(Quick Reference)

4 Using the Plugin - Reference Documentation

Authors: Antony Jones, Peter Ledbrook

Version: 2.2.1

4 Using the Plugin

Using the oauth plugin in your application requires a few simple steps.

Using the Tag Library

To render a user-clickable link in your application which will direct them to a provider's authentication page, use the connect tag:

<oauth:connect provider="twitter">Connect to Twitter</oauth:connect>

The provider attribute is required and relates to one of the providers specified in your configuration.

This tag will work automatically on its own can also accept any standard parameters that the <g:link /> tag can accept, for example, to set a css id on the generated link:

<oauth:connect provider="facebook" id="facebook-connect-link">Connect to Facebook</oauth:connect>

Receiving the oauth AccessToken

After a user clicks your link, they will be sent back to the successUrl you specified in your configuration (or failureUrl if something went wrong). At this point there will be a session variable called providerName:oasAccessToken (where providerName is one of your configured provider names) which contains an org.scribe.model.Token instance, which is your Access Token.

It is recommended not to tie yourself to the name of the session key listed in the previous paragraph. To avoid this situation, the method OauthService.findSessionKeyForAccessToken which takes your provider name as its only parameter should be used to determine the session key, as follows:

class MyClass {
    OauthService oauthService // or new OauthService() would work if you're not in a spring-managed class.

Token getToken() {

String sessionKey = oauthService.findSessionKeyForAccessToken('twitter') return session[sessionKey]

} }

would give you the access token for the 'twitter' provider which you can then use to make requests, as below.

Requesting a resource using your AccessToken

Provided your access token is now present, you now can request oauth protected resources from your third-party provider!

import uk.co.desirableobjects.oauth.scribe.OauthService

class MyService { OauthService oauthService

def myMethod() { Token twitterAccessToken = session[oauthService.findSessionKeyForAccessToken('twitter')] Token linkedInAccessToken = session[oauthService.findSessionKeyForAccessToken('linkedin')]

oauthService.getTwitterResource(twitterAccessToken, 'http://api.yourprovider.com/users/list') oauthService.postLinkedInResource(linkedInAccessToken, 'http://api.yourprovider.com/users/list') } }

The convention used for accessing resources is OauthService.<method><provider>Resource(accessToken, url).

In the above example:

methodis the HTTP method used, one of put, post, get, delete, head, or options.
urlis the url of the oauth-protected resource you are trying to access.
provideris the provider name configured in your oauth configuration.
accessTokenis the access token you were given (via the session) when the user authenticated themselves with the provider.