Open Authentication – oAuth with twitter

95% of the websites out there on the Internet ask for user name and password to provide there service to the end user. Most of the time this user name and password seems to be a vital and protected information for the end user. And in this social network  world end user wish to share some of his/her own resources to third party website ( eg: your application) from their trusted website (eg: twitter) without surrendering credentials to third party . This is the place where oAuth comes into picture.

I know the above information sounds geeky, but I have got one more laymen term definition for all those people like me. Open Authentication popularly known as oAuth, is a technology or standard that provides a secure way to share end user’s information to third party site from the trusted party.

How oAuth work. 

There are two major actors in the oAuth namely oAuth service provider and oAuth service consumer.  Generally the web gains link (Twitter, Facebook , Google, LinkedIn, salesforce) are oAuth service provider and ultimately all those who consume those services becomes oAuth service consumer (your application).

OAuth is just a standard and not an implementation. Web gains link (Twitter, Facebook, Google, Linkedin, salesforce) have already implemented oAuth service provider standards and ready for the oAuth consumer’s calls. From your side your application has to implement oAuth standards for consumer prospective. For this also there are some open source libraries available that implements oAuth consumer standards. Scribe is one such popular lib available for free downloads.

Now walk through of an example. 

Let build a small web app that facilitates a login through twitter service. Once end user logs into our application he/she can see some of their twitter information like their twitter profile picture, user name, location etc., and these information can be used for our application needs.

Here our application is called third party (oAuth service consumer) and twitter becomes a trusted party (oAuth service provider)

In order to communicate with oAuth service provider we have create a mutual understanding that I am a third party website who would like to get some information of my user who is already been with you.

 

Since twitter is our oAuth service provider we have to create a mutual understanding on this url https://dev.twitter.com/

Once you provide the details of your application twitter will give two keys (technically know as tokens) which will be used to make oAuth consumer calls from your application.

That’s it.

Here I have give my application details and get registered for the keys.

Here I have give my application details and get registered for the keys.

Now from the application we have make consumer call for login using the two keys with help of scribe lib implementation.

Below is a code snippet for making consumer call.

 

OAuthService service = new ServiceBuilder()
.provider(TwitterApi.class)
.apiKey(“****YOUR_KEY*****”)
.apiSecret(“****YOUR_SECRET*****”)
.callback(“http://localhost:8080/oAuthTutorial/getAccessToken”)
.build();

// Obtain the Request Token
System.out.println(“Fetching the Request Token…”);
Token requestToken = service.getRequestToken();
System.out.println(“Got the Request Token!”);
System.out.println();

System.out.println(“Now go and authorize Scribe here:”);
String authURL = service.getAuthorizationUrl(requestToken);
system.out.println(“authURL “+authURL);

HttpSession session = request.getSession(true);
session.setAttribute(“service”, service);
session.setAttribute(“requestToken”, requestToken);

response.sendRedirect(response.encodeRedirectURL(authURL));

 

Application screenshot.

Login Page

Login Page

On clicking the login button you will redirected to twitter authorize page, where enters twitter login and password and click authorize button.

Twitter Authorize Page

Twitter Authorize Page

 

Then twitter recognize our application call and redirect back to our application with user information in the response.

success page

Success Page

 

 

 

 

 


Post a Comment

Your email is never published nor shared. Required fields are marked *