Hi, I've developed a java OAuth library that it's intended to work out-of-the-box with LinkedIn (and many other OAuth APIs). It's called Scribe and you can find more info here. Lets see how we can use Scribe to get the network updates for the current user for example.
The library comes with 'specs' for each supported API. These are step-by-step guides (like this one) to see the OAuth dance in action. Feel free to run those if you want, they live under the org.scribe.specs package.
Step Zero: Install Scribe Go to the Downloads page and grab the jar. You also need to have apache-commons-codec in your classpath. 1st Step: Configuration Scribe's main object it's initialized using a .properties file, which provides the necessary information to make authenticated calls. The library comes with some predefined .properties files for most common APIs that you usually have to tweak a bit to fit your needs. Let's see LinkedIn's standard file:
consumer.key=Your consumer keyconsumer.secret=Your consumer secretrequest.token.verb=POSTrequest.token.url=https://api.linkedin.com/uas/oauth/requestTokenaccess.token.verb=POSTaccess.token.url=https://api.linkedin.com/uas/oauth/accessTokencallback.url=oobscribe.equalizer=org.scribe.eq.LinkedInEqualizer
Most of this is self-explanatory. You only need to change the consumer.key, consumer.secret and callback.url if you don't wanna use Out Of Band OAuth.
If you are curious about Scribe's Equalizers check this wikipage
Once you have your tuned properties, it's time to create the Scribe object 2nd Step: Creating Scribe's singleton object
Properties props = new Properties();FileInputStream fis = new FileInputStream("linkedin.properties");props.load(fis);Scribe scribe = Scribe.getInstance(props);
You have configured Scribe successfully 3rd Step: Get the Request Token This is easy, just do:
Token requestToken = scribe.getRequestToken();
The requestToken object has two methods: getToken() and getSecret(), they return the request_token and request_token_secret respectively. 4th Step: Authorize your Request Token Save the request_token_secret somewhere and go authenticate your request_token on the following URL:
https://api.linkedin.com/uas/oauth/authorize?oauth_token=<<copy your request_token here>>
Warning: It seems that LinkedIn is changing the authorization page, check this entry and stay tuned (the former URL is said to be supported for a while, but its better to be safe than sorry)
Here 2 things can happen:
- If you specified a callback URL, you'll be redirected there with the request_token and verifier as query-string parameters
- If you are doing an Out Of Band Request, you will see the verifier (a number) on the screen.
Either way grab the verifier and let's go get the access_token! 5th Step: Get the Access Token Now you should have:
- request_token: obtained in the scribe.getRequestToken() call
- request_token_secret: obtained in the scribe.getRequestToken() call
- verifier: obtained in step 4. Either by OOB or redirect
Warning: If you are missing one of this 3 things, please re-check previous steps.
It's time to change these for the access_token and access_token_secret, here we go:
Token requestToken = new Token("request_token", "request_token_secret");String verifier = "verifier";Token accessToken = scribe.getAccessToken(requestToken, verifier);
If everything is fine, accessToken will return your access_token and access_token_secret when you call getToken() and getSecret(), just like before. Last Step: Access the protected resource Enough authentication Now lets make the actual call:
Request request = new Request(Verb.GET, "http://api.linkedin.com/v1/people/~/network?count=50"); Token accessToken = new Token("access_token", "access_token_secret"); scribe.signRequest(request, accessToken);Response response = request.send(); //Do something with response.getBody()
Huray! We're done! Thanks for reading, hope this has helped you! Doubts? Comments? feel free to contact me via twitter. And happy hacking! -- Pablo Fernandez