Category: OAuth

How to Generate OAuth Signature for twitter in core JAVA

Twitter.com provides an API for developers to interact with twitter data in their own application,products and services. the twitter API.
is basically a webservice. A developer has to log in or sing up with the twitter platform,register for an API key for his/her application
and use that key to drive interaction on behalf of an authenticated user. visit twitter API Documentation for lmore information on how to utilize the offered service.

Twitter uses OAuth 1.0 Protocol to authenticate API calls of third party applications. OAuth Authentication in twitter API describe how the authentication flow should be.

In this post i’m going to describe how to generate the oauth_signature for twitter request according to The OAuth 1.0 Protocol Section 3.4 Signature in Core Java(mainly for JAVA 1.4 or higher).
The oauth_signature parameter is generated by applying a signing algorithm on all the other request parameters and two secret values.This signature is used for below purposes.

  1. To verify the request has not been modified in transit.
  2. To verify the application sending the request.
  3. To verify that the application is authorized to interact with the resource owner’s account.

Here are the steps of oauth_signature generation algorithm for twitter.

Step 1: Collecting the request method and URL
The first step is to determine the HTTP method and Base URL of the request. For twitter, the HTTP method will either be GET or POST.
The base URL is construced by removing any query string or hash parameters from the URL to which the request is directed. For example consider the following URL which is used as a GET request.

Read More

OAuth authentication

The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.

An example use case is allowing printing service printer.example.com (the Consumer), to access private photos stored on photos.example.net (the Service Provider) without requiring Users to provide their photos.example.net credentials to printer.example.com.


Authenticating with OAuth

OAuth authentication is the process in which Users grant access to their Protected Resources without sharing their credentials with the Consumer. OAuth uses Tokens generated by the Service Provider instead of the User’s credentials in Protected Resources requests.

Read More