I am trying to access the github api(https://api.github.com/user) as mentioned in scribe library example (https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/GitHubExample.java)
which return me this authorization url
but now i have to give the authorization code as mentioned in above link example
final Scanner in = new Scanner(System.in, "UTF-8");
System.out.println("=== " + NETWORK_NAME + "'s OAuth Workflow ===");
System.out.println();
// Obtain the Authorization URL
System.out.println("Fetching the Authorization URL...");
final String authorizationUrl = service.getAuthorizationUrl();
System.out.println("Got the Authorization URL!");
System.out.println("Now go and authorize ScribeJava here:");
System.out.println(authorizationUrl);
System.out.println("And paste the authorization code here");
System.out.print(">>");
final String code = in.nextLine();
System.out.println();
System.out.println("And paste the state from server here. We have set 'secretState'='" + secretState + "'.");
System.out.print(">>");
final String value = in.nextLine();
if (secretState.equals(value)) {
System.out.println("State value does match!");
} else {
System.out.println("Ooops, state value does not match!");
System.out.println("Expected = " + secretState);
System.out.println("Got = " + value);
System.out.println();
}
// Trade the Request Token and Verfier for the Access Token
System.out.println("Trading the Request Token for an Access Token...");
final OAuth2AccessToken accessToken = service.getAccessToken(code);
System.out.println("Got the Access Token!");
System.out.println("(The raw response looks like this: " + accessToken.getRawResponse() + "')");
System.out.println();
but the problem is that how can i get the authorization code and Can any one tell me what the authorization code is?
So far you are at step 1: that is, creating the authorization URL that tells the server about the application (details like your client id, redirect URL etc..)
in any OAuth flow, there are 3 parties involved
Let's say I am the GitHub user who is on the website managed by you. Your website wants to access my data residing on GitHub. Your website can not directly retrieve any of my protected data from GitHub without access-token
.
How do you get this access token?
client-secret
access-token
, first it identifies itself via authorization-url
to GitHub by sending identification params.
In your case, you need to paste that authorization-url
into the browser to continue. On production, your website should redirect user onto authorization-url
.redirect_url
param along with request-token
(aka authorization-code
)request-token
, make the server call to GitHub and exchange it with access-token
access-token
, it can request my protected data to GitHub.