我必须在Flickr上授权用户,所以我已经在Flickr上注册了我的应用程序并硬编码了key, secret和callbackUrl的值。现在,我正在使用scribe库,而不是强制用户复制并提交验证器,我想从回调url中获取参数frob。我全部用Java实现,使用servlet会话捕捉重定向。下面是代码:
public class FlickrAuth extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
OAuthService service = new ServiceBuilder().
provider(FlickrApi.class)
.apiKey(FLICKR_KEY)
.apiSecret(FLICKR_SECRET)
.callback("https://something.com/flickr")
.build();
Token requestToken = service.getRequestToken();
String authorizationUrl = service.getAuthorizationUrl(requestToken);
String url = authorizationUrl + "&perms=read";
//Make a request to the url
response.sendRedirect(url);
}
servlet回调是这样管理的:
public class FlickrCallback extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String code = request.getParameter("frob");
OAuthService service = new ServiceBuilder().
provider(FlickrApi.class)
.apiKey(FLICKR_KEY)
.apiSecret(FLICKR_SECRET)
.callback(https://something.com/flickr)
.build();
Token requestToken = service.getRequestToken();
Verifier verifier = new Verifier(code);
Token accessToken = service.getAccessToken(requestToken, verifier);
}
当我尝试构建验证器时,服务器引发此异常:
java.lang.IllegalArgumentException: Must provide a valid string as verifier
似乎重定向没有frob参数。但回调是正确的,并正确注册在Flick应用程序..有人能帮我吗?
谢谢!
我目前有scriscribe与Flickr OAuth工作,在比较你有什么,我注意到几个问题:
1) frob
在旧的认证流程中使用,在OAuth中不使用。在OAuth流中,您需要在回调参数中查找"oauth_verifier"。
//change
String code = request.getParameter("frob");
//to
String code = request.getParameter(OAuthConstants.VERIFIER); //oauth_verifier
2)你应该使用原始的requestToken从OAuthAuth获得你的accessToken,而不是你得到一个新的requestToken
public class FlickrAuth extends HttpServlet {
...
//after you get the initial requestToken, save it (e.g. session, database,..)
Token requestToken = service.getRequestToken();
request.getSession().setAttribute("some key", requestToken);
public class FlickrCallback extends HttpServlet {
...
//later you will need that original requestToken
Token savedRequestToken = request.getSession().getAttribute("some key");
Verifier verifier = new Verifier(code); //from request param oauth_verifier
Token accessToken = service.getAccessToken(savedRequestToken, verifier);