Added OAuth2 support and examples for Twitter API#1001
Added OAuth2 support and examples for Twitter API#1001xiangyao1989 wants to merge 1 commit intoscribejava:masterfrom
Conversation
xiangyao1989
commented
Feb 26, 2021
- Introduced OAuth2.0 config for Twitter API - TwitterApi20.java (Beta).
- Created example of hitting Twitter APIs with OAuth2.0 PKCE - Twitter20WithPKCEExample.java.
| @SuppressWarnings("PMD.SystemPrintln") | ||
| public static void main(String... args) throws IOException, InterruptedException, ExecutionException { | ||
| final String clientId = "CLIENT_ID"; // replace these with your client id | ||
| final String state = "secret" + new Random().nextInt(999_999); |
There was a problem hiding this comment.
I detect that this code is problematic. According to the Bad practice (BAD_PRACTICE), DMI: Random object created and used only once (DMI_RANDOM_USED_ONLY_ONCE).
This code creates a java.util.Random object, uses it to generate one random number, and then discards the Random object. This produces mediocre quality random numbers and is inefficient. If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number is required invoke a method on the existing Random object to obtain it.
If it is important that the generated Random numbers not be guessable, you must not create a new Random for each random number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead (and avoid allocating a new SecureRandom for each random number needed).
|
@xiangyao1989 Any further news on this work? |
|
I had a look to the endpoints in TwitterApi20.java, and I don't think they are correct, if I compare with https://developer.twitter.com/en/docs/authentication/oauth-1-0a/obtaining-user-access-tokens |