Research Log of Web Science Students

Computer Science is not simply programming

Posts Tagged ‘oauth

Problem with getting a GData Unauthorized Request Token

with 2 comments

Last Friday Dan and I worked on accessing a user’s Google Docs via OAuth. We were able to make it work except that I found out that our solution doesn’t scale!

Our observations are

1. Two or more users getting an unauthorized request token returns an invalid token to one of the users.

2. Two or more users getting an unauthorized request token in succession returns an invalid token to the last person who requests. The latter can try again after a certain time after the last person has finished accessing his/her google docs.

We followed are the tutorials for accessing Gdata using Oauth at the Gdata website and used the Gdata Java libraries.

I think the problems are

1. that the helper classes that come in with the libraries are instantiated only once for the whole app (a singleton). Meaning any client who visits the app and uses the same instance to connect to google via oauth uses the same instance every time.

2. the helper classes are maintaining state, hence the invalid token received by another user while someone is still “using” our app to access his/her google docs. This is the same problem that I have with using Twitter4j, you can’t wire them as a singleton because they’re maintaining state.

If that’s the case, then I should probably remove this line of code in our controllers:

public class GoogleOauthController extends MultiActionController {
	private GoogleOAuthParameters oAuthParameters;
	private GoogleOAuthHelper oAuthHelper;

and refactor this by instantiating one instance of GoogleOAuthParameters and GoogleOAuthHelper per invokation of any of the methods in the controllers that make use of them. I’ll be able to do this using the abstract factory method or an abstract factory class which I’ve just finished reading about this week! That came at just the right time, thank God for my book Head First Design patterns.

But which refactoring to do?

I think the abstract factory method is more appropriate although it shouldn’t be called abstract because I don’t expect any controller to extend the controller I am going to build for Oauth. I’ll call my solution the oauth-factory-method.

But on the other hand, I might need the same functionality of the oauth-factory-method so that oauth controllers that have provider specific logic can use the oauth-factory-method to get the helper classes that they need and more importantly that are otherwise needed in a lot of other controllers.


Written by Jose Asuncion

October 2, 2009 at 4:06 am

Posted in Hardwire

Tagged with ,

How do you unit test Oauth Controllers?

leave a comment »

I like Spring MVC because you can unit test your controllers. No need to start and stop your application server from time to time and see what happens — if the controller actually gets this set of data you want and puts them in the model.

I was particularly fascinated with using mock requests and response objects that you can pass to the controllers so you can invoke say their handleRequestInternal method, get the ModelAndView and see if the model contains the info you need:.

But testing Oauth controllers is another thing. For instance if I want to get the authorization url because I want to Oauth to GData, I would have to deploy the web-app because Google will only accept authorization requests from my domain (the url of my web app), not my development environment whose domain is localhost:8080.

So right now the only way I am testing if my code works is deploying the code and printing out the data that I need to have printed. Pretty old school if you ask me.

Written by Jose Asuncion

September 23, 2009 at 5:53 pm

Posted in Hardwire

Tagged with ,

Projectrix Web services

with one comment

Since we are to create SOA services for Projectrix, we came up with our initial services.

For the rubrics we have:


– This will pull the entire list of available rubrics in Projectrix

createRubric(RubricName, …)

– Possible arguments include (1) tags to categorize the rubric, and (2) the link of the Google Spreadsheet where the XML data for the rubric will be pulled from


– To duplicate a certain rubric


– To view the rubric


– To delete the rubric


– To search for a rubric; Keyword can be a tag or text that is part of the rubric

* Note that there will be no update/edit for rubrics since once it is published, it can no longer be modified.

On the other hand, we have the following for projects:


– Will pull the entire list of projects uploaded/listed in Projectrix

createProject(ProjectName, …)

– Possible arguments include (1) tags to classify projects, (2) links to Drop Box, YouTube, etc. depending on the type of media, (3) description of the project, (4) license type for the project (see following post on project licenses), etc.


– Will pull a specific project from Projectrix

updateProject(ProjectName, …)

– Modifies the project; Includes all arguments included in the createProject() service


Deletes the project; In consideration if we will be doing a hard or theoretical deletion


– To search for a project; Keyword can be a tag or text that is part of the project description

On the assessment side, so far we have:

AssessProject(ProjectName, …)

– Possible argument is the scoring which is yet to be determined (e.g. sequence of numbers, a list, etc.)

The above services will include arguments for OAuth (around 6, according to Jeune), albeit unspecified.

Written by falloutkee

September 22, 2009 at 11:19 pm

Finding a Web Solution for Twitter4j: Results of Session Solution

with 3 comments

(INTRO: I can’t seem to figure out how to use Twitter4j Oauth in a web app. The code in the website only gives examples in a main method.

Googling Twitter4j Tutorial Web and other related searches returns nil useful results. Through this series of blogposts I HOPE to be able address this dearth.

My Problem: I’d like to be able to access the RequestToken and Twitter instantiations after authorizing from Twitter)

In my previous post I tried to store the RequestToken and Twitter instantiations to the Appengine’s datastore so I can use it in the callback url after the user authorises Twitter. But apparently the appengine datastore doesn’t support the RequestToken Class.

My next solution: put both instantiations in the session so I can access it in when the user is redirected to the callback url or from my(the developer’s) pov, so that I can access it in the controller class (no not the servlet I am using Spring btw).

So far I’ve been able to load the page and that means I was able to store it in the session, log returns no errors! I have no idea right now how to test views in Spring, I hope I did so the debugging I am doing here will rely more on logging.

Next step is to set the callback url to a controller to access it from there. Watch this space!

Update: Unit tested storing an access token to see if the datastore accepts it.

Well the test passed but Read the rest of this entry »

Written by Jose Asuncion

August 24, 2009 at 4:53 pm


leave a comment »

At last we have decided on what technologies we will be using! Aside from common tags, oAuth and Google Spreadsheets, we will be using Symfony, PHP and Ajax. Coding will start really soon. Stay tuned! =)

Written by Daniela

August 3, 2009 at 1:20 pm

Portfolios, CommonTags and OAuth: An Overview

leave a comment »

Below is a list of our main sources for Projectrix (one per concept) and a short summary for Portfolios, OAuth and Common Tags.

Read the rest of this entry »

Written by Daniela

July 26, 2009 at 8:37 am

Posted in ProjectriX

Tagged with , ,


leave a comment »

We’ll be concentrating on 5 concepts for this project. They are:
1.) Portfolios
2.) Rubrics
3.) Common Tags
4.) OAuth
5.) Google Spreadsheets

It’s RRL Time!

Written by Daniela

July 17, 2009 at 7:21 am