source: josm/trunk/src/oauth/signpost/OAuthProvider.java@ 6168

Last change on this file since 6168 was 4231, checked in by stoecker, 13 years ago

add signpost and metadata extractor code to repository directly

File size: 9.8 KB
Line 
1/*
2 * Copyright (c) 2009 Matthias Kaeppler Licensed under the Apache License,
3 * Version 2.0 (the "License"); you may not use this file except in compliance
4 * with the License. You may obtain a copy of the License at
5 * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law
6 * or agreed to in writing, software distributed under the License is
7 * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
8 * KIND, either express or implied. See the License for the specific language
9 * governing permissions and limitations under the License.
10 */
11package oauth.signpost;
12
13import java.io.Serializable;
14import java.util.Map;
15
16import oauth.signpost.basic.DefaultOAuthConsumer;
17import oauth.signpost.basic.DefaultOAuthProvider;
18import oauth.signpost.exception.OAuthCommunicationException;
19import oauth.signpost.exception.OAuthExpectationFailedException;
20import oauth.signpost.exception.OAuthMessageSignerException;
21import oauth.signpost.exception.OAuthNotAuthorizedException;
22import oauth.signpost.http.HttpParameters;
23
24/**
25 * <p>
26 * Supplies an interface that can be used to retrieve request and access tokens
27 * from an OAuth 1.0(a) service provider. A provider object requires an
28 * {@link OAuthConsumer} to sign the token request message; after a token has
29 * been retrieved, the consumer is automatically updated with the token and the
30 * corresponding secret.
31 * </p>
32 * <p>
33 * To initiate the token exchange, create a new provider instance and configure
34 * it with the URLs the service provider exposes for requesting tokens and
35 * resource authorization, e.g.:
36 * </p>
37 *
38 * <pre>
39 * OAuthProvider provider = new DefaultOAuthProvider(&quot;http://twitter.com/oauth/request_token&quot;,
40 * &quot;http://twitter.com/oauth/access_token&quot;, &quot;http://twitter.com/oauth/authorize&quot;);
41 * </pre>
42 * <p>
43 * Depending on the HTTP library you use, you may need a different provider
44 * type, refer to the website documentation for how to do that.
45 * </p>
46 * <p>
47 * To receive a request token which the user must authorize, you invoke it using
48 * a consumer instance and a callback URL:
49 * </p>
50 * <p>
51 *
52 * <pre>
53 * String url = provider.retrieveRequestToken(consumer, &quot;http://www.example.com/callback&quot;);
54 * </pre>
55 *
56 * </p>
57 * <p>
58 * That url must be opened in a Web browser, where the user can grant access to
59 * the resources in question. If that succeeds, the service provider will
60 * redirect to the callback URL and append the blessed request token.
61 * </p>
62 * <p>
63 * That token must now be exchanged for an access token, as such:
64 * </p>
65 * <p>
66 *
67 * <pre>
68 * provider.retrieveAccessToken(consumer, nullOrVerifierCode);
69 * </pre>
70 *
71 * </p>
72 * <p>
73 * where nullOrVerifierCode is either null if your provided a callback URL in
74 * the previous step, or the pin code issued by the service provider to the user
75 * if the request was out-of-band (cf. {@link OAuth#OUT_OF_BAND}.
76 * </p>
77 * <p>
78 * The consumer used during token handshakes is now ready for signing.
79 * </p>
80 *
81 * @see DefaultOAuthProvider
82 * @see DefaultOAuthConsumer
83 * @see OAuthProviderListener
84 */
85public interface OAuthProvider extends Serializable {
86
87 /**
88 * Queries the service provider for a request token.
89 * <p>
90 * <b>Pre-conditions:</b> the given {@link OAuthConsumer} must have a valid
91 * consumer key and consumer secret already set.
92 * </p>
93 * <p>
94 * <b>Post-conditions:</b> the given {@link OAuthConsumer} will have an
95 * unauthorized request token and token secret set.
96 * </p>
97 *
98 * @param consumer
99 * the {@link OAuthConsumer} that should be used to sign the request
100 * @param callbackUrl
101 * Pass an actual URL if your app can receive callbacks and you want
102 * to get informed about the result of the authorization process.
103 * Pass {@link OAuth.OUT_OF_BAND} if the service provider implements
104 * OAuth 1.0a and your app cannot receive callbacks. Pass null if the
105 * service provider implements OAuth 1.0 and your app cannot receive
106 * callbacks. Please note that some services (among them Twitter)
107 * will fail authorization if you pass a callback URL but register
108 * your application as a desktop app (which would only be able to
109 * handle OOB requests).
110 * @return The URL to which the user must be sent in order to authorize the
111 * consumer. It includes the unauthorized request token (and in the
112 * case of OAuth 1.0, the callback URL -- 1.0a clients send along
113 * with the token request).
114 * @throws OAuthMessageSignerException
115 * if signing the request failed
116 * @throws OAuthNotAuthorizedException
117 * if the service provider rejected the consumer
118 * @throws OAuthExpectationFailedException
119 * if required parameters were not correctly set by the consumer or
120 * service provider
121 * @throws OAuthCommunicationException
122 * if server communication failed
123 */
124 public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl)
125 throws OAuthMessageSignerException, OAuthNotAuthorizedException,
126 OAuthExpectationFailedException, OAuthCommunicationException;
127
128 /**
129 * Queries the service provider for an access token.
130 * <p>
131 * <b>Pre-conditions:</b> the given {@link OAuthConsumer} must have a valid
132 * consumer key, consumer secret, authorized request token and token secret
133 * already set.
134 * </p>
135 * <p>
136 * <b>Post-conditions:</b> the given {@link OAuthConsumer} will have an
137 * access token and token secret set.
138 * </p>
139 *
140 * @param consumer
141 * the {@link OAuthConsumer} that should be used to sign the request
142 * @param oauthVerifier
143 * <b>NOTE: Only applies to service providers implementing OAuth
144 * 1.0a. Set to null if the service provider is still using OAuth
145 * 1.0.</b> The verification code issued by the service provider
146 * after the the user has granted the consumer authorization. If the
147 * callback method provided in the previous step was
148 * {@link OAuth.OUT_OF_BAND}, then you must ask the user for this
149 * value. If your app has received a callback, the verfication code
150 * was passed as part of that request instead.
151 * @throws OAuthMessageSignerException
152 * if signing the request failed
153 * @throws OAuthNotAuthorizedException
154 * if the service provider rejected the consumer
155 * @throws OAuthExpectationFailedException
156 * if required parameters were not correctly set by the consumer or
157 * service provider
158 * @throws OAuthCommunicationException
159 * if server communication failed
160 */
161 public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier)
162 throws OAuthMessageSignerException, OAuthNotAuthorizedException,
163 OAuthExpectationFailedException, OAuthCommunicationException;
164
165 /**
166 * Any additional non-OAuth parameters returned in the response body of a
167 * token request can be obtained through this method. These parameters will
168 * be preserved until the next token request is issued. The return value is
169 * never null.
170 */
171 public HttpParameters getResponseParameters();
172
173 /**
174 * Subclasses must use this setter to preserve any non-OAuth query
175 * parameters contained in the server response. It's the caller's
176 * responsibility that any OAuth parameters be removed beforehand.
177 *
178 * @param parameters
179 * the map of query parameters served by the service provider in the
180 * token response
181 */
182 public void setResponseParameters(HttpParameters parameters);
183
184 /**
185 * Use this method to set custom HTTP headers to be used for the requests
186 * which are sent to retrieve tokens. @deprecated THIS METHOD HAS BEEN
187 * DEPRECATED. Use {@link OAuthProviderListener} to customize requests.
188 *
189 * @param header
190 * The header name (e.g. 'WWW-Authenticate')
191 * @param value
192 * The header value (e.g. 'realm=www.example.com')
193 */
194 @Deprecated
195 public void setRequestHeader(String header, String value);
196
197 /**
198 * @deprecated THIS METHOD HAS BEEN DEPRECATED. Use
199 * {@link OAuthProviderListener} to customize requests.
200 * @return all request headers set via {@link #setRequestHeader}
201 */
202 @Deprecated
203 public Map<String, String> getRequestHeaders();
204
205 /**
206 * @param isOAuth10aProvider
207 * set to true if the service provider supports OAuth 1.0a. Note that
208 * you need only call this method if you reconstruct a provider
209 * object in between calls to retrieveRequestToken() and
210 * retrieveAccessToken() (i.e. if the object state isn't preserved).
211 * If instead those two methods are called on the same provider
212 * instance, this flag will be deducted automatically based on the
213 * server response during retrieveRequestToken(), so you can simply
214 * ignore this method.
215 */
216 public void setOAuth10a(boolean isOAuth10aProvider);
217
218 /**
219 * @return true if the service provider supports OAuth 1.0a. Note that the
220 * value returned here is only meaningful after you have already
221 * performed the token handshake, otherwise there is no way to
222 * determine what version of the OAuth protocol the service provider
223 * implements.
224 */
225 public boolean isOAuth10a();
226
227 public String getRequestTokenEndpointUrl();
228
229 public String getAccessTokenEndpointUrl();
230
231 public String getAuthorizationWebsiteUrl();
232
233 public void setListener(OAuthProviderListener listener);
234
235 public void removeListener(OAuthProviderListener listener);
236}
Note: See TracBrowser for help on using the repository browser.