Thanks. That clarified it for me. Got it working fine now. Gero
On May 29, 6:31 pm, Abraham Williams <4bra...@gmail.com> wrote: > You get an access token once per user and save it to make all authenticate > requests. You don't need to get a new access token for each API request. > > Abraham > > > > > > On Sat, May 29, 2010 at 04:55, Gero <gero.verm...@gmail.com> wrote: > > Hi, > > > I'm having some fights with the Scribe java Library and using oauth to > > post updates to Twitter form GAE. Setup: > > - Scribe 0.6.6 > > - Scala 2.7.7 > > - running on Google App Engine (same behavior with local dev_appserver > > of GAE) > > > I have 2 servlets: > > > The OAuthAuthorizationServlet does the initial steps to set up oAuth > > and redirects to Twitter. It also puts requestToken en > > requestTokenSecret on the session such that the can be used in the > > callback. > > > val session = req.getSession(true) > > session.setMaxInactiveInterval(-1) > > > val scribe = Scribe.getInstance(props) > > val requestToken = scribe.getRequestToken() > > > session.setAttribute("oauth-token", requestToken.getToken) > > session.setAttribute("oauth-tokenSecret", > > requestToken.getSecret) > > > resp.sendRedirect("http://api.twitter.com/oauth/authorize? > > oauth_token=" + requestToken.getToken) > > > The above parts seems to work fine, redirects to Twitter, user > > approves the authorization request and then Twitter redirects to my > > OAuthCallbackServlet with the code below. > > The problem now is that the second update request to Twitter always > > fails with a 401 "Invalid / expired Token" on the call > > "val accessToken3 = scribe.getAccessToken(new Token(token, > > tokenSecret), oaverifier)" > > > I've also tried to used the token/tokenSecret/oaverifier in a separate > > servlet to execute it, but that also results in an error. So I've got > > the feeling that I'm doing something structurally wrong. When the user > > has approved the oauth request on Twitter, > > - What do you need to capture in the callback servlet so that you'll > > be able to do following post (later in time) without having the user > > to approve again? > > - What calls do you have to make? I'm now only creating an > > accessToken, but do I also have to create a requestToken? > > > val scribe = Scribe.getInstance(props) > > val session = req.getSession(false) > > > // token and tokenSecret are put on the session by the > > OAuthAuthorizationServlet above > > val token = session.getAttribute("oauth- > > token").asInstanceOf[String] > > val tokenSecret = session.getAttribute("oauth- > > tokenSecret").asInstanceOf[String] > > val oaverifier = req.getParameter("oauth_verifier") > > > // Post update test 1 <============= This first update works > > fine > > val accessToken2 = scribe.getAccessToken(new Token(token, > > tokenSecret), oaverifier) > > val request2 = new Request(Verb.POST, "http://twitter.com/ > > statuses/update.xml") > > request2.addBodyParameter("status", "test update" + > > System.currentTimeMillis) > > scribe.signRequest(request2, accessToken2) > > logger.fine("Request headers: " + request2.getHeaders) > > logger.fine("Request body: " + request2.getBodyContents) > > > val response2 = request2.send() > > logger.fine("Response headers: " + response2.getHeaders) > > logger.fine("Response body: " + response2.getBody) > > val statusCode2 = response2.getCode() > > resp.getOutputStream.println("<br/>Status code httpclient post : > > " + statusCode2) > > val body2 = response2.getBody() > > resp.getOutputStream.println("<br/>body httpclient post : " + > > body2) > > // EO Post update test 1 > > > // Try to do a second update using the same credentials > > <=========== this update always fails, unless > > // I use the same access token as in the previous test > > (accessToken2) > > > // Next line results in the 401 error. > > val accessToken3 = scribe.getAccessToken(new Token(token, > > tokenSecret), oaverifier) > > val request3 = new Request(Verb.POST, "http://twitter.com/ > > statuses/update.xml") > > request3.addBodyParameter("status", "test update" + > > System.currentTimeMillis) > > > // If I don't use accessToken3 here, but instead the earlier > > created accessToken2 it does work. > > // But I also want to be able to post updates later, based > > on the captured credentials, so that does not really help. > > scribe.signRequest(request3, accessToken3) > > > val response3 = request3.send() > > logger.fine("Response headers: " + response2.getHeaders) > > logger.fine("Response body: " + response2.getBody) > > val statusCode3 = response3.getCode() > > resp.getOutputStream.println("<br/>Status code httpclient > > post : " + statusCode3) > > val body3 = response3.getBody() > > resp.getOutputStream.println("<br/>body httpclient post : " > > + body3) > > > The scribe.properties file is as follows (XXXXXXX are dummy's of > > course...): > > consumer.key=XXXXXXXXX > > consumer.secret=XXXXXXXXXX > > request.token.verb=POST > > request.token.url=https://api.twitter.com/oauth/request_token > > access.token.verb=POST > > access.token.url=https://api.twitter.com/oauth/access_token > > #callback.url=http://kivanotify.appspot.com/oauth-callback > > callback.url=http://localhost:8080/oauth-callback > > > Any help/clarification is appreciated. > > > Gero > > -- > Abraham Williams | Developer for hire |http://abrah.am > @abraham |http://projects.abrah.am|http://blog.abrah.am > This email is: [ ] shareable [x] ask first [ ] private.