SignedRequest4J is a Java library supporting OAuth 1.0 signing and verifying.
This library supports sending OAuth 1.0 signed HTTP requests and verifying the signature of requests.
With SignedRequest4J, it's so simple to execute 2-legged or 3-legged OAuth 1.0 signed HTTP requests.
-
Service Provider, Consumer
-
a.k.a Signed Fetch, Phone Home in the OpenSocial community
-
OAuth Consumer Request 1.0 Draft 1
http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/1/spec.html
Consumer Provider
| |
| consumer_key |
| [consumer_secret] |
| |
| ---(HTTP)----------------> | <<Verify the signature>>
| Authorization header | Authorization header
| | consumer_key
| | [consumer_secret]
| |
| <----------------(HTTP)--- | <Valid>
| 200 OK |
| |
| <----------------(HTTP)--- | <Invalid>
| 401 Unauthorized |
| |
-
Service Provider, Consumer, User
-
The term "OAuth" mostly means 3-legged OAuth
-
OAuth Core 1.0
-
RFC 5849: The OAuth 1.0 Protocol
User Consumer Provider
| | |
| ------------> | token |
| | [token_secret] |
| | |
| | consumer_key |
| | [consumer_secret] |
| | |
| | ---(HTTP)----------------> | <<Verify the signature>>
| | Authorization header | Authorization header
| | | token
| | | [token_secret]
| | | consumer_key
| | | [consumer_secret]
| | |
| | <----------------(HTTP)--- | <Valid>
| | 200 OK |
| | |
| | <----------------(HTTP)--- | <Invalid>
| | 401 Unauthorized |
| <------------ | |
| | |
<dependencies>
<dependency>
<groupId>com.github.seratch</groupId>
<artifactId>signedrequest4j</artifactId>
<version>2.14</version>
</dependency>
</dependencies>import com.github.seratch.signedrequest4j.*;
OAuthConsumer consumer = new OAuthConsumer("consumer_key", "consumer_secret");
SignedRequest twoLeggedOAuthRequest = SignedRequestFactory.create(consumer);OAuthConsumer consumer = new OAuthConsumer("consumer_key", "consumer_secret");
OAuthAccessToken accessToken = new OAuthAccessToken("token", "token_secret");
SignedRequest threeLeggedOAuthRequest = SignedRequestFactory.create(consumer, accessToken);import java.util.HashMap;
import java.util.Map;
Map<String, Object> additionalParams = new HashMap<String, Object>();
additionalParams.put("xoauth_requestor_id", "[email protected]");
SignedRequest signedRequest2 = SignedRequestFactory.create(consumer, additionalParams);
SignedRequest signedRequest3 = SignedRequestFactory.create(consumer, accessToken, additionalParams);SignedRequest signedRequest2 = SignedRequestFactory.create(consumer, SignatureMethod.HMAC_SHA1);SignedRequest signedRequest = SignedRequestFactory.create(consumer, SignatureMethod.RSA_SHA1);
signedRequest.setRsaPrivateKeyValue("-----BEGIN RSA PRIVATE KEY-----\n...");SignedRequest signedRequest = SignedRequestFactory.create(consumer, SignatureMethod.PLAINTEXT);String Url = "http://example.com/";
HttpMethod method = HttpMethod.GET;
String nonce = "nonce_value";
long timestamp = 1272026745L;
String signature = signedRequest.getSignature(url, method, nonce, timestamp);
// -> "K7OrQ7UU+k94LnaezxFs4jBBekc="HttpResponse response = signedRequest.doGet("http://example.com/", "UTF-8");
response.getStatusCode(); // -> int
response.getHeaders(); // -> Map<String, String>
response.getBody(); // -> byte[]
response.getTextBody(); // -> StringMap<String, Object> requestParameters = new HashMap<String, Object>();
requestParameters.put("something", "updated");
HttpResponse response = signedRequest.doPost("http://example.com/", requestParameters, "UTF-8");or
byte[] body = "abc".getBytes();
String contentType = "text/plain";
RequestBody reuestBody = new RequestBody(body, contentType);
HttpResponse response = signedRequest.doPost("http://example.com/", reuestBody, "UTF-8");String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");
boolean isValid = SignedRequestVerifier.verify(
url,
queryString,
authorizationHeader,
consumer,
HttpMethod.GET,
SignatureMethod.HMAC_SHA1);or
String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");
Map<String, String> formParams = new HashMap<String, String>();
formParams.put("fizz", "buzz");
boolean isValid = SignedRequestVerifier.verifyPOST(
url,
queryString,
authorizationHeader,
consumer,
SignatureMethod.HMAC_SHA1,
formParams);String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");
OAuthAccessToken accessToken = new OAuthAccessToken("token", "token_secret");
boolean isValid = SignedRequestVerifier.verify(
url,
queryString,
authorizationHeader,
consumer,
accessToken,
HttpMethod.GET,
SignatureMethod.HMAC_SHA1);or
String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");
OAuthAccessToken accessToken = new OAuthAccessToken("token", "token_secret");
Map<String, String> formParams = new HashMap<String, String>();
formParams.put("fizz", "buzz");
boolean isValid = SignedRequestVerifier.verifyPOST(
url,
queryString,
authorizationHeader,
consumer,
accessToken,
SignatureMethod.HMAC_SHA1,
formParams);
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent