Hi,

I've been using OAuth in my Android app, with mostly good results. I find out that the occasional failures were due to my use of the DefaultOAuthProvider, rather than CommonsHttpOAuthProvider class. Signpost states this on their project page, http://code.google.com/p/oauth-signpost/

So I switched to CommonsHttpOAuthProvider, requiring use of a newer signpost version, and now I can't authenticate to myspace at all. I had to make the following changes to the myspace sdk, but it still hangs on retrieveRequestToken.

// snippet from MSOAuth.java
    private void initConsumer(String apiKey, String apiSecret) {
        // update to use signpost-commonshttp4-1.2.1.1
//        mOAuthConsumer = new CommonsHttpOAuthConsumer(apiKey, apiSecret, SignatureMethod.HMAC_SHA1);
        Log.v("MSOAuth","initConsumer("+apiKey+","+apiSecret+")");
        mOAuthConsumer = new CommonsHttpOAuthConsumer(apiKey, apiSecret);
        mOAuthConsumer.setMessageSigner(new HmacSha1MessageSigner());
    }

    private void initProvider() {
        Log.v("MSOAuth","initProvider");
        String requestedPermissions = MSSession.getSession().getRequestedPermissions();
        String authUrl = (requestedPermissions == null) ? OAUTH_AUTHORIZATION_URL : OAUTH_AUTHORIZATION_URL + "?myspaceid.permissions=" + requestedPermissions;
        // update to use signpost-commonshttp4-1.2.1.1
//        mOAuthProvider = new DefaultOAuthProvider(OAUTH_REQUEST_TOKEN_URL, OAUTH_ACCESS_TOKEN_URL, authUrl);
        mOAuthProvider = new CommonsHttpOAuthProvider(OAUTH_REQUEST_TOKEN_URL, OAUTH_ACCESS_TOKEN_URL, authUrl);
    }

    public String retrieveRequestToken(String callbackUrl) throws OAuthMessageSignerException, OAuthNotAuthorizedException, OAuthExpectationFailedException, OAuthCommunicationException {
        // update to use signpost-commonshttp4-1.2.1.1
//        String authUrl = mOAuthProvider.retrieveRequestToken(callbackUrl);
        Log.v("MSOAuth","retrieveRequestToken("+callbackUrl+")");
        // the next line times out
        String authUrl = mOAuthProvider.retrieveRequestToken(mOAuthConsumer, callbackUrl);
        Log.v("MSOAuth","authUrl:"+authUrl);
        this.mRequestToken = getToken();
        Log.v("MSOAuth","mRequestToken:"+getToken());
        this.mRequestTokenSecret = getTokenSecret();
        Log.v("MSOAuth","mRequestTokenSecret:"+getTokenSecret());
        return authUrl;
    }

    public void retrieveAccessToken(String verifier) throws OAuthMessageSignerException, OAuthNotAuthorizedException, OAuthExpectationFailedException, OAuthCommunicationException {
        // update to use signpost-commonshttp4-1.2.1.1
//        mOAuthProvider.retrieveAccessToken(verifier);
        mOAuthProvider.retrieveAccessToken(mOAuthConsumer, verifier);
    }


I'm not getting any response, though I'm still able to authenticate to twitter with no issues, so it seems that OAuth is implemented correctly. Even when I switch back to using DefaultOAuthProvider, it won't authenticate with MySpace. Why can't I authenticate anymore?

 Are you using our Android-optimized MyspaceID sdk? See here: http://developerwiki.myspace.com/index.php?title=MySpaceID_SDK_for_Java_Android

 

thanks,

Joel

Yes, that's the sdk I'm using. The sdk class for oauth MSOauth.java uses DefaultOAuthProvider, instead of CommonsHttpOAuthProvider, from the signpost api. On their project page, http://code.google.com/p/oauth-signpost/, signpost states: /* Google Android IMPORTANT: Do NOT use the DefaultOAuth* implementations on Android, since there's a bug in Android's java.net.HttpURLConnection that keeps it from working with some service providers. Instead, use the CommonsHttpOAuth* classes, since they are meant to be used with Apache Commons HTTP (that's what Android uses for HTTP anyway). Signpost is already used in several applications running on Android, Google's software stack for mobile devices. In fact, Signpost has already signed thousands of HTTP requests at this very moment, as it is an integral part of Qype Radar, our geo-sensitive mobile application for Android that finds the best places near you. */ As I'm using oauth in my app with several services, and have occassional issues with all of the services authenticating at times, I'm trying to follow the signpost api recommendations. The myspace android sdk is using an older signpost api version which doesn't include the CommonsHttpOAuthProvider class, so I'm using the version which does have that recommended class. My code snippets above are the changes that I think are needed, but authentication is failing for myspace. Other services, such as twitter, are authenticating fine. What do I need to look at to find out where this is failing? Do the changes that I put above appear to be correct? Thank you! Bryan

Joel, I've tested this with Buzz now and the same code is authenticating successfully, as with Twitter, so signpost appears to be fine. Is there some other parameter that myspace is expecting? Thank you, Bryan

Does anyone have any other ideas why this isn't working? Am I posting in the correct forum for this issue? I really don't want to drop support for myspace in my app. Thanks!

 I am working on this, but the original developer here who designed this sdk is gone so it may take some time for me to determine where the problem is, unfortunately.

 

thanks,

Joel

Joel, Thanks for helping with this. Please let me know if there's anything that I can do to help. I'm trying to compare the original sdk against the newer signpost jars. I'll post here anything that I find out. Bryan

Joel, MySpace isn't responding to POST requests for the request token. That appears to be the issue. Can MySpace please support POST? Bryan

I finished testing and can confirm that the lack of POST method support by myspace is the problem with using CommonsHttpOAuthProvider. The same request, using GET, works fine.