All geek questions in one place

Logging in via Twitter OAuth does not remember authorization

I am writing a web application and have just realized that a user can log in via Twitter using spring -social- (core / twitter).

However, Twitter is acting weird. After the initial authentication / authorization, every time I send a user to Twitter for authentication, Twitter offers to allow my expression again. I looked at the connected Twitter profile. My application is there and allowed correctly (in my case, for read access).

I have no case for requesting additional permissions. All my needs of the application are read access (an authorization dialog confirms this).

I use OAuth1Operations (returned by TwitterConnectionFactory ) to dance OAuth and store the resulting connection in the database. My interface is written using Wicket 1.5.

I can get around this behavior by simply re-authorizing my application again and again when I want to log in via Twitter, but this is a big nuisance. Does anyone know what I'm missing here?

Here is my code:

 TwitterConnectionFactory connectionFactory = (TwitterConnectionFactory) connectionFactoryLocator.getConnectionFactory(Twitter.class); String callbackUrl = [...]; if (pageParameters.get("oauth_token").isNull() || pageParameters.get("oauth_verifier").isNull()) { MultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>(); params.add("x_auth_access_type", "read"); OAuthToken token = connectionFactory.getOAuthOperations().fetchRequestToken(callbackUrl, params); String url = connectionFactory.getOAuthOperations().buildAuthorizeUrl(token.getValue(), OAuth1Parameters.NONE); getSession().setAttribute("twitter_token", token); setResponsePage(new RedirectPage(url)); } else { String token = pageParameters.get("oauth_token").toString(); String verifier = pageParameters.get("oauth_verifier").toString(); OAuthToken previousToken = (OAuthToken) getSession().getAttribute("twitter_token"); if (previousToken.getValue().equals(token)) { AuthorizedRequestToken authorizedRequestToken = new AuthorizedRequestToken(previousToken, verifier); OAuthToken accessToken = connectionFactory.getOAuthOperations().exchangeForAccessToken(authorizedRequestToken, null); Connection<Twitter> connection = connectionFactory.createConnection(accessToken); } }
+4
source share
1 answer

I have found a solution! This is also described in detail here: A simple authorization from Oauth requesting credentials every time

The problem was that I specifically asked Twitter to allow my application every time. Replacement:

 String url = connectionFactory.getOAuthOperations().buildAuthorizeUrl(token.getValue(), OAuth1Parameters.NONE);

from

 String url = connectionFactory.getOAuthOperations().buildAuthenticateUrl(token.getValue(), OAuth1Parameters.NONE);

solves the problem! Calling an authentication URL only requests authorization if the application is not already authorized.

+3
source

Source: https://habr.com/ru/post/1416152/

More articles:


All Articles