String verifier = request.getParameter("oauth_verifier");
if (!StringUtils.hasText(verifier)) {
// First phase: get a request token
OAuth1Operations ops = getConnectionFactory().getOAuthOperations();
String returnToUrl = buildReturnToUrl(request);
OAuthToken requestToken = ops.fetchRequestToken(returnToUrl, null);
request.getSession().setAttribute(OAUTH_TOKEN_ATTRIBUTE, requestToken);
// Redirect to the service provider for authorization
OAuth1Parameters params;
if (ops.getVersion() == OAuth1Version.CORE_10) {
params = new OAuth1Parameters();
params.setCallbackUrl(returnToUrl);
} else {
params = OAuth1Parameters.NONE;
}
throw new SocialAuthenticationRedirectException(ops.buildAuthenticateUrl(requestToken.getValue(), params));
} else {
// Second phase: request an access token
OAuthToken requestToken = extractCachedRequestToken(request);
if (requestToken == null) {
logger.warn("requestToken unavailable for oauth_verifier");
return null;
}
OAuthToken accessToken = getConnectionFactory().getOAuthOperations().exchangeForAccessToken(new AuthorizedRequestToken(requestToken, verifier), null);
// TODO avoid API call if possible (auth using token would be fine)
Connection<S> connection = getConnectionFactory().createConnection(accessToken);
return new SocialAuthenticationToken(connection, null);
}
}