I'm using a Trade Me API. Which requires OAuth access tokens according application registered with it. So i have got OAuth access tokens. I have URL of API, all the parameters and values. But I don't understand how to get started. It is obvious that I need to use access tokens but don't understand where and how to use them. As we cant pass them into URL.
I'm using this API :
http://developer.trademe.co.nz/api-reference/my-trade-me-methods/retrieve-your-sold-items/
At the bottom of the API documentation page you provided in your question, there is a Request Builder. This allows you to generate an API request by filling in the form provided and clicking Send Request.
If you were to capture the HTTP requet generated by the browser when you submit this form using an application such as Fidler, you could determine the correct format for the request, and then generate similarly formatted requests from within your own application.
You might also want to check out the OAuth page of the Trade Me Developer API reference which explains how OAuth authentication should be performed for the Trade Me API
Sorry I can't be of more direct assistance, as I'm not a Java developer.
Related
I'm working with a 3rd party REST service that requires retrieving a authorization code grant before issuing an access token. The code will be passed along with the client id and secret in order to retrieve that token. In order to get the code, you have to type the username and password in the form and click the allow button in order for the code to be generated in the redirect uri.
I don't think it's possible, but can this be done with Spring/Java purely using code and not having to go to the browser to retrieve the code?
Your 3rd party REST service needs to provide this functionality (and likely guidance in their API docs). If they do provide it....then yes you can do it entirely in your java code.
I have an android app which talks witha Node.js backend, via REST api. We use OAuth token received from Google for authorization, and we have agreed on the flow in which I use the token in HTTP request everytime I make a request.
So, which is the best practice to store the token ? -
a) Store the token in SharedPreference, and use the same SharedPrefrence in the activity that makes the network calls.
OR
b) Store it using a POJO, and use getters and setters to retrieve and clear the token.
I have just started off with network related mini projects in Android. And hence this could be a very basic question. Any help is really appreciated.
Thanks
How are you retrieving the token or doing Authorization?
If you are using GoogleAuthUtil or GoogleAccountCredential API's, the persistance of token is automatically managed by API's themselves.
You should not be required to do it manually.
See this question on which one to use:
Access to Google API - GoogleAccountCredential.usingOAuth2 vs GoogleAuthUtil.getToken()
I have created few rest services using jersey implementation.
In security concerns, service can invoke by any one. So I decided to use the token based authentication system.
I wrote one filter in spring security which handles every request before its hits the server.
One login service were created so user can invoke this service by passing the username and password for valid credentials it will generates the access token and expiry date and saves it in Hashmap and DB and returned as a response to the user.
For remaining services user have to pass the generated token in header to access the JAX-RS services.
All these process are coded by us i.e., generation,storage and expiration of the token.
Since we have some security API like oauth1,oauth2 in market is it good to provide the security for rest service by above mentioned way???
Is oauth api will suits my requirement . If it is please guide me how to achieve this ?
Please help me out with valuable suggestions ???
Thanks in advance.
We've been in a similiar position before starting with our rest api. The only difference we had no exisitng code. So basically we saw 2 choices
Run our own Tokenhandling, that what you already have
Use something existing, i.e. oauth2
Our main requirement was authentification via token and we prefered an existing solution. So we just run with oauth2 in form of spring-security-oauth2, even we are not using the whole self authorization stuff.
What i like and probably had missed in an own implementation is that a token generally identifies a user and a client combination and that clients can have rights too. Its nice to have this extra layer of security in our rest api, so i can block early on before even hitting one line of our code.
In form of spring-security-oauth2 its proven code, which works and like much of spring its customizable. Example: In our first version we did use the provided JdbcTokenstore for storing the token, but as requirements changed, we just coded our own and switched it in the config.
The disadvantage of using at least spring-security-oauth2 is that the whole authorization flow is normally webbased and needs communication between the client, the user and our app. As this would not work with our clients we had to trigger the token generation, etc ourselfs, which is doable with spring, but needed some code exploration :-)
If i had to build it again with java and where already using spring, i'd go with spring-security-oauth2 and the oauth way again. But when i had an existing working solution and dont need any of the oauth stuff i would keep the homegrown solution.
I'm a bit confused as to how to use Facebook's app access token with Spring Social.
I already have an app access token by making a GET request to:
http://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
I can't use (for reasons I don't want to discuss here) the standard Spring Social connection creation flow and I want to use this token (if possible).
My question is generally directed toward the GraphApi.
So in general can I use an app access token acquired via a standard GET to make requests to the Graph Api through Spring Social ?
Thanks,
There are very few things that the app access token can be used for. Most of the operations in the Graph API are for fetching user data and therefore you MUST obtain a user access token. The app access token you have will not work.
If you're planning to use your app access token to fetch a user's profile, see their friends list, or post to their timeline (or anything that pertains to a user), then you're out of luck. Imagine the chaos that would ensue if all you had to do to read and post on behalf of a user is obtain an app access token! You must get the user's permission for that kind of thing.
There are 3 ways to get a user access token: Authorization code grant (which is what Spring Social's ConnectController does and is most appropriate for traditional web applications), implicit grant (which is more appropriate for client-side Javascript), and resource owner credentials grant (which is most appropriate for mobile or desktop applications where doing a browser redirect is awkward, difficult, or impossible).
The app access token you have is only intended to consume API endpoints that are application-centric and do not pertain to any given user. There are a few such operations in Facebook's API, but the only one that immediately comes to mind is that you can use an app token to create test users (see https://developers.facebook.com/docs/test_users/).
Just as most of Facebook's API is user-centric, likewise is Spring Social's Facebook API binding. If, however, there's an app-centric operation that you'd like to see added to Spring Social, I'd appreciate it if you'd let me know at https://jira.springsource.org/browse/SOCIALFB.
first poster :)
As the title says, I am looking to create a desktop app which will notify me of changes on facebook and new emails, and the facebook part (the first part I've tried) is baffling me. I've never worked with an api before, and have no idea how to integrate facebook's api with this desktop helper I want to create. I will be using java to create this desktop helper.
Thanks in advance!
Here are few pointers for you to get started. Please feel free to ask for clarifications and I will edit my answer accordingly:
For facebook, you can actually pull all those info via their API. There are a lot of types for API, but Facebook specifically use REST API over http.
To simplify, think of it as making an http call with specific parameters and you will be getting an output back.
In order to use facebook API you need to understand their protocol including authentication/login and how to request for things that you want. This would require some reading to their documentation which is pretty complete and available at http://developers.facebook.com/docs/.
For the description of their API URL and the input/output documentation, you could directly jump to Graph API Documentation http://developers.facebook.com/docs/reference/api/.
In order to call their API via HTTP from Java, you could leverage HttpClient library from Apache Http Components project http://hc.apache.org/. They have plenty of tutorial and examples for how to make http call using HttpClient
For combining with all other emails accounts (per your question), you need to deal with SMTP or IMAP (whichever email protocol that you are planning to combine with Facebook). This is already built-in to Java via their Java Mail API collection
You then can poll this data on interval basis to get an update from Facebook and your mails
Once you have figured out how to get the data, the rest is just following a good MVC framework. That means separating out your presentation, data and controller (application logic). Make sure that you are separating the classes for #1 and #2 and each of them put their data to normalized data format that then get feed to your View (presentation layer)