Accessing Web Sources - Beginning Java Programming: The Object-Oriented Approach

Java Reference

In-Depth Information

https://api.twitter.com/1.1/statuses/home_timeline.json in your browser, and you'll get

the following response:

{"errors":[{"message":"Bad Authentication data","code":215}]}

Clearly, Twitter requires you to perform some additional steps before you can access its REST ser-

vice. However, you can see already that Twitter does not return XML-formatted responses, but

instead uses JSON, another notation to structure documents. You will see how to deal with parsing

JSON soon.

Now take a look at setting up OAuth authentication to access the Twitter service. Even without

knowing it, you might be familiar with OAuth if you've accessed Twitter—or services such as

Facebook—before. Whenever you see a pop‐up in your browser asking you if you want to grant a

third‐party application access to your Twitter information, OAuth is under the hood. Every OAuth

authentication basically involves these three steps:

1.

Get a “request token,” which is a temporary identifier shared between your application and

the service that will be used to authorize an access token.

2.

Ask the user to identify and allow access, basically indicates that this “request token” has

been granted access.

3.

If the user authorizes access, an “access token” can be given to the requesting application,

which is requested using the request token. Once this is done, the request token is discarded

and the access token is used for following requests.

The documentation of Twitter's REST service also provides excellent documentation regarding

OAuth. Take a look at https://dev.twitter.com/docs/auth/3-legged-authorization

and https://dev.twitter.com/docs/auth/authorizing-request . The latter mentions that

normally, you would be able to send a REST HTTP POST request like this to post a tweet:

POST /1/statuses/update.json?include_entities=true HTTP/1.1

Accept: */*

Connection: close

User-Agent: OAuth gem v0.4.4

Content-Type: application/x-www-form-urlencoded

Content-Length: 76

Host: api.twitter.com

status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21

However, this request would be considered invalid, since Twitter would not know which applica-

tion makes the request, for which user the request is being posed, if the user is allowed to post this

tweet, and whether the request has been tampered with. A valid request thus needs to look like

this:

POST /1/statuses/update.json?include_entities=true HTTP/1.1

Accept: */*

Connection: close

User-Agent: OAuth gem v0.4.4

Search WWH ::

Custom Search

Home