I'm using Scribe for login with google and Twitter. It works nicely, but I would like to allow the application to connect directly without the user's intervention if he already accepted it.
Is it possible with Scribe ? If yes, how can I do that ?
Asked
Active
Viewed 698 times
2 Answers
0
Yes. Use the following value of the authorize url for twitter:
Scribe scribe = new ServiceBuilder()
.provider(org.scribe.builder.api.TwitterApi.class)
.apiKey(...)
.apiSecret(...)
.callback(...);
Token requestToken = scribe.getRequestToken();
String authorizationUrl = "https://twitter.com/oauth/authenticate?oauth_token="
+ requestToken.getToken();
// and redirect user to the authorization URL
// twitter will redirect it back to the callback URL if
// the user has already been authorized your app.
Eugene Retunsky
- 13,009
- 4
- 52
- 55
-
You're using a **very** outdated version. The latest (no properties) version is here: http://github.com/fernandezpablo85/scribe-java – Pablo Fernandez Apr 05 '12 at 01:24
-
anyway, you need to use this url for authorization (doesn't matter where it's stored). – Eugene Retunsky Apr 05 '12 at 02:42
0
Yes. You can save the access_token and access_token_secret anywhere (db, key-value storage, session, etc) and use them until they expire (they are longlived for most providers).
EDIT (answer to the comments)
I guess you have a way of identifying your users, assuming this is called user_id, I'd store it in a persistent medium (not a session), something like this:
user_id
access_token
access_token_secret
Then, fetch the token and secret from the medium, and re-create the token with:
new Token(access_token, access_token_secret);
Pablo Fernandez
- 103,170
- 56
- 192
- 232
-
okay, but how can I get it back if it's saved in the database ? Let me illustrate the typical use case : - The user connects for the first time using google. The service ask for his permission to save his mail. He agrees. - One week later, it comes back and want to connect with google. The session variable has been expired (obviously), and the server cannot know what user it is unless he connects to the service first. I guess I need to send a specific parameter telling it not to ask again for permission, but I don't know which one... – xurei Apr 05 '12 at 07:56
-
I'm using a cookie for now... It's not the best solution, I think. But at least it works... – xurei Apr 05 '12 at 13:17
-
ANSWER TO THE EDIT : as I said, I save the informations in a cookie. What I find strange is that if I already allowed my application in my profile, if I lose the cookie, the service doesn't give me automatically a new token. I must re-allow it although it is still allowed in my profile options... – xurei Apr 11 '12 at 13:49