2

I have to authorize users on Flickr, so I have registered my app on Flickr and hardcoded values for key, secret and callbackUrl. Now, I'm using scribe library, and instead to force the user to copy and submit the verifier, I want to get the parameter frob from the callback url. I implement all in Java, using servlet session to catch the redirect. Here's the code:

public class FlickrAuth extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        OAuthService service = new ServiceBuilder().
                provider(FlickrApi.class)
                .apiKey(FLICKR_KEY)
                .apiSecret(FLICKR_SECRET)
                .callback("https://something.com/flickr")
                .build();


        Token requestToken = service.getRequestToken();
        String authorizationUrl = service.getAuthorizationUrl(requestToken);
        String url = authorizationUrl + "&perms=read";

        //Make a request to the url
        response.sendRedirect(url);

}

The the servlet callback is managed in this way:

public class FlickrCallback extends HttpServlet {

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

String code = request.getParameter("frob");

    OAuthService service = new ServiceBuilder().
            provider(FlickrApi.class)
            .apiKey(FLICKR_KEY)
            .apiSecret(FLICKR_SECRET)
            .callback(https://something.com/flickr)
            .build();

    Token requestToken = service.getRequestToken();

    Verifier verifier = new Verifier(code);

    Token accessToken = service.getAccessToken(requestToken, verifier);

}

Server raise this exception, when I try to build the Verifier: 

java.lang.IllegalArgumentException: Must provide a valid string as verifier

It seems that redirect has no frob parameter.. But callback is correct, and correctly registered on Flick application.. Someone can help me?

Thanks!

mattd
  • 543
  • 4
  • 16

1 Answers1

4

I currently have Scribe with Flickr OAuth working, and in comparing what you have, I noticed several issues:

1) frob is used in the old authentication flow, not used in OAuth. In the OAuth flow, you will need to look for "oauth_verifier" in the callback params.

  //change
  String code = request.getParameter("frob");
  //to
  String code = request.getParameter(OAuthConstants.VERIFIER); //oauth_verifier

2) you should use the original requestToken from OAuthAuth to get your accessToken, instead you are getting a new requestToken

  public class FlickrAuth extends HttpServlet {
     ...
     //after you get the initial requestToken, save it (e.g. session, database,..)
     Token requestToken = service.getRequestToken();
     request.getSession().setAttribute("some key", requestToken);


  public class FlickrCallback extends HttpServlet {
     ...
     //later you will need that original requestToken
     Token savedRequestToken = request.getSession().getAttribute("some key");
     Verifier verifier = new Verifier(code); //from request param oauth_verifier
     Token accessToken = service.getAccessToken(savedRequestToken, verifier);
ikumen
  • 11,275
  • 4
  • 41
  • 41