5

I'm having issues invoking twitter REST API using Google OAuth Java Client. I'm able to do the first steps correctly:

  1. Set the authorization URL,
  2. Get the temporary token,
  3. Generate the final token.

Then the OAuth Javadoc says:

Use the stored access token to authorize HTTP requests to protected resources by setting the OAuthParameters.token and using OAuthParameters as the HttpRequestInitializer.

It's in this step that I have issues. First of all if I only set the OAuthParameters.token value I'll get a null exception because the signer isn't set so what I presently have is:

    OAuthHmacSigner signer = new OAuthHmacSigner();
    signer.clientSharedSecret=TWITTER_CONSUMER_SECRET;
    String oauthToken = req.getParameter("oauth_token");
    String oauthVerifier = req.getParameter("oauth_verifier");
    OAuthGetAccessToken accessTokenRequest = new OAuthGetAccessToken(TWITTER_ACESS_TOKEN_URL);
    accessTokenRequest.consumerKey=TWITTER_CONSUMER_KEY;
    accessTokenRequest.signer=signer;
    accessTokenRequest.transport=HTTP_TRANSPORT;
    accessTokenRequest.temporaryToken=oauthToken;
    accessTokenRequest.verifier=oauthVerifier;
    OAuthCredentialsResponse credentials = accessTokenRequest.execute();
    String token = credentials.token;
    OAuthParameters params = new OAuthParameters();
    params.token=token;
    params.version="1.0";
    params.consumerKey=TWITTER_CONSUMER_KEY;
    params.signer=signer;
    HttpRequestFactory requestFactory = HTTP_TRANSPORT.createRequestFactory(params);
    HttpResponse twResponse = requestFactory.buildGetRequest(new GenericUrl("https://api.twitter.com/1.1/account/verify_credentials.json")).execute();

The result is always:

WARNING: Authentication error: Unable to respond to any of these challenges: {} com.google.api.client.http.HttpResponseException: 401 OK {"errors":[{"message":"Could not authenticate you","code":32}]}

If I try the Authorization header given by Twitter OAuth tool through a REST Chrome extension tool it works perfectly so it's not an account issue. When I change it for the Authorization header value computed by the Google OAuth Java client library it doesn't work.

I don't get what I'm doing wrong.

Solution: Follow the tutorial in the link provided by @Arkanon, I missed refreshing the signer token secrete through:

signer.tokenSharedSecret
out_sid3r
  • 1,018
  • 2
  • 20
  • 42
  • have you tried doing so using any other library? – Jhanvi Nov 01 '13 at 08:54
  • no I haven't...i opened this bounty exactly to understand why it isn't working with this one, meaning asking help to someone who has used it with twitter or another oauth1.0 provider – out_sid3r Nov 01 '13 at 15:30

1 Answers1

2

I just modified the code on this page about using google-oauth-java-client to send a request to Twitter and it worked fine once I replaced the relevant block with this:

while (currentLine.equalsIgnoreCase("n")) {
    System.out.println("Enter the verification PIN provided by Twitter:");
    currentLine = in.readLine();
}

and then added the following to the accessToken object:

accessToken.verifier = currentLine;

Once the PIN provided by the Twitter site is typed into the Java console and you hit Enter, the process completes and the protected resource can be accessed and the desired JSON response is received.

The only other changes I made to that code were to provide the Twitter constants as follows:

private static final String CONSUMER_KEY =
        "enter-your-consumer-key-here";
private static final String CONSUMER_SECRET =
        "enter-your-consumer-secret-here";
private static final String PROTECTED_SERVICE_URL =
        "https://api.twitter.com/1.1/statuses/home_timeline.json";
private static final String REQUEST_TOKEN_URL =
        "https://api.twitter.com/oauth/request_token";
private static final String AUTHORIZE_URL =
        "https://api.twitter.com/oauth/authenticate";
private static final String ACCESS_TOKEN_URL =
        "https://api.twitter.com/oauth/access_token";

Maybe this is not the exact same process you're hoping to achieve, but hopefully the code on that page will help you to spot anything you might have misunderstood. (And I agree that the documentation for the Google libraries is not all it could be.)

Bobulous
  • 12,967
  • 4
  • 37
  • 68
  • sorry but what do you mean with the PIN? I thought that after getting the access token I wouldn't need to do anything else but use it with the OAuthParameters. Just like after line 100 of the code in the url you wrote. – out_sid3r Nov 03 '13 at 18:11
  • The OAuth mechanism requires that the application direct the user to the provider website (twitter.com in this case) to visit an authorization URL. Then the site asks the user "do you want to allow NAME-OF-APP access to your data". If the user says yes, they are shown a new screen (at twitter.com) with a verification PIN that they must provide to the Java application in order to allow it to collect the access token. If you're creating a web application then you can have your code simply redirect the user's browser to twitter.com and Twitter can direct them back, otherwise a PIN is needed. – Bobulous Nov 03 '13 at 18:20
  • So I should do everything exactly like in the link you provided right? I mean because it's a web app I won't need a PIN, correct? – out_sid3r Nov 03 '13 at 18:24
  • Then instead of a PIN manually typed in by the user, the URL to which Twitter redirects the user (after authorization) should contain a query-string parameter which is the verification code. See the [Twitter page about the process](https://dev.twitter.com/docs/auth/implementing-sign-twitter). You need to extract the verification code from the query-string Twitter provides, and then add that to the access token object. – Bobulous Nov 03 '13 at 18:28
  • that's exactly what I'm doing, just updated the the question. Are you able to do it without the PIN code? Do you think it might be possible the signature isn't generated correctly based on the provided token – out_sid3r Nov 03 '13 at 18:33
  • Can you add to your question the line where you define the value of the `signer` variable? – Bobulous Nov 03 '13 at 18:38
  • done...first line...but I mean the token request works but not the one to the verify_credentials – out_sid3r Nov 03 '13 at 18:43