Viewing Github profile using OAuth in Java

Hello everyone! I have discussed the basics of OAuth and its components in the previous post. Let's see how to develop a simple java application to view your Github profile details using OAuth. We need to have a Github account in order to build this application. 

Connect your application to Github

  • Add a new application
In your Github account, go to settings and select Developer settings. Click on New OAuth app.

  • Register your new application
Provide your application name, homepage URL and callback URL in the relevant fields and click Register application.

  • Get your Client ID and Client Secret key
Copy your Client ID and Client Secret and select update application

Build the application

Now, let's build the Java application. The main flow is as follows
  1. User will click on Auth login link
  2. Github Auth server will show permission screen to the user
  3. Once the user accepts to the scope, it will send the code to App Server ( Redirect URI)
  4. Once we got the code, we can get access token by using client secret id
  5. We can access user's information using that access token 

Construct the login URL

In order to get the user's Github profile details, we need to create a URL for the user to login with Github. The following parameters should be included
  • client_id      - the client id obtained from Github
  • redirect_uri - the URL to where the user should be redirected
  • scope       -  type of information that you need. We have given as user here since we need profile info(More available scopes )
The sample URL is as follows

https://github.com/login/oauth/authorize?client_id=5338aaaaaaa812789cf8&redirect_uri=http://abc.com/oauth&scope=user


Get Access Token

Once the user has authenticated and provided the permission, the app will be redirected to the given redirect_uri. Now, we can access the "code" from Java and create another URL to get the access token. We need to provide the client_id, redirect_uri,client_secret and the code that we obtained.
String code = request.getParameter("code");
URL url = new URL("https://github.com/login/oauth/access_token?client_id="+clientID + "&redirect_uri="+ redirectURI+ "&client_secret=" + clientSecret + "&code=" + code);

After posting this URL, we will get the access token. 

Get user details from the access token

After retrieving the access token, we can make a GET request to access the user details.
https://api.github.com/user

The response to the request will be like this.
{
  "login": "octocat",
  "id": 1,
  "node_id": "MDQ6VXNlcjE=",
  "avatar_url": "https://github.com/images/error/octocat_happy.gif",
  "gravatar_id": "",
  "url": "https://api.github.com/users/octocat",
  "html_url": "https://github.com/octocat",
  "followers_url": "https://api.github.com/users/octocat/followers",
  "following_url": "https://api.github.com/users/octocat/following{/other_user}",
  "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
  "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
  "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
  "organizations_url": "https://api.github.com/users/octocat/orgs",
  "repos_url": "https://api.github.com/users/octocat/repos",
  "events_url": "https://api.github.com/users/octocat/events{/privacy}",
  "received_events_url": "https://api.github.com/users/octocat/received_events",
  "type": "User",
  "site_admin": false,
  "name": "monalisa octocat",
  "company": "GitHub",
  "blog": "https://github.com/blog",
  "location": "San Francisco",
  "email": "octocat@github.com",
  "hireable": false,
  "bio": "There once was...",
  "public_repos": 2,
  "public_gists": 1,
  "followers": 20,
  "following": 0,
  "created_at": "2008-01-14T04:33:35Z",
  "updated_at": "2008-01-14T04:33:35Z",
  "total_private_repos": 100,
  "owned_private_repos": 100,
  "private_gists": 81,
  "disk_usage": 10000,
  "collaborators": 8,
  "two_factor_authentication": true,
  "plan": {
    "name": "Medium",
    "space": 400,
    "private_repos": 20,
    "collaborators": 0
  }
}
From the above response, the user profile will be created.



Comments

Post a Comment

Popular posts from this blog

How to setup GitHub using SourceTree?

Image
Fed up with typing commands to push and pull from GitHub??? Thinking of doing it in an easy way??? Here you go.. Source Tree is a free Git client for Windows and Mac. It provides a nice visual interface between you and git, no more command line!!! Connecting to GitHub using SSH Using the SSH protocol, you can connect and authenticate to remote servers and services. With SSH keys, you can connect to GitHub without supplying username and password at each visit. Download puttygen.exe from here . Run the file Generate your keys Change the number of bits according to the need Save the public and private keys Add a new SSH key to your Github account Click 'Settings' in your GitHub account Select 'SSH and GPG keys'  Click 'New SSH Key' Give a title and add the Private Key Connect with Source Tree Download Source Tree from here . Run the file Select 'Tools' in your Source Tree window Click "Create or Import SSH k...
Read more

Security Protection Mechanisms to Safeguard Web Applications

Image
Hello everyone! In this article, we are going to look about Cross-site Request Forgery (CSRF) and the preventing mechanisms. So, what is CSRF?? It is an attack that occurs in the user’s web browser where a mail, a malicious URL or an instant messaging performs an unwanted action in which the user is currently authenticated. This attack happens without the user’s consent so that the attacker can carry out the unauthorized transaction. How does CSRF work? There are several ways an attacker can steal the information from the user. The attack can be done in either of the following ways. ·          Exploiting URLs by using HTTP methods Let’s say Peter wants to deposit Rs. 10,000 to Sam’s account. He will sign into his account and fill out all the details. Then, there will be a GET request with all the parameters as shown below.   GET http://AbcBankingSolutions.com/deposit?account=Sam&amount=10000 HTTP/1.1 Now, t...
Read more