/**
* Lookup information contained in the gadget spec.
*/
private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments,
AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
{
GadgetSpec spec = findSpec(securityToken, arguments, responseParams);
OAuthSpec oauthSpec = spec.getModulePrefs().getOAuthSpec();
if (oauthSpec == null)
{
throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
"Failed to retrieve OAuth URLs, spec for gadget " +
securityToken.getAppUrl() + " does not contain OAuth element.");
}
OAuthService service = oauthSpec.getServices()[arguments.getServiceName()];
if (service == null)
{
throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
"Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " +
arguments.getServiceName() + ". Known services: " +
String.Join(",", oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.');
}
// In theory some one could specify different parameter locations for request token and
// access token requests, but that's probably not useful. We just use the request token
// rules for everything.
accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams));
accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams));
OAuthServiceProvider provider = new OAuthServiceProvider(
service.getRequestUrl().url.ToString(),
service.getAuthorizationUrl().ToString(),
service.getAccessUrl().url.ToString());
return(provider);
}
/**
* Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages. To do
* this, we need to figure out:
*
* - what consumer key/secret to use for signing.
* - if an access token should be used for the request, and if so what it is. *
* - the OAuth request/authorization/access URLs.
* - what HTTP method to use for request token and access token requests
* - where the OAuth parameters are located.
*
* Note that most of that work gets skipped for signed fetch, we just look up the consumer key
* and secret for that. Signed fetch always sticks the parameters in the query string.
*/
public AccessorInfo getOAuthAccessor(ISecurityToken securityToken,
OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams)
{
AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder();
// Does the gadget spec tell us any details about the service provider, like where to put the
// OAuth parameters and what methods to use for their URLs?
OAuthServiceProvider provider = null;
if (arguments.mayUseToken())
{
provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams);
}
else
{
// This is plain old signed fetch.
accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY);
}
// What consumer key/secret should we use?
OAuthStore.ConsumerInfo consumer;
try
{
consumer = store.getConsumerKeyAndSecret(
securityToken, arguments.getServiceName(), provider);
accessorBuilder.setConsumer(consumer);
}
catch (GadgetException e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Unable to retrieve consumer key", e);
}
// Should we use the OAuth access token? We never do this unless the client allows it, and
// if owner == viewer.
if (arguments.mayUseToken() &&
securityToken.getOwnerId() != null &&
securityToken.getViewerId().Equals(securityToken.getOwnerId()))
{
lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
}
return(accessorBuilder.create(responseParams));
}
/**
* Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages. To do
* this, we need to figure out:
*
* - what consumer key/secret to use for signing.
* - if an access token should be used for the request, and if so what it is. *
* - the OAuth request/authorization/access URLs.
* - what HTTP method to use for request token and access token requests
* - where the OAuth parameters are located.
*
* Note that most of that work gets skipped for signed fetch, we just look up the consumer key
* and secret for that. Signed fetch always sticks the parameters in the query string.
*/
public AccessorInfo getOAuthAccessor(ISecurityToken securityToken,
OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams)
{
AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder();
// Does the gadget spec tell us any details about the service provider, like where to put the
// OAuth parameters and what methods to use for their URLs?
OAuthServiceProvider provider = null;
if (arguments.mayUseToken())
{
provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams);
}
else
{
// This is plain old signed fetch.
accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY);
}
// What consumer key/secret should we use?
OAuthStore.ConsumerInfo consumer;
try
{
consumer = store.getConsumerKeyAndSecret(
securityToken, arguments.getServiceName(), provider);
accessorBuilder.setConsumer(consumer);
}
catch (GadgetException e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Unable to retrieve consumer key", e);
}
// Should we use the OAuth access token? We never do this unless the client allows it, and
// if owner == viewer.
if (arguments.mayUseToken()
&& securityToken.getOwnerId() != null
&& securityToken.getViewerId().Equals(securityToken.getOwnerId()))
{
lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
}
return accessorBuilder.create(responseParams);
}
/**
* Lookup information contained in the gadget spec.
*/
private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments,
AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
{
GadgetSpec spec = findSpec(securityToken, arguments, responseParams);
OAuthSpec oauthSpec = spec.getModulePrefs().getOAuthSpec();
if (oauthSpec == null)
{
throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
"Failed to retrieve OAuth URLs, spec for gadget " +
securityToken.getAppUrl() + " does not contain OAuth element.");
}
OAuthService service = oauthSpec.getServices()[arguments.getServiceName()];
if (service == null)
{
throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
"Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " +
arguments.getServiceName() + ". Known services: " +
String.Join(",",oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.');
}
// In theory some one could specify different parameter locations for request token and
// access token requests, but that's probably not useful. We just use the request token
// rules for everything.
accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams));
accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams));
OAuthServiceProvider provider = new OAuthServiceProvider(
service.getRequestUrl().url.ToString(),
service.getAuthorizationUrl().ToString(),
service.getAccessUrl().url.ToString());
return provider;
}