I am trying to authenticate linkedin users for my site. I am using Scribe to handle the authentication.
I am trying to do this in a two step process.
step1 just gets the correct url and redirects the user to the confirmation page. this is working fine. and after I confirmed I am redirected back to a page on my site.
step 2 is the one I am having problem with. when the redirected xpage is opening I am calling the step2 method using the token and verifyer key from the url.
One thing that I do not get is if I really need to build the service in both steps and if this is what is causing my problems. how do I send the requestToken between my two steps. please advice how to get this scenario working
Thanks - Thomas
import org.scribe.builder.ServiceBuilder;
import org.scribe.oauth.OAuthService;
import java.util.Scanner;
import org.scribe.builder.*;
import org.scribe.model.*;
import org.scribe.oauth.*;
import org.scribe.builder.api.*;
import javax.faces.context.*;
public class DoDance
{
private static final String PROTECTED_RESOURCE_URL = "http://api.linkedin.com/v1/people/~/connections:(id,last-name)";
public void step1()
{
try {
OAuthService service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey("key")
.apiSecret("secret")
.callback("http://www.acme.com/linkedin.xsp")
.build();
Token requestToken = service.getRequestToken();
String authUrl = service.getAuthorizationUrl(requestToken);
// Redirects the user to linkedin confirmation page
// This is working fine
FacesContext.getCurrentInstance().getExternalContext().redirect(authUrl);
} catch (Exception e) {
e.printStackTrace();
}
}
public String step2(String tok,String ver){
// this method is called in the beforeRenderResponse in the redirected xpage
// I get the token and verifyer in from the url parameters
Response response = null;
try {
OAuthService service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey("key")
.apiSecret("secret")
.build();
Token accessToken = service.getAccessToken(???,new Verifier(ver));
OAuthRequest request = new OAuthRequest(Verb.GET, PROTECTED_RESOURCE_URL);
service.signRequest(accessToken, request);
response = request.send();
} catch (Exception e) {
e.printStackTrace();
}
return "Body = " + response.getBody();
}
}
Try storing and retrieving the requestToken in a (session scoped) user bean.
public class User {
private Token requestToken;
private static String BEAN_NAME = "userBean";
public static User get() {
FacesContext context = FacesContext.getCurrentInstance();
return (User) context.getApplication().getVariableResolver().resolveVariable(context, BEAN_NAME);
}
public Token getRequestToken() {
return requestToken;
}
public void setRequestToken(Token requestToken) {
this.requestToken = requestToken;
}
}
You'll also probably need to change the JVM's security settings to use Scribe. Add this to the Domino server's java.policy file:
grant {
permission java.util.PropertyPermission
"http.keepAlive", "read, write";
};
Finally: you don't need to pass the token and verifier from the beforeRenderResponse event. They can easily be retrieved in the step2 function using
XSPContext context = XSPContext.getXSPContext( FacesContext.getCurrentInstance() );
String oauth_verifier = context.getUrlParameter("oauth_verifier");