问题
This is in continuation of a question posted by me on LinkedIn Job Posting API implementation in Java. I'm new to this OAuth based authentication of posting Jobs and am also learning as well during this process. Please bear with me if my questions are very basic/naive.
Am trying to use JOAuth library for OAuth authentication and post jobs to LinkedIn. I'm using OAuth2 calls. I've the following questions with JOAuth library:
- In the example shown at the JOAuth link, how do I get Request Token for LinkedIn? I don't find any statement for requesting Request Token. But I could see
consumer.generateRequestAuthorizationUrl(ResponseType.CODE, redirectUri, null, (String[])null)); - If I want to use oob based callback redirection, then what do I need to pass/set in
redirectUri? - If everything is successful and if I've the Access Token, how do I finally submit/send my Job data XML at http://api.linkedin.com/v1/jobs?
回答1:
You're confused. LinkedIn uses OAuth 1 protocol and not OAuth 2 protocols. Here's how you would do Oauth 1 authorization to/with LinkedIn.
If you're creating a Web application, under WEB-INF folder, create a oauth-config.xml file and have a configuration similar to this:
<?xml version="1.0" encoding="UTF-8"?>
<oauth-config>
<!-- LinkedIn OAuth Config -->
<oauth name="linkedIn" version="1">
<consumer key="API_KEY" secret="API_SECRET" />
<provider requestTokenUrl="https://api.linkedin.com/uas/oauth/requestToken" authorizationUrl="https://api.linkedin.com/uas/oauth/authorize" accessTokenUrl="https://api.linkedin.com/uas/oauth/accessToken" />
</oauth>
<service path="/authorize_ready" class="com.neurologic.example.LinkedInOAuthService" oauth="linkedIn">
<success path="/start.htm" />
</service>
</oauth-config>
LinkedIn uses OAuth version 1 (hence the version).
Under your WEB-INF\web.xml, add the following:
<servlet>
<description>An OAuth Servlet Controller</description>
<display-name>OAuthServlet</display-name>
<servlet-name>OAuthServlet</servlet-name>
<servlet-class>com.neurologic.oauth.servlet.OAuthServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/oauth-config.xml</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>OAuthServlet</servlet-name>
<url-pattern>/oauth/*</url-pattern>
</servlet-mapping>
Now, we need to create a service that will receive the authorized token from Linked In.
package com.neurologic.example;
import javax.servlet.http.HttpServletRequest;
import net.oauth.signature.OAuthSignature;
import net.oauth.signature.impl.OAuthHmacSha1Signature;
import net.oauth.token.v1.AccessToken;
import net.oauth.token.v1.RequestToken;
import com.neurologic.oauth.service.impl.OAuth1Service;
/**
* @author Buhake Sindi
* @since 31 May 2011
*
*/
public class LinkedInOAuthService extends OAuth1Service {
public static final String LINKED_IN_REQUEST_TOKEN_SESSION = "LINKED_IN_REQUEST_TOKEN_SESSION";
public static final String LINKED_IN_ACCESS_TOKEN_SESSION = "LINKED_IN_ACCESS_TOKEN_SESSION";
/* (non-Javadoc)
* @see com.neurologic.oauth.service.impl.OAuth1Service#getOAuthSignature()
*/
@Override
protected OAuthSignature getOAuthSignature() {
// TODO Auto-generated method stub
return new OAuthHmacSha1Signature();
}
/* (non-Javadoc)
* @see com.neurologic.oauth.service.impl.OAuth1Service#getRealm()
*/
@Override
protected String getRealm() {
// TODO Auto-generated method stub
return null;
}
/* (non-Javadoc)
* @see com.neurologic.oauth.service.impl.OAuth1Service#getRequestToken(javax.servlet.http.HttpServletRequest)
*/
@Override
protected RequestToken getRequestToken(HttpServletRequest request) {
// TODO Auto-generated method stub
return (RequestToken) request.getSession().getAttribute(LINKED_IN_REQUEST_TOKEN_SESSION);
}
/* (non-Javadoc)
* @see com.neurologic.oauth.service.OAuthService#saveAccessToken(javax.servlet.http.HttpServletRequest, java.lang.Object)
*/
@Override
public void saveAccessToken(HttpServletRequest request, AccessToken accessToken) {
// TODO Auto-generated method stub
request.getSession().setAttribute(LINKED_IN_ACCESS_TOKEN_SESSION, accessToken);
}
}
Now, use the following example:
package com.neurologic.example;
import net.oauth.consumer.OAuth1Consumer;
import net.oauth.exception.OAuthException;
import net.oauth.provider.OAuth1ServiceProvider;
import net.oauth.signature.impl.OAuthHmacSha1Signature;
import net.oauth.token.v1.AccessToken;
import net.oauth.token.v1.AuthorizedToken;
import net.oauth.token.v1.RequestToken;
/**
* @author Buhake Sindi
* @since 14 June 2011
*
*/
public class LinkedInExample {
private static final String LINKEDIN_API_URL = "https://api.linkedin.com";
private static final String API_KEY = "";
private static final String API_SECRET = "";
private static final String CALLBACK_URL = "http://localhost:8080/myapp/oauth/authorize_ready";
private OAuth1Consumer consumer;
/**
*
*/
public LinkedInExample() {
super();
// TODO Auto-generated constructor stub
consumer = new OAuth1Consumer(API_KEY, API_SECRET, new OAuth1ServiceProvider(LINKEDIN_API_URL + "/uas/oauth/requestToken", LINKEDIN_API_URL + "/uas/oauth/authorize", LINKEDIN_API_URL + "/uas/oauth/accessToken"));
}
public RequestToken requestUnauthorizedRequestToken() throws OAuthException {
return consumer.requestUnauthorizedToken(null, CALLBACK_URL, null, new OAuthHmacSha1Signature());
}
public String getAuthorizationUrl(RequestToken token) throws OAuthException {
return consumer.createOAuthUserAuthorizationUrl(token, null);
}
public AccessToken requestAccessToken(AuthorizedToken authorizedToken, RequestToken token) throws OAuthException {
return consumer.requestAccessToken(null, authorizedToken, token.getTokenSecret(), new OAuthHmacSha1Signature());
}
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
LinkedInExample example = new LinkedInExample();
RequestToken rt = example.requestUnauthorizedRequestToken();
//Now that we have request token, let's authorize it....
String url = example.getAuthorizationUrl(rt);
//Copy the URL to your browser and make sure that OAuth 1 Servlet is running....
} catch (OAuthException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
As you can see, the CALLBACK_URL is set to point to the OAuth Servlet configured to JOAuth, as you'll receive an Authorized Token.
You must make sure that you return the unauthorized request token back to the service on the RequestToken getRequestToken(HttpServletRequest request) method as you'll need it to retrieve the access token.
The service saveAccessToken() method is called when LinkedIn returns an access token. You can log to verify if the access token is returned.
Once you have an access token, you can use a LinkedIn API and Post Jobs using the Access Token. JOAuth is designed to retrieve access tokens only and not communicate with other APIs that exists.
回答2:
To clarify a few things:
1) These are two-legged OAuth 1.0a calls. You don't need to do the OAuth dance. 2) These is no need for oob or anything like this. 3) You generate the Authorization header using the OAuth library of your choice and send an HTTP POST.
Here is a quick start: http://developer.linkedin.com/docs/DOC-1299
This being said, I will repeat again that this is a closed program, so unless you are on a special whitelisted set of partners, your calls will fail even if you solve all the above.
Furthermore, there is additional authorization necessary of your application by a job poster within their LinkedIn account to make your request succeed and related data needs to be in the XML POST body.
Based on the amount of questions you've had about this, if you are a whitelisted partner, please follow up with the LinkedIn Jobs API team, and we'll arrange for additional assistance.
来源:https://stackoverflow.com/questions/6340298/using-joauth-library-to-post-jobs-in-linkedin