Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
klerisson
Posts: 78
Registered: ‎12-03-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

Hey Kevin!

 

So:

- getTwitterMessage() it is just method to translate HTTP response codes (200, 401, ... ) into a friendly message to show on screen.

 

- PreferencesStore is a persistent store just to record and keep saved the token and secret token in order to use then in others inquiries.

 

- concatUrl() has the bellow body. Anyway it's just to replace comma into ampersand and to add the question mark.

 

public static String concatURL(String url, String header){
	String newurl=url;
	header = header.replace(',', '&');
	newurl = newurl+"?"+header;
	return newurl;
}

 Finally, the Const class just contains fixed informations in order to perform some the OAuth authentication process. All about Twitter is bellow:

 

 

        public static final String consumerKey = "your consumer key";
	public static final String consumerSecret = "your consumer secret";
	public static String token = null;
	public static String tokenSecret = null;	
	public static final String REQUEST_TOKEN_URL = "http://twitter.com/oauth/request_token";
	public static final String AUTHORIZE_URL = "http://twitter.com/oauth/authorize?oauth_token=";
	public static final String ACCESS_TOKEN_URL = "http://twitter.com/oauth/access_token"; 
	public static final String SIGNATURE_METHOD = "HMAC-SHA1";
	public static String STATUS = "status";
	public static String INREPLY = "in_reply_to_status_id";
	
	public static final String OAUTH_CONSUMER_KEY = "oauth_consumer_key";
	public static final String OAUTH_SIGNATURE_METHOD = "oauth_signature_method";
	public static final String OAUTH_SIGNATURE = "oauth_signature";
	public static final String OAUTH_TIMESTAMP = "oauth_timestamp";
	public static final String OAUTH_TOKEN = "oauth_token";
	public static final String OAUTH_NONCE = "oauth_nonce";
	public static final String OAUTH_VERSION = "oauth_version";
	public static final String OAUTH_TOKEN_SECRET = "oauth_token_secret";

 

 

As you realized the code must be improved. There are a plenty of replicated variables, loops and method calls. I advise you to read the OAuth specification.

 

Hoping to help you, see you!

 

--
Feel free to press the kudos button on the left side to thank the user that helped you.
Please mark posts as solved if you found a solution.
Developer
behrk2
Posts: 367
Registered: ‎11-25-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

[ Edited ]

klerrison-

 

Thanks for your help, again. To start, I have tested out your code with:

 

 

package com.thesis.netflix;

import java.io.IOException;
import java.net.URISyntaxException;

import net.oauth.OAuthException;

public class tester3 {

public static void main(String[] args) {
OAuth oauth = new OAuth();
oauth.requestToken();
}
}

 I am receiving the following error:

 

 

Exception in thread "main" java.lang.UnsatisfiedLinkError: net.rim.device.api.crypto.RandomSource.getLong()J
at net.rim.device.api.crypto.RandomSource.getLong(Native Method)
at com.thesis.netflix.OAuth.nonce(OAuth.java:34)
at com.thesis.netflix.OAuth.oauth_header(OAuth.java:104)
at com.thesis.netflix.OAuth.requestToken(OAuth.java:46)
at com.thesis.netflix.tester3.main(tester3.java:12)

 

If I try changing nonce() to:

 

 

private static String nonce() {
		return "4572616e48616d6d65724c61686176";
	}

 

 

Then I will recieve a similar, but different error:

 

 

Exception in thread "main" java.lang.UnsatisfiedLinkError: net.rim.device.api.util.Arrays.sort([Ljava/lang/Object;Lnet/rim/device/api/util/Comparator;)V
	at net.rim.device.api.util.Arrays.sort(Native Method)
	at com.thesis.netflix.OAuth.signature(OAuth.java:171)
	at com.thesis.netflix.OAuth.oauth_header(OAuth.java:118)
	at com.thesis.netflix.OAuth.requestToken(OAuth.java:46)
	at com.thesis.netflix.tester3.main(tester3.java:12)

 

 

 

Have you ever seen that before? Also, one other question. I have modified your Const class to the following:

 

 

package com.thesis.netflix;

import java.util.Date;

import net.rim.device.api.crypto.RandomSource;

public class Const {

public static final String consumerKey = "************************";
public static final String consumerSecret = "***********";
public static String token = null;
public static String tokenSecret = null;
public static final String REQUEST_TOKEN_URL = "http://api.netflix.com/oauth/request_token";
public static final String AUTHORIZE_URL = "https://api-user.netflix.com/oauth/login";
public static final String ACCESS_TOKEN_URL = "http://api.netflix.com/oauth/access_token";
public static final String SIGNATURE_METHOD = "HMAC-SHA1";
public static String STATUS = "status";
public static String INREPLY = "in_reply_to_status_id";

public static final String OAUTH_CONSUMER_KEY = "oauth_consumer_key";
public static final String OAUTH_SIGNATURE_METHOD = "oauth_signature_method";
public static final String OAUTH_SIGNATURE = "oauth_signature";
public static final String OAUTH_TIMESTAMP = "oauth_timestamp";
public static final String OAUTH_TOKEN = "oauth_token";
public static final String OAUTH_NONCE = "oauth_nonce";
public static final String OAUTH_VERSION = "oauth_version";
public static final String OAUTH_TOKEN_SECRET = "oauth_token_secret";
}

 

 

Is there a difference between variables prefaced with OAUTH_? For instance, I put my actual consumer key in the "consumerKey" variable. Am I supposed to be modifying the OAUTH_CONSUMER_KEY variable? Or leave it set to the current string it is assigned?

 

Thanks...

 

Developer
klerisson
Posts: 78
Registered: ‎12-03-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

Hey Kevin!

 

I never faced this exception before and I have no clue how to sort it out.

 

Make sure that you had imported the right library, for instance: the net.rim.device.api.crypto.RandomSource. If you get this exception on the device remember to sign the code otherwise it will not run. In addition, make sure that you are requesting the http connection in other thread instead of the main application thread.

 

About the nonce, for each request the nonce value must have to be different according to OAuth specification. If you repeat the nonce value you will get a Unauthorized Http code.

 

The static final variables prefaced with "OAUTH" are just constants, as you must know. You are not supposed to change those values. They are used to build the Http GET request header.

 

Regards,

Klerisson

--
Feel free to press the kudos button on the left side to thank the user that helped you.
Please mark posts as solved if you found a solution.
Developer
behrk2
Posts: 367
Registered: ‎11-25-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

[ Edited ]

Hi klerrison:

 

Here is my latest update:

 

I got my new set of signature keys from RIM. I have integrated the OAuth code with an existing "Hello World" BlackBerry application that I wrote. I am running the following:

 

OAuth.requestToken();

 

...which is returning a "401" code. However, I temporarily have requestToken returning "requestTokenUrl" instead of "responseCode". I want to visit the URL to see if I get to a Netflix Authorization page.

 

When trying to visit the URL:

 

http://api.netflix.com/oauth/request_token?oauth_consumer_key=5xpsty524wuc2pkkmz2ne3qf&oauth_nonce=2...)

 

It says, "Invalid Signature"...

 

It seems that the format should be:

 

http://term.ie/oauth/example/request_token.php?oauth_version=1.0&oauth_nonce=1968626cd316618cc4415f5...

 

So, do I just need to change around the order of the oauth_*'s in the final url?

Developer
klerisson
Posts: 78
Registered: ‎12-03-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

Hey!!!

I do not believe that the parameters order is your problem... take a look at http://oauth.net/core/1.0a/#anchor13 

The parameters must be sorted according to OAuth specification Revision A.

 

If are receiving http code 401 it means that you sent an invalid Consumer Key and/or invalid/expired Token and/or invalid signature and/or invalid/used nonce. Take a look at http://oauth.net/core/1.0a/#http_codes

 

Keep going man!

 

--
Feel free to press the kudos button on the left side to thank the user that helped you.
Please mark posts as solved if you found a solution.
Developer
behrk2
Posts: 367
Registered: ‎11-25-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

[ Edited ]

klerrison-

 

I am still trying to identify the issue here. Just to recap:

 

Upon calling OAuth.requestToken(), I receive a 401 error for "Invalid Signature". I know that my comsumer key and timestamp are all correct.

 

After running requestToken()...

 

requestTokenUrl =

 

http://api.netflix.com/oauth/request_token?
oauth_consumer_key=5xpsty524wuc2pkkmz2ne3qf
&oauth_nonce=3639308062007938790
&oauth_signature=RxM8vElGvxcNzDEoR0%2bqtAuHcdY%3d
&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=1263510134

&oauth_version=1.0

 

But, it should look like this (according to Netflix):

 

http://api.netfix.com/oauth/request_token?
oauth_callback=http%3A%2F%2Fwww.example.com%2Fcallback
&oauth_consumer_key=1234567890123456789012345
&oauth_nonce=60a3f1c4a18c2a68d8cb216f46bceb4ad7dff32e
&oauth_signature=SB%2BjBrcHkQRgMP8XKVyps3rw6Xo%3D
&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=1255631744
&oauth_version=1.0

 

The only differences I see are that the nonce I am generating is shorter than the one generated in the Netflix example. Also, it seems that I do not have a oauth_callback. I'm not sure what that is supposed to be. Do you think these factors could be the cause for an invalid signature?

 

Also, after running requestToken(), I notice that:

 

Const.token =""

Const.tokenSecret = ""

 

At this point, shouldn't Const.token and Const.tokenSecret have values?

 

Also, please correct me if I am wrong...I need to run requestToken() first, and then accessToken() second, right?

 

Where in your code (if anywhere) does the AUTHORIZE_URL come into play?

 

Thanks!

 

Kevin

New Developer
ennova2005
Posts: 96
Registered: ‎07-26-2008
My Device: Not Specified

Re: OAuth / OAuth workaround?

Be aware that if you are using a MDS/BES then the MDS appears to cache the Authorization:  HTTP header which breaks the handshake initially and you will get a 401. 

 

We didnt have enough resources to troubleshoot the issue so we moved to specifying the parameters in  HTTP GET and got around the issues.

 

 

Developer
behrk2
Posts: 367
Registered: ‎11-25-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

Hi ennova2005,

 

I was wondering if you could be more specific about what you mean. Sorry - I'm a little new at this.

 

Are you talking about specifying the header parameters (URL and method) in the HTTP GET? By HTTP GET are you referring to HttpProtocolConstants.HTTP_METHOD_GET?

 

Thanks...

New Developer
ennova2005
Posts: 96
Registered: ‎07-26-2008
My Device: Not Specified

Re: OAuth / OAuth workaround?

 

I am paraphrasing from my developer colleague who raninto this issue.

 

There are different ways to pass the information that  OAuth needs to work. It can be passed in http headers ( usually the preferred default) as well as as HTTP GET or POST parameters.

 

When using HTTP headers, part of the OAuth handshake depends on changing values in the Authorization: header in the HTTP protocol.  ( See http://oauth.net/core/1.0a/ for details if interested)

 

We have seen when we are using the BES/MDS, the destination OAuth server does not seem to like the Authorization header send via the  MDS ( while the same code works fine when used  with TCP Direct or WiFI so we know the code is not the issue)

 

We suspect that it is because the MDS is caching the Authorization:  header ( there is documentation elsewhere that the MDS helps the user by caching the authorization).

 

We dont control the remote server so we did not have true traces on that end to see what was happening.

 

We switched from using http  header based handshake of OAuth to passing the params using HTTP GET and the problem went away.

 

 

This may only be an issue if you are also routing through the BES/MDS - if not you should ignore it.

 

 

 

Developer
klerisson
Posts: 78
Registered: ‎12-03-2009
My Device: Not Specified

Re: OAuth / OAuth workaround?

Hey Kevin!

Sorry to be late! But I got some days off here...

 

So, you ask about the invalid signature error that you are facing: The signature calculation is based on your parameters and if one of then is missing or wrong your signature will be fairly wrong. Take a look at http://oauth.net/core/1.0a/#signing_process

 

After request the token you will receive the token and the secret. Remember that both will be exchanged after you request the access token. Read http://oauth.net/core/1.0a/#anchor41 

 

If you still getting 401 you are not even get the first token and secret.

 

Finally, about the callback parameter take a look at http://oauth.net/core/1.0a/#anchor9

 

See you!

--
Feel free to press the kudos button on the left side to thank the user that helped you.
Please mark posts as solved if you found a solution.