So... you want to integrate with or provide OAuth services?

This project can help you do that! It is a utility rather than a client. What does that mean? This project doesn't actually make HTTP requests; most OAuth projects do. What this tool kit will do is help you to generate the needed info to make (client side), or to verify (server side) an OAuth request.

This library is VERY SMALL and has no dependencies (on other jars) therefore it is VERY embeddable (Android anyone?).

The spec

The current version can work with 1.0a and 1.0 hammer designed apis.

link to OAuth 1.0 hammer spec

But I wanna make requests...

The client leaves the possibilities open for which HTTP client library you use to make OAuth requests. You may use java.net.URL, or maybe commons HTTP. The algorithms used in OAuth have little to do with HTTP library implementations. Why couple them into a single client, when we could have a toolset that enables developers to build clients for any purpose?

Issues such as how to convey the "oauth" parameters are made very flexible. Some may send oauth parameters in the content body, others send them in the request URL as query params, and some the Authorization header. This toolset provides functionality for all these conveyances. This gives more flexibility when generating parts needed to instruct any HTTP client to make a proper request.

So what would using this toolkit look like? Below is an example of a simple resource request being made on a user's behalf.

OAuthSignature sig = new HmacSha1Signature() {
        public void checkForReplay(String key, String nonce, Long timestamp)
        {
                // do nothing we are verifying signatures
        }
};

// This object's job is to create signatures signing OAuth Requests
ClientSignatureGenerator sigGenerator = 
        new ClientSignatureGenerator("my client key", "my client secret", sig);

/* 
 * map that contains parameters, Map<String, Object> because we allow String, 
 * String[], List<String> since you may have more than one value for a given key.
 */
Map<String, Object> params = new HashMap<String, Object>();

String url = "http://some.com/userdata";

// will add "oauth" values to params (oauth_token, oauth_version etc.)
sigGenerator.createSignature("GET", url, params, "token value", "token secret value");

// RequestUtils can be used to create a simple query param based request
String reqUrl = RequestUtils.createURLString(url, params);

// Now open an HttpURLConnection
HttpURLConnection conn = (HttpURLConnection) (new URL(reqUrl)).openConnection();
conn.setRequestMethod("GET");
conn.connect()

// And we process the response there after

So that's about it. You've got the makings of a client. Take note that this endpoint would need to support "oauth" params being in the query string of the request. This is usually the case, Twitter and Netflix support this style. Also, if you use this tool kit to build OAuth secured services you'll almost undoubtedly support oauth params in the query string.

Using the above example we could generate the Authorization header if that was what you wanted to use in forming your request:

 // using the same 'params' map defined in the above example
 String authHeader = RequestUtils.createAuthHeader(params);

That's it. The generated header will be properly encoded and ready to add to your HTTP client's request.