The OAuth Administration Steps
This blog takes a look at the setup steps necessary for this hypothetical application to become OAuth compliant and when I say “setup steps”, at this stage I’m merely talking about a boring administration step that you must complete, but don’t worry as there isn’t that much to it.
Before you can get hold of that prized Access Token, you have to get the SaaS provider, such as Twitter, to give your app permission to request the token from its OAuth server. To do this you need to:
- Setup a user account with the SaaS provider. Most people already have their own Twitter, Facebook or Sina Weibo account, but in this case you generally need to create one on behalf your company or client.
- Once you have an account you need to go to the appropriate page and find the link that usually says something like “Create new App”. Although it’s not usually put in these terms, what you’re actually doing is registering your application as a user of the SaaS providers OAuth service and what you get in return is something like a user name and password for your app. The application’s username is generally referred to as a key whilst its password is referred to as a secret; however different SaaS providers use slightly different names. For example: Facebook calls them the App ID / App Key and App Secret; Twitter calls them the Consumer Key and Consumer Secret; and Sina Weibo calls them the App Key and App Secret.
Sample Facebook App ID: 669df6cc9b11c3226b2f3e31b083acb2 Sample Facebook App Secret: 516af1d8f60e8f6364fddca8f0bc46bf
The app key is used to identify your application to the SaaS’s OAuth server, whilst the app secret is used to verify an authorization code that’s part of the OAuth 2 process, but more on that later.
Finally, just as a reference, you can use the links below to register your application with the following providers.
- Facebook: https://developers.facebook.com/apps
- Twitter: https://dev.twitter.com/apps/new
- Sina Weibo: http://open.weibo.com/apps
- LinkedIn: https://www.linkedin.com/secure/developer
...and there's still more to come on OAuth and Spring Social...
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)