search

yangboz / linkedin-j

Automatically exported from code.google.com/p/linkedin-j
0 stars 0 forks source link

linkedin-j should not require use of an HTTP session #80

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
As part of the OAuth flow you are required to get the LinkedInRequestToken from 
the HTTP session.  E.g. here are the relevant lines from the documentation 
(http://code.google.com/p/linkedin-j/wiki/OAuthFlow):
    LinkedInRequestToken requestToken = (LinkedInRequestToken) session.getAttribute("requestToken");
    String oauthVerifier = request.getParameter("oauth_verifier");
    LinkedInAccessToken accessToken = oauthService.getOAuthAccessToken(requestToken, oauthVerifier);

This makes it impossible to use linkedin-j in many scalable application 
frameworks.  E.g. what Google and many companies frequently do is disallow 
sessions, run their apps on huge clusters of machines, and then send incoming 
requests to any random machine.  There really needs to be a version of 
oauthService.getOAuthAccessToken that accepts only strings as inputs instead of 
a Java Object so that you're not tied to the session.

Original issue reported on code.google.com by benjamin...@gmail.com on 12 Nov 2011 at 7:46

GoogleCodeExporter commented 8 years ago 
It's a pretty easy fix.  Here's a patch.  Let me know if there's anything I can 
help with for this issue.  I'd be really very appreciative if we could get this 
small tweak checked in.  Thanks.

Original comment by benjamin...@gmail.com on 12 Nov 2011 at 8:03

Attachments:

GoogleCodeExporter commented 8 years ago 
I will checkin the patch in the next build. Meanwhile you can also try this:
oauthService.getOAuthAccessToken(new LinkedInRequestToken(token, tokenSecret), 
oauthVerifier);

Original comment by nabeelmukhtar on 15 Nov 2011 at 9:17