-
Notifications
You must be signed in to change notification settings - Fork 2
Using OAuth
OAuth is an authentication system used by various APIs, including the Bungie.net API. It can be quite confusing for newcomers, especially those who are not familiar with the authentication flow.
Proceed to https://bungie.net/developer and retrieve your application's secret and id. Both of these will be needed to generate the OAuth token we need in a future step. HINT: Your application must be set to OAuth type: Confidential.
The OAuthManager is a set of methods that allow the program to interface with your method of storage to store various information (such as the access and refresh tokens that we will be getting shortly).
It's your choice on how to store this information, I use MongoDB but local storage in either JSON or a properties file should be sufficient.
The application should be able to reliably retrieve this information to generate access and refresh tokens when it needs to.
To retrieve your OAuth code, you must verify your account on bungie.net. https://www.bungie.net/en/OAuth/Authorize?client_id={client-id}&response_type=code
Replace {client-id} with the Client ID you found earlier from your application info. It will ask you to log in to your Bungie account and then it is going to redirect you to the link you specified on your application page, with an OAuth code embedded in the link.
Once you have retrieved your OAuth code and have stored it (either in a temporary variable or in remote storage) you can go ahead and generate your refresh and access token. The access token is what we need to actually perform OAuth actions. The refresh token is used to regenerate the access token then it expires. Some info:
- The Access Token lasts 1 hour after it is generated
- The Refresh Token lasts 90 days, it may be refreshed any time to reset that timer, but it is completely nullified 1 year after it was initially generated. At which time you must start again from Step 3.
Once you are ready call HttpUtils#setTokenViaAuth(); (Only the first time)
Once you have stored the initial access and refresh token, call HttpUtils#setTokenViaRefresh(); (Only when you need to)
Questions? The entire process is demonstrated on this site if you need more context: https://lowlidev.com.au/destiny/authentication-2
OAuthManager Example
public class JavaDestinyAPIMain extends OAuthManager {
private File file = new File(Paths.get("").toAbsolutePath() + "\\oauth.json");
private JsonObject jsonObject;
public JavaDestinyAPIMain() {
try {
if (!file.exists()) {
file.createNewFile();
}
try {
jsonObject = new JsonParser().parse(new FileReader(file.getAbsolutePath())).getAsJsonObject();
} catch (IllegalStateException exception) { // If the file is empty or corrupted
jsonObject = new JsonObject();
}
} catch (IOException e) {
e.printStackTrace();
}
}
@Override
public String getAccessToken() {
if(jsonObject.has("access-token")) {
return jsonObject.get("access-token").getAsString();
}
return null;
}
@Override
public String getRefreshToken() {
if(jsonObject.has("refresh-token")) {
return jsonObject.get("refresh-token").getAsString();
}
return null;
}
@Override
public String getAPIToken() {
return DestinyAPI.getApiKey();
}
@Override
public void setAccessToken(String accessToken) {
jsonObject.addProperty("access-token", accessToken);
save();
}
@Override
public void setRefreshToken(String refreshToken) {
jsonObject.addProperty("refresh-token", refreshToken);
save();
}
@Override
public void setAPIToken(String apiToken) {
}
public void save() {
try (FileWriter fileWriter = new FileWriter(file.getAbsolutePath())) {
fileWriter.write(jsonObject.toString());
fileWriter.flush();
} catch (IOException e) {
e.printStackTrace();
}
}
}