I'm looking for a Java library that helps me building an OAuth Provider. I must be able to receive OAuth signed requests and determine whether they are valid or not (checking the signature, timestamp and nonce values).
Do you know if there's something out there that makes this task easier?
Scribe is an OAuth library for Java, written by the asker himself. ;-)
Note: I post this here as an answer so that other googlers have a choice of alternatives. For another library-based alternative, see my other answer "Jersey OAuth signature library".
Some code to illustrate usage:
OAuthService service = new ServiceBuilder()
.provider(TwitterApi.class)
.apiKey("your_api_key")
.apiSecret("your_api_secret")
.build();
...
Token requestToken = service.getRequestToken();
String your_token = requestToken.getToken();
...
Verifier verifier = new Verifier("your_previously_retrieved_verifier");
Token accessToken = service.getAccessToken(requestToken, verifier);
Creating the request:
OAuthRequest request = OAuthRequest(Verb.GET, "http://api.twitter.com/1/direct_messages.json");
service.signRequest(accessToken, request);
Response response = request.send();