Package com.google.api.client.auth.oauth
@Beta
package com.google.api.client.auth.oauth
Beta
OAuth 1.0 authorization as specified in RFC 5849: The OAuth 1.0 Protocol (see detailed package specification).
There are a few features not supported by this implementation:
PLAINTEXT
signature algorithm"application/x-www-form-urlencoded"
HTTP request body"oauth_*"
parameters specified in the HTTP request URL (instead assumes they are specified in theAuthorization
header)
Before using this library, you may need to set up your application as follows:
- For web applications, you may need to first register your application with the authorization
server. It may provide two pieces of information you need:
- OAuth Consumer Key: use this as the
consumerKey
on every OAuth request, for example inAbstractOAuthGetToken.consumerKey
. - OAuth Consumer Secret: use this as the
OAuthHmacSigner.clientSharedSecret
when using the"HMAC-SHA1"
signature method.
- OAuth Consumer Key: use this as the
- For an installed application, an unregistered web application, or a web application running
on localhost, you must use the
"HMAC-SHA1"
signature method. The documentation for the authorization server will need to provide you with theconsumerKey
andclientSharedSecret
to use. - For the
"HMAC-SHA1"
signature method, useOAuthHmacSigner
. - For the
"RSA-SHA1"
signature method, useOAuthRsaSigner
.
After the set up has been completed, the typical application flow is:
- Request a temporary credentials token from the Authorization server using
OAuthGetTemporaryToken
. A callback URL should be specified for web applications, but does not need to be specified for installed applications. - Direct the end user to an authorization web page to allow the end user to authorize the
temporary token using using
OAuthAuthorizeTemporaryTokenUrl
. - After the user has granted the authorization:
- For web applications, the user's browser will be redirected to the callback URL which may be
parsed using
OAuthCallbackUrl
. - For installed applications, see the authorization server's documentation for figuring out the verification code.
- For web applications, the user's browser will be redirected to the callback URL which may be
parsed using
- Request to exchange the temporary token for a long-lived access token from the Authorization
server using
OAuthGetAccessToken
. This access token must be stored. - Use the stored access token to authorize HTTP requests to protected resources by setting the
OAuthParameters.token
and usingOAuthParameters
as theHttpRequestInitializer
.
- Since:
- 1.0
-
ClassDescription
Beta
Generic OAuth 1.0a URL to request a temporary or long-lived token from an authorization server.Beta
OAuth 1.0a URL builder for an authorization web page to allow the end user to authorize the temporary token.Beta
Generic URL that parses the callback URL after a temporary token has been authorized by the end user.Beta
Data to parse a success response to a request for temporary or token credentials.Beta
Generic OAuth 1.0a URL to request to exchange the temporary credentials token (or "request token") for a long-lived credentials token (or "access token") from an authorization server.Beta
Generic OAuth 1.0a URL to request a temporary credentials token (or "request token") from an authorization server.Beta
OAuth"HMAC-SHA1"
signature method.Beta
OAuth 1.0a parameter manager.Beta
OAuth"RSA-SHA1"
signature method.Beta
OAuth signature method.