Package org.eclipse.lyo.server.oauth.core.token

Interface TokenStrategy

  • All Known Implementing Classes:
    SimpleTokenStrategy
    public interface TokenStrategy
    Manages and validates OAuth tokens and token secrets. SimpleTokenStrategy is a basic implementation, but you can implement this interface to generate and validate OAuth tokens your own way.
    Author:
    Samuel Padgett

    • Method Detail

      • generateRequestToken

        void generateRequestToken​(OAuthRequest oAuthRequest)
                   throws net.oauth.OAuthException,
                          IOException
        Generates a request token and token secret and sets it in the accessor in the OAuthRequest.
        Parameters:
        oAuthRequest - the OAuth request
        Throws:
        IOException - on errors reading from the request message
        net.oauth.OAuthException - on OAuth problems
        See Also:
        OAuthRequest.getAccessor()

      • validateRequestToken

        String validateRequestToken​(HttpServletRequest httpRequest,
                            net.oauth.OAuthMessage message)
                     throws net.oauth.OAuthException,
                            IOException
        Validates that the request token is valid, throwing an exception if not. Returns the consumer key so that the authorization page can display information about the consumer. The token strategy must track what request tokens belong to what consumers since the consumer key is not guaranteed to be in the request.
        Parameters:
        httpRequest - the HTTP request
        message - the OAuth message
        Returns:
        the consumer key associated with the request
        Throws:
        net.oauth.OAuthException - if the tokens are not valid
        IOException - on I/O errors

      • getCallback

        String getCallback​(HttpServletRequest httpRequest,
                   String requestToken)
            throws net.oauth.OAuthException
        Gets the OAuth callback associated with this consumer for OAuth 1.0a authentication flows. Returns null if the consumer did not specify a callback when asking for a request token.
        Parameters:
        httpRequest - the HTTP request
        requestToken - the request token
        Returns:
        the callback URL
        Throws:
        net.oauth.OAuthException - on OAuth problems

      • markRequestTokenAuthorized

        void markRequestTokenAuthorized​(HttpServletRequest httpRequest,
                                String requestToken)
                         throws net.oauth.OAuthException
        Indicates that a user has typed in a valid ID and password, and that the request token can now be exchanged for an access token.
        Parameters:
        httpRequest - the servlet request
        requestToken - the request token string
        Throws:
        net.oauth.OAuthException - if the token is not valid
        See Also:
        isRequestTokenAuthorized(HttpServletRequest, String)

      • isRequestTokenAuthorized

        boolean isRequestTokenAuthorized​(HttpServletRequest httpRequest,
                                 String requestToken)
                          throws net.oauth.OAuthException
        Checks with the request token has been authorized by the end user.
        Parameters:
        httpRequest - the servlet request
        requestToken - the request token
        Returns:
        answers if the request token is authorized and can be exchanged for an access token
        Throws:
        net.oauth.OAuthException - on OAuth problems
        See Also:
        markRequestTokenAuthorized(HttpServletRequest, String)

      • generateVerificationCode

        String generateVerificationCode​(HttpServletRequest httpRequest,
                                String requestToken)
                         throws net.oauth.OAuthException
        Generates an "unguessable" OAuth verification code. The consumer must supply the verification code when exchanging the request token for an access token. This is specific to OAuth 1.0a.
        Parameters:
        httpRequest - the HTTP request
        requestToken - the request token
        Returns:
        a verification code
        Throws:
        net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)

      • validateVerificationCode

        void validateVerificationCode​(OAuthRequest oAuthRequest)
                       throws net.oauth.OAuthException,
                              IOException
        Validates that the verification code is recognized and associated with the request token. This must be called before the request token is exchanged for the access token in an OAuth 1.0a authentication flow.
        Parameters:
        oAuthRequest - the OAuth request
        Throws:
        net.oauth.OAuthException - on OAuth problems (e.g., the request token is invalid)
        IOException - on I/O errors

      • generateAccessToken

        void generateAccessToken​(OAuthRequest oAuthRequest)
                  throws net.oauth.OAuthException,
                         IOException
        Generates an access token and token secret and sets it in the accessor in the OAuthRequest. Clears any request tokens set.
        Parameters:
        oAuthRequest - the OAuth request
        Throws:
        net.oauth.OAuthException - on OAuth problems
        IOException - on I/O errors
        See Also:
        OAuthRequest.getAccessor()

      • validateAccessToken

        void validateAccessToken​(OAuthRequest oAuthRequest)
                  throws net.oauth.OAuthException,
                         IOException
        Validates that the access token is valid, throwing an exception if not.
        Parameters:
        oAuthRequest - the OAuth request
        Throws:
        net.oauth.OAuthException - if the token is invalid
        IOException - on I/O errors

      • getTokenSecret

        String getTokenSecret​(HttpServletRequest httpRequest,
                      String token)
               throws net.oauth.OAuthException
        Gets the token secret for token to validate signatures.
        Parameters:
        httpRequest - the HTTP request
        token - the token string, either a request token or access token
        Returns:
        the token secret
        Throws:
        net.oauth.OAuthException - on OAuth problems (e.g., the token is invalid)