I've just pushed out a new open source java OAuth library because I couldn't find one that did what I needed. My key requirement was simplicity. I didn't like the idea of using the library for HTTP stuff and there is no reason I should. Once I've obtained the Access Token all I'm doing with oAuth is signing my requests. I want to use HttpClient directly and only use the oAuth library to sign the message for various reasons not the least of which being that I already have a HttpClient object setup in my IoC container. The closest I found was signpost but it wasn't very IoC friendly or thread-safe which meant every time I wanted to make a call I'd have to create new objects, or at the very least call a bunch of methods to set them up which highlights the third problem, there were no clear objects that I could store for later. The library I've just release is a fork of the signpost code, that's now thread-safe and should be more IoC friendly. You create your method calls as you would normally, and just before you call HttpClient.execute(HttpMethod) simply call OAuthConsumer.sign(HttpMethod, AccessToken);. I've added a few new objects that handle most of the work. Service, RequestToken and AccessToken are all beans that you pass to a consumer depending on what you want to do. Starting with a Service you call
Service service = new Service(); service.setRequestTokenUrl("http://twitter.com/oauth/request_token"); service.setAccessTokenUrl("http://twitter.com/oauth/access_token"); service.setConsumerKey("b8sA385mBBNqOTD6Omlsw"); service.setSharedSecret("MD4Sve6AdaDasjdvOAsbpAJsA87S8s64e5rE4"); service.setMessageSigner(new PlainTextMessageSigner()); service.setSigningStrategy(new AuthorizationHeaderSigningStrategy()); RequestToken requestToken = oAuthConsumer.getRequestToken(twitter);
You'll have to send the user off to twitter to check their credentials. When they come back they'll be given a verifier set it and trade the request token for an access token
requestToken.setVerifier(verifier): AccessToken accessToken = oAuthConsumer.getAccessToken(requestToken);
Now you can store the accessToken to use later, when you want to simply setup your http method as you would normally.
HttpUriRequest request... // do your HttpClient stuff here oAuthConsumer.sign(request, accessToken); HttpResponse response = httpClient.execute(request);
There is also code in there for the Jetty HttpClient, but it's a bit rough and I haven't used it. Have play with it and let me know what you think. UPDATE: Forgot to link to it... Dumb. It's on GitHub here.