Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / security

OAuth using Scribe with Yahoo API

0.00/5 (No votes)
31 May 2011Apache 18.2K  
This is in sequence of my previous post but now with Yahoo...

This is sequence of my previous post but now with Yahoo.

I have downloaded Scribe example source code to get authenticated with Yahoo. But the default example was not working. After several hours of research, I found out that the author had forgotten to send a request to Yahoo APIs to get a GUID, which is in turn used to get user profile data. I have modified the code to fix that and here is the working code.

Java
package org.scribe.examples;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Scanner;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;

import org.scribe.builder.ServiceBuilder;
import org.scribe.builder.api.YahooApi;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
import org.scribe.model.Token;
import org.scribe.model.Verb;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

public class YahooExample {
	private static String PROTECTED_RESOURCE_URL = 
		"http://social.yahooapis.com/v1/user/GUID/profile?format=json";

	public static void main(String[] args) {
		OAuthService service = new ServiceBuilder()
				.provider(YahooApi.class)
				.apiKey("dj0yJmk9TXZDWVpNVVdGaVFmJmQ9WVdrOWMweHZXbkZLT
				khVbWNHbzlNVEl5TWprd05qUTJNZy0tJnM9Y29uc3VtZXJzZWNyZX
				QmeD0wMw--")
				.apiSecret("262be559f92a2be20c4c039419018f2b48cdfce9")
				.build();
		Scanner in = new Scanner(System.in);

		System.out.println("=== Yahoo's OAuth Workflow ===");
		System.out.println();

		// Obtain the Request Token
		System.out.println("Fetching the Request Token...");
		Token requestToken = service.getRequestToken();
		System.out.println("Got the Request Token!");
		System.out.println();

		System.out.println("Now go and authorize Scribe here:");
		System.out.println(service.getAuthorizationUrl(requestToken));
		System.out.println("And paste the verifier here");
		System.out.print(">>");
		Verifier verifier = new Verifier(in.nextLine());
		System.out.println();

		// Trade the Request Token and Verfier for the Access Token
		System.out.println("Trading the Request Token for an Access Token...");
		Token accessToken = service.getAccessToken(requestToken, verifier);
		System.out.println("Got the Access Token!");
		System.out.println("(if your curious it looks like this: "
				+ accessToken + " )");
		System.out.println();

		// Now let's go and ask for a protected resource!
		System.out.println("Now we're going to access a protected resource...");
		OAuthRequest request1 = new OAuthRequest(Verb.GET,
				"http://social.yahooapis.com/v1/me/guid?format=xml");
		service.signRequest(accessToken, request1);
		Response response1 = request1.send();
		System.out.println("Got it! Lets see what we found...");
		System.out.println();
		System.out.println(response1.getCode());
		System.out.println(response1.getBody());

		PROTECTED_RESOURCE_URL = PROTECTED_RESOURCE_URL.replaceAll("GUID",
				parseYahooGUIDResposne(response1.getBody()));
		System.out.println("PROTECTED_RESOURCE_URL    "
				+ PROTECTED_RESOURCE_URL);
		// Now let's go and ask for a protected resource!
		System.out.println("Now we're going to access a protected resource...");
		OAuthRequest request = new OAuthRequest(Verb.GET,
				PROTECTED_RESOURCE_URL);
		service.signRequest(accessToken, request);
		request.addHeader("realm", "yahooapis.com");
		Response response = request.send();
		System.out.println("Got it! Lets see what we found...");
		System.out.println();
		System.out.println(response.getCode());
		System.out.println(response.getBody());

		System.out.println();
		System.out
			.println("Thats it man! Go and build something 
			awesome with Scribe! <img src="http://s2.wp.com/wp-includes/
			images/smilies/icon_smile.gif" alt=":)" class="wp-smiley" /> ");
	}

	/**
	 *
	 */
	private static String parseYahooGUIDResposne(String data) {
		// get the factory
		DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

		try {

			// Using factory get an instance of document builder
			DocumentBuilder db = dbf.newDocumentBuilder();

			// parse using builder to get DOM representation of the XML file
			Document dom = db.parse(new ByteArrayInputStream
					(data.getBytes()));

			Element rootElement = dom.getDocumentElement();
			return getGUID(rootElement);

		} catch (ParserConfigurationException pce) {
			pce.printStackTrace();
		} catch (SAXException se) {
			se.printStackTrace();
		} catch (IOException ioe) {
			ioe.printStackTrace();
		}
		return null;
	}

	/**
	 * I take an employee element and read the values in, create
	 * an Employee object and return it
	 */
	private static String getGUID(Element guidEl) {

		// for each <employee> element get text or int values of
		// name ,id, age and name
		String name = getTextValue(guidEl, "value");
		// System.out.println("Name:   "+name);

		return name;
	}

	/**
	 * I take a xml element and the tag name, look for the tag and get
	 * the text content
	 * i.e for <?xml version="1.0" encoding="utf-8"?>
	 * <guid xmlns="http://social.yahooapis.com/v1/schema.rng"
	 * xmlns:yahoo="http://www.yahooapis.com/v1/base.rng"
	 * yahoo:uri="http://social.yahooapis.com/v1/me/guid">
	 * <value>4QWOBUCQHETEL34LSRUKJEV5W4</value></guid> xml snippet if
	 * the Element points to employee node and tagName is 'name' I will return John
	 */
	private static String getTextValue(Element ele, String tagName) {
		String textVal = null;
		NodeList nl = ele.getElementsByTagName(tagName);
		if (nl != null && nl.getLength() > 0) {
			Element el = (Element) nl.item(0);
			textVal = el.getFirstChild().getNodeValue();
		}

		return textVal;
	}

	/**
	 * Calls getTextValue and returns a int value
	 */
	private static int getIntValue(Element ele, String tagName) {
		// in production application you would catch the exception
		return Integer.parseInt(getTextValue(ele, tagName));
	}
}

In my next post, I will provide a sample web app where OAuth is used to authenticate with Yahoo/Google/Facebook.

Enjoy networking.

License

This article, along with any associated source code and files, is licensed under The Apache License, Version 2.0