问题
I am trying to access the github api(https://api.github.com/user) as mentioned in scribe library example (https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/GitHubExample.java)
which return me this authorization url
https://github.com/login/oauth/authorize?response_type=code&client_id=156d37xxxxxxxxx&redirect_uri=http%3A%2F%2Flocalhost%3A8282%2FReportsServer%2Fsuccessful.jsp&state=secret846593
but now i have to give the authorization code as mentioned in above link example
final Scanner in = new Scanner(System.in, "UTF-8");
System.out.println("=== " + NETWORK_NAME + "'s OAuth Workflow ===");
System.out.println();
// Obtain the Authorization URL
System.out.println("Fetching the Authorization URL...");
final String authorizationUrl = service.getAuthorizationUrl();
System.out.println("Got the Authorization URL!");
System.out.println("Now go and authorize ScribeJava here:");
System.out.println(authorizationUrl);
System.out.println("And paste the authorization code here");
System.out.print(">>");
final String code = in.nextLine();
System.out.println();
System.out.println("And paste the state from server here. We have set 'secretState'='" + secretState + "'.");
System.out.print(">>");
final String value = in.nextLine();
if (secretState.equals(value)) {
System.out.println("State value does match!");
} else {
System.out.println("Ooops, state value does not match!");
System.out.println("Expected = " + secretState);
System.out.println("Got = " + value);
System.out.println();
}
// Trade the Request Token and Verfier for the Access Token
System.out.println("Trading the Request Token for an Access Token...");
final OAuth2AccessToken accessToken = service.getAccessToken(code);
System.out.println("Got the Access Token!");
System.out.println("(The raw response looks like this: " + accessToken.getRawResponse() + "')");
System.out.println();
but the problem is that how can i get the authorization code and Can any one tell me what the authorization code is?
回答1:
So far you are at step 1: that is, creating the authorization URL that tells the server about the application (details like your client id, redirect URL etc..)
in any OAuth flow, there are 3 parties involved
- User
- An app that is requesting the access token
- Service Provider (Github in this case)
Let's say I am the GitHub user who is on the website managed by you. Your website wants to access my data residing on GitHub. Your website can not directly retrieve any of my protected data from GitHub without access-token
.
How do you get this access token?
- Your website registers as a client on GitHub and gets
client-secret
- Everytime website needs some user's
access-token
, first it identifies itself viaauthorization-url
to GitHub by sending identification params. In your case, you need to paste thatauthorization-url
into the browser to continue. On production, your website should redirect user ontoauthorization-url
. - Github then validates the identification details of the website and if they are all good, it asks the user (me in this case) whether I want to give access to my protected data to your website.
- If I say yes, GitHub will call the URL you specified in
redirect_url
param along withrequest-token
(akaauthorization-code
) - Your website will read this
request-token
, make the server call to GitHub and exchange it withaccess-token
- Once the website has my
access-token
, it can request my protected data to GitHub.
来源:https://stackoverflow.com/questions/49233440/authorization-code-for-github-used-in-java-via-scribe-library