2

I'm trying to implement "Twitter" login for my web application. I use scribe to simplify things a bit.

My implementation relies of GWT RPC mechanism to get the Authorization url back to the client so the client can call a popup window to redirect to the Autorization Url.

However, when the URL is opened to the new tab and user log in with Twitter account, the page provides the PIN number (from this site: https://api.twitter.com/oauth/authorize) that needs to be typed back into the org.scribe.model.Modifier

This kind of approach will be cumbersome to users. What is needed is that when the user typed in the Twitter username/password that should be it. Or at least automate all the other process.

Am I missing something?

Here's my code:

    twitterLogin.addClickHandler(new ClickHandler() {
        @Override
        public void onClick(ClickEvent event) {
            TwitterService.Util.getInstance().getAuthorizationUrl(new AsyncCallback<String>() {
                @Override
                public void onSuccess(String result) {
                    if (result != null)
                        Window.open(result, "__blank", null);
                }

                @Override
                public void onFailure(Throwable caught) {

                }
            });             
        }
    });
quarks
  • 33,478
  • 73
  • 290
  • 513
  • Have your code store the PIN number in the page so the user doesn't have to see it or type it in. Then when authenticating with the twitter service, have the code provide it instead of the user. – Cuga Jan 24 '12 at 18:55
  • How do I get the PIN number from the authorization page? In the code above, the Authorization page is opened as a new window. Or I am accessing the authorization page the wrong way? – quarks Jan 25 '12 at 05:07
  • @xybrek: you are not using callback URL? – Umesh Awasthi Jan 25 '12 at 05:10
  • @UmeshAwasthi yes, have this callback url set with dev.twitter.com: http://127.0.0.1:8888/main/oauth_callback – quarks Jan 25 '12 at 13:34

1 Answers1

2

To authenticate with OAuth, you need to send out 2 requests to the authenticating server: - First to get the "Request Token" - Then to get the "Access Token"

Twitter does open the authentication page in a new window where they can type their Twitter username/password, so that's to be expected.

if (req.getRequestURI().equals("/twitter")) {
    Token requestToken = service.getRequestToken();
    System.out.println("Got the Request Token!" + requestToken.getToken());
    session = request.getSession(true);
    session.setAttribute("TOKEN", requestToken);
    response.sendRedirect(service.getAuthorizationUrl(requestToken));
} else if (req.getRequestURI().equals("/twitter/callback")) {
    String code = request.getParameter("oauth_verifier");
    System.out.println("Verifier :: " + code);
    System.out.println("service.getRequestToken()" + service.getRequestToken());
    session = request.getSession(false);
    Token requestToken = (Token) session.getAttribute("TOKEN");
    System.out.println("requestToken from Session " + service.getRequestToken().getToken() + " Secr" + service.getRequestToken().getSecret());

    if (code != null && !code.isEmpty()) {
        Verifier verifier = new Verifier(code);
        Token accessToken = service.getAccessToken(requestToken, verifier);
        OAuthRequest req = new OAuthRequest(Verb.GET, OAUTH_PROTECTED_URL);
        service.signRequest(accessToken, req);
        Response res = req.send();
        response.setContentType("text/plain");
        response.getWriter().println(res.getBody());
    }
}
Cuga
  • 17,668
  • 31
  • 111
  • 166
  • I have set with twitter dev page this callback url: http://127.0.0.1:8888/main/oauth_callback but after authorizing the app from the auth page, twitter just show a PIN number and does not call the URL I provided. – quarks Jan 25 '12 at 13:36
  • Are you sure Twitter is able to access a local-only URL such as the one given? I would think they would need a publicly-accessible URL for the callback. – Cuga Jan 25 '12 at 13:51
  • Also, are you sure you have the Twitter API configured correctly? Sounds like you're using Twitter in OOB mode: out of band mode - Instead of providing a URL-based callback when acquiring a request token, "oob" is supplied. Once the user has given Twitter their account credentials, they are presented with a screen containing a PIN code and are asked to enter this code into the application. The application then sends this PIN as an oauth_verifier to the access token step to complete the exchange. – Cuga Jan 25 '12 at 13:56
  • Yah I guess what my application gets is OOB. Is this because I am using Scribe library? – quarks Jan 25 '12 at 13:59
  • 1
    What did you put for the OAUTH_PROTECTED_URL – quarks Jan 25 '12 at 14:57
  • "http://api.twitter.com/1/account/verify_credentials.json" Though it depends. And to use the callback URL, configure your application to not use OOB: https://dev.twitter.com/docs/auth – Cuga Jan 25 '12 at 15:55