org.eclipse.lyo.server.oauth.core.token

Interface TokenStrategy

All Known Implementing Classes:

SimpleTokenStrategy

public interface TokenStrategy

Manages and validates OAuth tokens and token secrets. SimpleTokenStrategy is a basic implementation, but you can implement this interface to generate and validate OAuth tokens your own way.

Author:

Samuel Padgett

Method Summary

Modifier and Type	Method and Description
void	generateAccessToken(OAuthRequest oAuthRequest) Generates an access token and token secret and sets it in the accessor in the OAuthRequest.
void	generateRequestToken(OAuthRequest oAuthRequest) Generates a request token and token secret and sets it in the accessor in the OAuthRequest.
String	generateVerificationCode(javax.servlet.http.HttpServletRequest httpRequest, String requestToken) Generates an "unguessable" OAuth verification code.
String	getCallback(javax.servlet.http.HttpServletRequest httpRequest, String requestToken) Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows.
String	getTokenSecret(javax.servlet.http.HttpServletRequest httpRequest, String token) Gets the token secret for token to validate signatures.
boolean	isRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest, String requestToken) Checks with the request token has been authorized by the end user.
void	markRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest, String requestToken) Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.
void	validateAccessToken(OAuthRequest oAuthRequest) Validates that the access token is valid, throwing an exception if not.
String	validateRequestToken(javax.servlet.http.HttpServletRequest httpRequest, net.oauth.OAuthMessage message) Validates that the request token is valid, throwing an exception if not.
void	validateVerificationCode(OAuthRequest oAuthRequest) Validates that the verification code is recognized and associated with the request token.

Method Detail

generateRequestToken

void generateRequestToken(OAuthRequest oAuthRequest)
                   throws net.oauth.OAuthException,
                          IOException

Generates a request token and token secret and sets it in the accessor in the OAuthRequest.

Parameters:

oAuthRequest - the OAuth request

Throws:

IOException - on errors reading from the request message

net.oauth.OAuthException - on OAuth problems

See Also:

OAuthRequest.getAccessor()

validateRequestToken

String validateRequestToken(javax.servlet.http.HttpServletRequest httpRequest,
                            net.oauth.OAuthMessage message)
                     throws net.oauth.OAuthException,
                            IOException

Validates that the request token is valid, throwing an exception if not. Returns the consumer key so that the authorization page can display information about the consumer. The token strategy must track what request tokens belong to what consumers since the consumer key is not guaranteed to be in the request.

Parameters:

httpRequest - the HTTP request

message - the OAuth message

Returns:

the consumer key associated with the request

Throws:

net.oauth.OAuthException - if the tokens are not valid

IOException - on I/O errors

getCallback

String getCallback(javax.servlet.http.HttpServletRequest httpRequest,
                   String requestToken)
            throws net.oauth.OAuthException

Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows. Returns null if the consumer did not specify a callback when asking for a request token.

Parameters:

httpRequest - the HTTP request

requestToken - the request token

Returns:

the callback URL

Throws:

net.oauth.OAuthException - on OAuth problems

markRequestTokenAuthorized

void markRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest,
                                String requestToken)
                         throws net.oauth.OAuthException

Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.

Parameters:

httpRequest - the servlet request

requestToken - the request token string

Throws:

net.oauth.OAuthException - if the token is not valid

See Also:

isRequestTokenAuthorized(HttpServletRequest, String)

isRequestTokenAuthorized

boolean isRequestTokenAuthorized(javax.servlet.http.HttpServletRequest httpRequest,
                                 String requestToken)
                          throws net.oauth.OAuthException

Checks with the request token has been authorized by the end user.

Parameters:

httpRequest - the servlet request

requestToken - the request token

Returns:

answers if the request token is authorized and can be exchanged for an access token

Throws:

net.oauth.OAuthException - on OAuth problems

See Also:

#markRequestTokenAuthorized(HttpServletRequest, OAuthAccessor)

generateVerificationCode

String generateVerificationCode(javax.servlet.http.HttpServletRequest httpRequest,
                                String requestToken)
                         throws net.oauth.OAuthException

Generates an "unguessable" OAuth verification code. The consumer must supply the verification code when exchanging the request token for an access token. This is specific to OAuth 1.0a.

Parameters:

httpRequest - the HTTP request

requestToken - the request token

Returns:

a verification code

Throws:

net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)

validateVerificationCode

void validateVerificationCode(OAuthRequest oAuthRequest)
                       throws net.oauth.OAuthException,
                              IOException

Validates that the verification code is recognized and associated with the request token. This must be called before the request token is exchanged for the access token in an OAuth 1.0a authentication flow.

Parameters:

oAuthRequest - the OAuth request

Throws:

net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)

IOException - on I/O errors

generateAccessToken

void generateAccessToken(OAuthRequest oAuthRequest)
                  throws net.oauth.OAuthException,
                         IOException

Generates an access token and token secret and sets it in the accessor in the OAuthRequest. Clears any request tokens set.

Parameters:

oAuthRequest - the OAuth request

Throws:

net.oauth.OAuthException - on OAuth problems

IOException - on I/O errors

See Also:

OAuthRequest.getAccessor()

validateAccessToken

void validateAccessToken(OAuthRequest oAuthRequest)
                  throws net.oauth.OAuthException,
                         IOException

Validates that the access token is valid, throwing an exception if not.

Parameters:

oAuthRequest - the OAuth request

Throws:

net.oauth.OAuthException - if the token is invalid

IOException - on I/O errors

getTokenSecret

String getTokenSecret(javax.servlet.http.HttpServletRequest httpRequest,
                      String token)
               throws net.oauth.OAuthException

Gets the token secret for token to validate signatures.

Parameters:

httpRequest - the HTTP request

token - the token string, either a request token or access token

Returns:

the token secret

Throws:

net.oauth.OAuthException - on OAuth problems (e.g., the token is invalid)