Research Log of Web Science Students

Computer Science is not simply programming

Problem with getting a GData Unauthorized Request Token

with 2 comments

Last Friday Dan and I worked on accessing a user’s Google Docs via OAuth. We were able to make it work except that I found out that our solution doesn’t scale!

Our observations are

1. Two or more users getting an unauthorized request token returns an invalid token to one of the users.

2. Two or more users getting an unauthorized request token in succession returns an invalid token to the last person who requests. The latter can try again after a certain time after the last person has finished accessing his/her google docs.

We followed are the tutorials for accessing Gdata using Oauth at the Gdata website and used the Gdata Java libraries.

I think the problems are

1. that the helper classes that come in with the libraries are instantiated only once for the whole app (a singleton). Meaning any client who visits the app and uses the same instance to connect to google via oauth uses the same instance every time.

2. the helper classes are maintaining state, hence the invalid token received by another user while someone is still “using” our app to access his/her google docs. This is the same problem that I have with using Twitter4j, you can’t wire them as a singleton because they’re maintaining state.

If that’s the case, then I should probably remove this line of code in our controllers:

public class GoogleOauthController extends MultiActionController {
	private GoogleOAuthParameters oAuthParameters;
	private GoogleOAuthHelper oAuthHelper;

and refactor this by instantiating one instance of GoogleOAuthParameters and GoogleOAuthHelper per invokation of any of the methods in the controllers that make use of them. I’ll be able to do this using the abstract factory method or an abstract factory class which I’ve just finished reading about this week! That came at just the right time, thank God for my book Head First Design patterns.

But which refactoring to do?

I think the abstract factory method is more appropriate although it shouldn’t be called abstract because I don’t expect any controller to extend the controller I am going to build for Oauth. I’ll call my solution the oauth-factory-method.

But on the other hand, I might need the same functionality of the oauth-factory-method so that oauth controllers that have provider specific logic can use the oauth-factory-method to get the helper classes that they need and more importantly that are otherwise needed in a lot of other controllers.


Written by Jose Asuncion

October 2, 2009 at 4:06 am

Posted in Hardwire

Tagged with ,

2 Responses

Subscribe to comments with RSS.

  1. […] October 3, 2009 Jose Asuncion Leave a comment Go to comments For my problem with the GData Request Token, I returned one one instance of class GoogleDocs that implements the Provider interface (all made […]

  2. […] thing is ever since the GData token problem, I’ve grown wary and a little bit allergic to oauth errors. I am hoping, as one can induce […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: