/** * Lookup information contained in the gadget spec. */ private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments, AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams) { GadgetSpec spec = findSpec(securityToken, arguments, responseParams); OAuthSpec oauthSpec = spec.getModulePrefs().getOAuthSpec(); if (oauthSpec == null) { throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "Failed to retrieve OAuth URLs, spec for gadget " + securityToken.getAppUrl() + " does not contain OAuth element."); } OAuthService service = oauthSpec.getServices()[arguments.getServiceName()]; if (service == null) { throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " + arguments.getServiceName() + ". Known services: " + String.Join(",", oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.'); } // In theory some one could specify different parameter locations for request token and // access token requests, but that's probably not useful. We just use the request token // rules for everything. accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams)); accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams)); OAuthServiceProvider provider = new OAuthServiceProvider( service.getRequestUrl().url.ToString(), service.getAuthorizationUrl().ToString(), service.getAccessUrl().url.ToString()); return(provider); }
/** * Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages. To do * this, we need to figure out: * * - what consumer key/secret to use for signing. * - if an access token should be used for the request, and if so what it is. * * - the OAuth request/authorization/access URLs. * - what HTTP method to use for request token and access token requests * - where the OAuth parameters are located. * * Note that most of that work gets skipped for signed fetch, we just look up the consumer key * and secret for that. Signed fetch always sticks the parameters in the query string. */ public AccessorInfo getOAuthAccessor(ISecurityToken securityToken, OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams) { AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder(); // Does the gadget spec tell us any details about the service provider, like where to put the // OAuth parameters and what methods to use for their URLs? OAuthServiceProvider provider = null; if (arguments.mayUseToken()) { provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams); } else { // This is plain old signed fetch. accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY); } // What consumer key/secret should we use? OAuthStore.ConsumerInfo consumer; try { consumer = store.getConsumerKeyAndSecret( securityToken, arguments.getServiceName(), provider); accessorBuilder.setConsumer(consumer); } catch (GadgetException e) { throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM, "Unable to retrieve consumer key", e); } // Should we use the OAuth access token? We never do this unless the client allows it, and // if owner == viewer. if (arguments.mayUseToken() && securityToken.getOwnerId() != null && securityToken.getViewerId().Equals(securityToken.getOwnerId())) { lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams); } return(accessorBuilder.create(responseParams)); }
/** * Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages. To do * this, we need to figure out: * * - what consumer key/secret to use for signing. * - if an access token should be used for the request, and if so what it is. * * - the OAuth request/authorization/access URLs. * - what HTTP method to use for request token and access token requests * - where the OAuth parameters are located. * * Note that most of that work gets skipped for signed fetch, we just look up the consumer key * and secret for that. Signed fetch always sticks the parameters in the query string. */ public AccessorInfo getOAuthAccessor(ISecurityToken securityToken, OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams) { AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder(); // Does the gadget spec tell us any details about the service provider, like where to put the // OAuth parameters and what methods to use for their URLs? OAuthServiceProvider provider = null; if (arguments.mayUseToken()) { provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams); } else { // This is plain old signed fetch. accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY); } // What consumer key/secret should we use? OAuthStore.ConsumerInfo consumer; try { consumer = store.getConsumerKeyAndSecret( securityToken, arguments.getServiceName(), provider); accessorBuilder.setConsumer(consumer); } catch (GadgetException e) { throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM, "Unable to retrieve consumer key", e); } // Should we use the OAuth access token? We never do this unless the client allows it, and // if owner == viewer. if (arguments.mayUseToken() && securityToken.getOwnerId() != null && securityToken.getViewerId().Equals(securityToken.getOwnerId())) { lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams); } return accessorBuilder.create(responseParams); }
/** * Lookup information contained in the gadget spec. */ private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments, AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams) { GadgetSpec spec = findSpec(securityToken, arguments, responseParams); OAuthSpec oauthSpec = spec.getModulePrefs().getOAuthSpec(); if (oauthSpec == null) { throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "Failed to retrieve OAuth URLs, spec for gadget " + securityToken.getAppUrl() + " does not contain OAuth element."); } OAuthService service = oauthSpec.getServices()[arguments.getServiceName()]; if (service == null) { throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " + arguments.getServiceName() + ". Known services: " + String.Join(",",oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.'); } // In theory some one could specify different parameter locations for request token and // access token requests, but that's probably not useful. We just use the request token // rules for everything. accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams)); accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams)); OAuthServiceProvider provider = new OAuthServiceProvider( service.getRequestUrl().url.ToString(), service.getAuthorizationUrl().ToString(), service.getAccessUrl().url.ToString()); return provider; }