Package com.google.api.client.auth.oauth (1.34.0)

com.google.api.client.util.Beta
OAuth 1.0 authorization as specified in RFC 5849: The OAuth 1.0 Protocol (see detailed package specification).

There are a few features not supported by this implementation:

  • PLAINTEXT signature algorithm
  • "application/x-www-form-urlencoded" HTTP request body
  • "oauth_*" parameters specified in the HTTP request URL (instead assumes they are specified in the Authorization header)

Before using this library, you may need to set up your application as follows:

  1. For web applications, you may need to first register your application with the authorization server. It may provide two pieces of information you need:
    • OAuth Consumer Key: use this as the consumerKey on every OAuth request, for example in com.google.api.client.auth.oauth.AbstractOAuthGetToken#consumerKey.
    • OAuth Consumer Secret: use this as the com.google.api.client.auth.oauth.OAuthHmacSigner#clientSharedSecret when using the "HMAC-SHA1" signature method.
  2. For an installed application, an unregistered web application, or a web application running on localhost, you must use the "HMAC-SHA1" signature method. The documentation for the authorization server will need to provide you with the consumerKey and clientSharedSecret to use.
  3. For the "HMAC-SHA1" signature method, use com.google.api.client.auth.oauth.OAuthHmacSigner.
  4. For the "RSA-SHA1" signature method, use com.google.api.client.auth.oauth.OAuthRsaSigner.

After the set up has been completed, the typical application flow is:

  1. Request a temporary credentials token from the Authorization server using com.google.api.client.auth.oauth.OAuthGetTemporaryToken. A callback URL should be specified for web applications, but does not need to be specified for installed applications.
  2. Direct the end user to an authorization web page to allow the end user to authorize the temporary token using using com.google.api.client.auth.oauth.OAuthAuthorizeTemporaryTokenUrl.
  3. After the user has granted the authorization:
    • For web applications, the user's browser will be redirected to the callback URL which may be parsed using com.google.api.client.auth.oauth.OAuthCallbackUrl.
    • For installed applications, see the authorization server's documentation for figuring out the verification code.
  4. Request to exchange the temporary token for a long-lived access token from the Authorization server using com.google.api.client.auth.oauth.OAuthGetAccessToken. This access token must be stored.
  5. Use the stored access token to authorize HTTP requests to protected resources by setting the com.google.api.client.auth.oauth.OAuthParameters#token and using com.google.api.client.auth.oauth.OAuthParameters as the com.google.api.client.http.HttpRequestInitializer.

Classes

AbstractOAuthGetToken

Beta
Generic OAuth 1.0a URL to request a temporary or long-lived token from an authorization server.

OAuthAuthorizeTemporaryTokenUrl

Beta
OAuth 1.0a URL builder for an authorization web page to allow the end user to authorize the temporary token.

The #temporaryToken should be set from the OAuthCredentialsResponse#token returned by OAuthGetTemporaryToken#execute(). Use #build() to build the authorization URL. If a OAuthGetTemporaryToken#callback was specified, after the end user grants the authorization, the authorization server will redirect to that callback URL. To parse the response, use OAuthCallbackUrl.

OAuthCallbackUrl

Beta
Generic URL that parses the callback URL after a temporary token has been authorized by the end user.

The #verifier is required in order to exchange the authorized temporary token for a long-lived access token in OAuthGetAccessToken#verifier.

OAuthCredentialsResponse

Beta
Data to parse a success response to a request for temporary or token credentials.

OAuthGetAccessToken

Beta
Generic OAuth 1.0a URL to request to exchange the temporary credentials token (or "request token") for a long-lived credentials token (or "access token") from an authorization server.

Use #execute() to execute the request. The long-lived access token acquired with this request is found in OAuthCredentialsResponse#token . This token must be stored. It may then be used to authorize HTTP requests to protected resources by using OAuthParameters.

OAuthGetTemporaryToken

Beta
Generic OAuth 1.0a URL to request a temporary credentials token (or "request token") from an authorization server.

Use #execute() to execute the request. The temporary token acquired with this request is found in OAuthCredentialsResponse#token. This temporary token is used in OAuthAuthorizeTemporaryTokenUrl#temporaryToken to direct the end user to an authorization page to allow the end user to authorize the temporary token.

OAuthHmacSha256Signer

OAuth "HMAC-SHA256" signature method.

OAuthHmacSigner

Beta
OAuth "HMAC-SHA1" signature method.

OAuthParameters

Beta
OAuth 1.0a parameter manager.

The only required non-computed fields are #signer and #consumerKey. Use #token to specify token or temporary credentials.

Sample usage, taking advantage that this class implements HttpRequestInitializer:

public static HttpRequestFactory createRequestFactory(HttpTransport transport) { OAuthParameters parameters = new OAuthParameters(); // ... return transport.createRequestFactory(parameters); }

If you have a custom request initializer, take a look at the sample usage for HttpExecuteInterceptor, which this class also implements.

OAuthRsaSigner

Beta
OAuth "RSA-SHA1" signature method.

The private key may be loaded using the utilities in SecurityUtils.

Interfaces

OAuthSigner

Beta
OAuth signature method.