer} to sign the token request message; after a token has
29 * been retrieved, the consumer is automatically updated with the token and the
30 * corresponding secret.
31 * </p>
32 * <p>
33 * To initiate the token exchange, create a new provider instance and configure
34 * it with the URLs the service provider exposes for requesting tokens and
35 * resource authorization, e.g.:
36 * </p>
37 *
38 * <pre>
39 * OAuthProvider provider = new DefaultOAuthProvider(&quot;http://twitter.com/oauth/request_token&quot;,
40 * &quot;http://twitter.com/oauth/access_token&quot;, &quot;http://twitter.com/oauth/authorize&quot;);
41 * </pre>
42 * <p>
43 * Depending on the HTTP library you use, you may need a different provider
44 * type, refer to the website documentation for how to do that.
45 * </p>
46 * <p>
47 * To receive a request token which the user must authorize, you invoke it using
48 * a consumer instance and a callback URL:
49 * </p>
50 * <p>
51 *
52 * <pre>
53 * String url = provider.retrieveRequestToken(consumer, &quot;http://www.example.com/callback&quot;);
54 * </pre>
55 *
56 * </p>
57 * <p>
58 * That url must be opened in a Web browser, where the user can grant access to
59 * the resources in question. If that succeeds, the service provider will
60 * redirect to the callback URL and append the blessed request token.
61 * </p>
62 * <p>
63 * That token must now be exchanged for an access token, as such:
64 * </p>
65 * <p>
66 *
67 * <pre>
68 * provider.retrieveAccessToken(consumer, nullOrVerifierCode);
69 * </pre>
70 *
71 * </p>
72 * <p>
73 * where nullOrVerifierCode is either null if your provided a callback URL in
74 * the previous step, or the pin code issued by the service provider to the user
75 * if the request was out-of-band (cf. {@link OAuth#OUT_OF_BAND}.
76 * </p>
77 * <p>
78 * The consumer used during token handshakes is now ready for signing.
79 * </p>
80 *
81 * @see DefaultOAuthProvider
82 * @see DefaultOAuthConsumer
83 * @see OAuthProviderListener
84 */
85public interface OAuthProvider extends Serializable {
86
87 /**
88 * Queries the service provider for a request token.
89 * <p>
90 * <b>Pre-conditions:</b> the given {@link OAuthConsumer} must have a valid
91 * consumer key and consumer secret already set.
92 * </p>
93 * <p>
94 * <b>Post-conditions:</b> the given {@link OAuthConsumer} will have an
95 * unauthorized request token and token secret set.
96 * </p>
97 *
98 * @param consumer
99 * the {@link OAuthConsumer} that should be used to sign the request
100 * @param callbackUrl
101 * Pass an actual URL if your app can receive callbacks and you want
102 * to get informed about the result of the authorization process.
103 * Pass {@link OAuth.OUT_OF_BAND} if the service provider implements
104 * OAuth 1.0a and your app cannot receive callbacks. Pass null if the
105 * service provider implements OAuth 1.0 and your app cannot receive
106 * callbacks. Please note that some services (among them Twitter)
107 * will fail authorization if you pass a callback URL but register
108 * your application as a desktop app (which would only be able to
109 * handle OOB requests).
110 * @param customOAuthParams
111 * you can pass custom OAuth parameters here which will go directly
112 * into the signer, i.e. you don't have to put them into the request
113 * first. This is useful for pre-setting OAuth params for signing.
114 * Pass them sequentially in key/value order.
115 * @return The URL to which the user must be sent in order to authorize the
116 * consumer. It includes the unauthorized request token (and in the
117 * case of OAuth 1.0, the callback URL -- 1.0a clients send along
118 * with the token request).
119 * @throws OAuthMessageSignerException
120 * if signing the request failed
121 * @throws OAuthNotAuthorizedException
122 * if the service provider rejected the consumer
123 * @throws OAuthExpectationFailedException
124 * if required parameters were not correctly set by the consumer or
125 * service provider
126 * @throws OAuthCommunicationException
127 * if server communication failed
128 */
129 public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl,
130 String... customOAuthParams) throws OAuthMessageSignerException,
131 OAuthNotAuthorizedException, OAuthExpectationFailedException,
132 OAuthCommunicationException;
133
134 /**
135 * Queries the service provider for an access token.
136 * <p>
137 * <b>Pre-conditions:</b> the given {@link OAuthConsumer} must have a valid
138 * consumer key, consumer secret, authorized request token and token secret
139 * already set.
140 * </p>
141 * <p>
142 * <b>Post-conditions:</b> the given {@link OAuthConsumer} will have an
143 * access token and token secret set.
144 * </p>
145 *
146 * @param consumer
147 * the {@link OAuthConsumer} that should be used to sign the request
148 * @param oauthVerifier
149 * <b>NOTE: Only applies to service providers implementing OAuth
150 * 1.0a. Set to null if the service provider is still using OAuth
151 * 1.0.</b> The verification code issued by the service provider
152 * after the the user has granted the consumer authorization. If the
153 * callback method provided in the previous step was
154 * {@link OAuth.OUT_OF_BAND}, then you must ask the user for this
155 * value. If your app has received a callback, the verfication code
156 * was passed as part of that request instead.
157 * @param customOAuthParams
158 * you can pass custom OAuth parameters here which will go directly
159 * into the signer, i.e. you don't have to put them into the request
160 * first. This is useful for pre-setting OAuth params for signing.
161 * Pass them sequentially in key/value order.
162 * @throws OAuthMessageSignerException
163 * if signing the request failed
164 * @throws OAuthNotAuthorizedException
165 * if the service provider rejected the consumer
166 * @throws OAuthExpectationFailedException
167 * if required parameters were not correctly set by the consumer or
168 * service provider
169 * @throws OAuthCommunicationException
170 * if server communication failed
171 */
172 public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier,
173 String... customOAuthParams) throws OAuthMessageSignerException,
174 OAuthNotAuthorizedException, OAuthExpectationFailedException,
175 OAuthCommunicationException;
176
177 /**
178 * Any additional non-OAuth parameters returned in the response body of a
179 * token request can be obtained through this method. These parameters will
180 * be preserved until the next token request is issued. The return value is
181 * never null.
182 */
183 public HttpParameters getResponseParameters();
184
185 /**
186 * Subclasses must use this setter to preserve any non-OAuth query
187 * parameters contained in the server response. It's the caller's
188 * responsibility that any OAuth parameters be removed beforehand.
189 *
190 * @param parameters
191 * the map of query parameters served by the service provider in the
192 * token response
193 */
194 public void setResponseParameters(HttpParameters parameters);
195
196 /**
197 * Use this method to set custom HTTP headers to be used for the requests
198 * which are sent to retrieve tokens. @deprecated THIS METHOD HAS BEEN
199 * DEPRECATED. Use {@link OAuthProviderListener} to customize requests.
200 *
201 * @param header
202 * The header name (e.g. 'WWW-Authenticate')
203 * @param value
204 * The header value (e.g. 'realm=www.example.com')
205 */
206 @Deprecated
207 public void setRequestHeader(String header, String value);
208
209 /**
210 * @deprecated THIS METHOD HAS BEEN DEPRECATED. Use
211 * {@link OAuthProviderListener} to customize requests.
212 * @return all request headers set via {@link #setRequestHeader}
213 */
214 @Deprecated
215 public Map<String, String> getRequestHeaders();
216
217 /**
218 * @param isOAuth10aProvider
219 * set to true if the service provider supports OAuth 1.0a. Note that
220 * you need only call this method if you reconstruct a provider
221 * object in between calls to retrieveRequestToken() and
222 * retrieveAccessToken() (i.e. if the object state isn't preserved).
223 * If instead those two methods are called on the same provider
224 * instance, this flag will be deducted automatically based on the
225 * server response during retrieveRequestToken(), so you can simply
226 * ignore this method.
227 */
228 public void setOAuth10a(boolean isOAuth10aProvider);
229
230 /**
231 * @return true if the service provider supports OAuth 1.0a. Note that the
232 * value returned here is only meaningful after you have already
233 * performed the token handshake, otherwise there is no way to
234 * determine what version of the OAuth protocol the service provider
235 * implements.
236 */
237 public boolean isOAuth10a();
238
239 public String getRequestTokenEndpointUrl();
240
241 public String getAccessTokenEndpointUrl();
242
243 public String getAuthorizationWebsiteUrl();
244
245 public void setListener(OAuthProviderListener listener);
246
247 public void removeListener(OAuthProviderListener listener);
248}
Note: See TracBrowser for help on using the repository browser.