WoocommerceAndroidOAuth1


Source link: https://github.com/rameshvoltella/WoocommerceAndroidOAuth1

WoocommerceAndroidOAuth1 -Android

This is a sample application which show how to use whocommerce using OAuth 1.0a “one-legged” authentication(HTTP).

This library is based on woocommerce api v1 woocommerce-rest-api-docs

API Version - v1 WC Version - 2.6.x or later WP Version - 4.4 or later

Using the WooCommerce REST API

There are two ways to authenticate with the API, the easy way (over HTTPS) or the hard way (over plain HTTP using OAuth).

##Over HTTPS

Simply use HTTP Basic Auth by providing the API Consumer Key as the username and the API Consumer Secret as the password(ITS EASY WAY)

##Over HTTP with OAuth(HARD WAY)

HTTP Basic authentication cannot be used over plain HTTP as the keys are susceptible to interception. The API uses OAuth 1.0a “one-legged” authentication to ensure your API keys cannot be intercepted. This process involves generating a signature and including it with your request. The API then generates it’s own signature and compares it against the one provided. If they match, the request is authenticated. ( SOURCE)

WoocommerceAndroidOAuth1 is making the hard way easy for android

Over HTTP

You must use OAuth 1.0a "one-legged" authentication to ensure API credentials cannot be intercepted. Typically you may use any standard OAuth 1.0a library in your language of choice to handle the authentication, or generate the necessary parameters by following these instructions.

Generating an OAuth signature

  1. Set the HTTP method for the request:

GET

  1. Set your base request URI -- this is the full request URI without query string parameters -- and URL encode according to RFC 3986:

http://www.example.com/wc-api/v1/orders

when encoded:

http%3A%2F%2Fwww.example.com%2Fwc-api%2Fv1%2Forders

  1. Collect and normalize your query string parameters. This includes all oauth_* parameters except for the signature. Parameters should be normalized by URL encoding according to RFC 3986 ( rawurlencode in PHP) and percent( %) characters should be double-encoded (e.g. % becomes %25.

  2. Sort the parameters in byte-order ( uksort( $params, 'strcmp' ) in PHP)// Android Way will describe below

  3. Join each parameter with an encoded equals sign ( %3D):

oauth_signature_method%3DHMAC-SHA1

  1. Join each parameter key/value with an encoded ampersand ( %26):

oauth_consumer_key%3Dabc123%26oauth_signature_method%3DHMAC-SHA1

  1. Form the string to sign by joining the HTTP method, encoded base request URI, and encoded parameter string with an unencoded ampersand symbol (&):

GET&http%3A%2F%2Fwww.example.com%2Fwc-api%2Fv1%2Forders&oauth_consumer_key%3Dabc123%26oauth_signature_method%3DHMAC-SHA1

  1. Generate the signature using the string to key and your consumer secret key

If you are having trouble generating a correct signature, you'll want to review your string to sign for errors with encoding. The authentication source can also be helpful in understanding how to properly generate the signature.( SOURCE FROM OFFICIAL woocommerce-rest-api-docs)

The Same methord is begin used but in Android WAY :) Lets get Started

WoocommerceAndroidOAuth1: how to use

  1. add library woocommerseandroidoauth1library to gradle

     compile project(':woocommerseandroidoauth1library')
 2. Setting nonce and timestamp

  ```java

  String nonce=new TimestampServiceImpl().getNonce();

 String timestamp=new TimestampServiceImpl().getTimestampInSeconds();
 
  1. Generate Base String (which is used to generate signatuekey)

    
    String BASE_SITE = "yoursitename.com";
    
     String BASE_URL = "http://"+BASE_SITE+"/wp-json/wc/v1/products";//AS a example listing product is used
    
     String COSTUMER_KEY = "costumer key here";
    
     String COSTUMER_SECRET = "costumer secret here";
    
     String METHORD="GET";//change API method eg POST,PUT, DELETE etc (ONLY FOR THIS EXAMPLE FOR LIB LIKE RETROFIT,OKHTTP, The Are Dynamic Way)
    
      String firstEncodedString =METHORD+"&"+encodeUrl(BASE_URL);
    
     Log.d("firstEncodedString",firstEncodedString);
    
    String parameterString="oauth_consumer_key="+COSTUMER_KEY+"&oauth_nonce="+nonce+"&oauth_signature_method=HMAC-SHA1&oauth_timestamp="+timestamp+"&oauth_version=1.0";
    
     String secoundEncodedString="&"+encodeUrl(parameterString);
    
    Log.d("secoundEncodedString",secoundEncodedString);
    
    //The base String is used to generate signature
      String baseString=firstEncodedString+secoundEncodedString;
 4. Generate Signature (using generate baseString and COSTUMER_SECRET)

  ```java

  String signature=new HMACSha1SignatureService().getSignature(baseString,COSTUMER_SECRET,"");

//Signature is encoded before parsing (ONLY FOR THIS EXAMPLE, NOT NECESSARY FOR LIB LIKE RETROFIT,OKHTTP)

 signature=encodeUrl(signature);

 ```  5. Generate Url  (url after generated signature)

  ```java

  //  THIS IS A VERY BASIC EXAMPLE OF PARSING USER CAN USE ANY LATEST METHORD RETROFIT,OKHTTP,VOLLEY ETC

  String parseUrl=BASE_URL+"?oauth_signature_method=HMAC-SHA1&oauth_consumer_key="+COSTUMER_KEY+"&oauth_version=1.0&oauth_timestamp="+timestamp+"&oauth_nonce="+nonce+"&oauth_signature="+ signature;

 ```  encodeUrl methord is as follow  ```java  public String encodeUrl(String url)
  {

String encodedurl="";

try {

  encodedurl = URLEncoder.encode(url,"UTF-8");

 Log.d("Encodeurl", encodedurl);

}
 catch (UnsupportedEncodingException e) {

 e.printStackTrace();

}

 return encodedurl;
  
}
 

( FULL SOURCE CODE )

USING RETROFIT

Retrofit is the best and powerful library currently avilable for a type-safe HTTP client for Android and Java

its very easy to integrate this library to retrofit write a interceptor

  1. Write a Interceptor as below ( OAuthInterceptor)

public class OAuthInterceptor implements Interceptor {

  /*THIS CLASS CONTAIN ERROR ITS BECAUSE THIS APP DOES NOT IMPORTED THE RETROFIT LIBRARY*/

/*IMPORT below dependency to gradel to fix error 
* 
*  compile 'com.squareup.retrofit2:retrofit:2.1.0' 
compile 'com.squareup.retrofit2:converter-gson:2.1.0' 
compile 'com.squareup.okhttp3:okhttp:3.3.1' 
compile 'com.squareup.okhttp3:logging-interceptor:3.3.1' 
* */
  private static final String OAUTH_CONSUMER_KEY = "oauth_consumer_key";
 private static final String OAUTH_NONCE = "oauth_nonce";
 private static final String OAUTH_SIGNATURE = "oauth_signature";
 private static final String OAUTH_SIGNATURE_METHOD = "oauth_signature_method";
 private static final String OAUTH_SIGNATURE_METHOD_VALUE = "HMAC-SHA1";
 private static final String OAUTH_TIMESTAMP = "oauth_timestamp";
 private static final String OAUTH_VERSION = "oauth_version";
 private static final String OAUTH_VERSION_VALUE = "1.0";
  private final String consumerKey;
 private final String consumerSecret;

private OAuthInterceptor(String consumerKey, String consumerSecret) {

  this.consumerKey = consumerKey;

  this.consumerSecret = consumerSecret;
 
}

  @Override
 public Response intercept(Chain chain) throws IOException {

  Request original = chain.request();

  HttpUrl originalHttpUrl = original.url();

Log.d("URL", original.url().toString());

  Log.d("URL", original.url().scheme());

  Log.d("encodedpath", original.url().encodedPath());

  Log.d("query", ""+original.url().query());

  Log.d("path", ""+original.url().host());

  Log.d("encodedQuery", ""+original.url().encodedQuery());

  ;

  Log.d("method", ""+original.method());

////////////////////////////////////////////////////////////

final String nonce = new TimestampServiceImpl().getNonce();

  final String timestamp = new TimestampServiceImpl().getTimestampInSeconds();

  Log.d("nonce", nonce);

  Log.d("time", timestamp);

String dynamicStructureUrl = original.url().scheme() + "://" + original.url().host() + original.url().encodedPath();

Log.d("ENCODED PATH", ""+dynamicStructureUrl);

  String firstBaseString = original.method() + "&" + urlEncoded(dynamicStructureUrl);

  Log.d("firstBaseString", firstBaseString);

  String generatedBaseString = "";

 if(original.url().encodedQuery()!=null) {

generatedBaseString = original.url().encodedQuery() + "&oauth_consumer_key=" + consumerKey + "&oauth_nonce=" + nonce + "&oauth_signature_method=HMAC-SHA1&oauth_timestamp=" + timestamp + "&oauth_version=1.0";

  
}

  else

  {

generatedBaseString = "oauth_consumer_key=" + consumerKey + "&oauth_nonce=" + nonce + "&oauth_signature_method=HMAC-SHA1&oauth_timestamp=" + timestamp + "&oauth_version=1.0";

}

ParameterList result = new ParameterList();

  result.addQuerystring(generatedBaseString);

  generatedBaseString=result.sort().asOauthBaseString();

  Log.d("Sorted","00--"+result.sort().asOauthBaseString());

String secoundBaseString = "&" + generatedBaseString;

if (firstBaseString.contains("%3F")) {

Log.d("iff","yess iff");

secoundBaseString = "%26" + urlEncoded(generatedBaseString);

  
}

String baseString = firstBaseString + secoundBaseString;

String signature = new HMACSha1SignatureService().getSignature(baseString, consumerSecret, "");

  Log.d("Signature", signature);

HttpUrl url = originalHttpUrl.newBuilder()

  .addQueryParameter(OAUTH_SIGNATURE_METHOD, OAUTH_SIGNATURE_METHOD_VALUE)

 .addQueryParameter(OAUTH_CONSUMER_KEY, consumerKey)

 .addQueryParameter(OAUTH_VERSION, OAUTH_VERSION_VALUE)

 .addQueryParameter(OAUTH_TIMESTAMP, timestamp)

 .addQueryParameter(OAUTH_NONCE, nonce)

 .addQueryParameter(OAUTH_SIGNATURE, signature)

.build();

// Request customization: add request headers

  Request.Builder requestBuilder = original.newBuilder()

 .url(url);

Request request = requestBuilder.build();

  return chain.proceed(request);

 
}

public static final class Builder {

private String consumerKey;

  private String consumerSecret;

  private int type;

public Builder consumerKey(String consumerKey) {

if (consumerKey == null) throw new NullPointerException("consumerKey = null");

this.consumerKey = consumerKey;

return this;

  
}

public Builder consumerSecret(String consumerSecret) {

if (consumerSecret == null) throw new NullPointerException("consumerSecret = null");

this.consumerSecret = consumerSecret;

return this;

  
}

  public OAuthInterceptor build() {

 if (consumerKey == null) throw new IllegalStateException("consumerKey not set");

if (consumerSecret == null) throw new IllegalStateException("consumerSecret not set");

 return new OAuthInterceptor(consumerKey, consumerSecret);

  
}

 
}

  public String urlEncoded(String url) {

  String encodedurl = "";

  try {

 encodedurl = URLEncoder.encode(url, "UTF-8");

Log.d("TEST", encodedurl);

  
}
 catch (UnsupportedEncodingException e) {

e.printStackTrace();

  
}

return encodedurl;
 
}
 
}
  1. AddInteceptor into Retrofit Methord
  OAuthInterceptor oauth1Woocommerce = new OAuthInterceptor.Builder()

  .consumerKey(CUSTOMER_KEY_HERE)

  .consumerSecret(CUSTOMER_SECERT_HERE)

  .build();

HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();

 interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);

 OkHttpClient client = new OkHttpClient.Builder()

.connectTimeout(20, TimeUnit.SECONDS)

.writeTimeout(20, TimeUnit.SECONDS)

.readTimeout(30, TimeUnit.SECONDS)

.addInterceptor(interceptor)

.addInterceptor(oauth1Woocommerce)// Interceptor oauth1Woocommerce added

.build();

  mRetrofit = new Retrofit.Builder()

.baseUrl(url).addConverterFactory(GsonConverterFactory.create())

.client(client)

.build();

do the rest of the retrofit fuctions

A Big Thanks to ( scribe:1.3.5) library which help me referring and guide to generate correct signature of OAUTH

License

The MIT License (MIT)  Copyright (c) 2016 Ramesh M Nair
Permission is hereby granted, free of charge, to any person obtaining a copy  of this software and associated documentation files (the "Software"), to deal  in the Software without restriction, including without limitation the rights  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell  copies of the Software, and to permit persons to whom the Software is  furnished to do so, subject to the following conditions:  The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 

Resources

Easy way to bind collections to listviews and recyclerviews with the new Android Data Binding framework.

Android displaying bitmaps library.

Create an header for NavigationView.

Annotation processor to create immutable objects and builders. Feels like Guava's immutable collections but for regular value objects. JSON, Jackson, Gson, JAX-RS, MongoDB integrations included.

A pull-down-to-refresh layout inspired by Lollipop overscrolled effects.

Library Project with utility classes that can make you more productive.

Topics


2D Engines   3D Engines   9-Patch   Action Bars   Activities   ADB   Advertisements   Analytics   Animations   ANR   AOP   API   APK   APT   Architecture   Audio   Autocomplete   Background Processing   Backward Compatibility   Badges   Bar Codes   Benchmarking   Bitmaps   Bluetooth   Blur Effects   Bread Crumbs   BRMS   Browser Extensions   Build Systems   Bundles   Buttons   Caching   Camera   Canvas   Cards   Carousels   Changelog   Checkboxes   Cloud Storages   Color Analysis   Color Pickers   Colors   Comet/Push   Compass Sensors   Conferences   Content Providers   Continuous Integration   Crash Reports   Credit Cards   Credits   CSV   Curl/Flip   Data Binding   Data Generators   Data Structures   Database   Database Browsers   Date &   Debugging   Decompilers   Deep Links   Dependency Injections   Design   Design Patterns   Dex   Dialogs   Distributed Computing   Distribution Platforms   Download Managers   Drawables   Emoji   Emulators   EPUB   Equalizers &   Event Buses   Exception Handling   Face Recognition   Feedback &   File System   File/Directory   Fingerprint   Floating Action   Fonts   Forms   Fragments   FRP   FSM   Functional Programming   Gamepads   Games   Geocaching   Gestures   GIF   Glow Pad   Gradle Plugins   Graphics   Grid Views   Highlighting   HTML   HTTP Mocking   Icons   IDE   IDE Plugins   Image Croppers   Image Loaders   Image Pickers   Image Processing   Image Views   Instrumentation   Intents   Job Schedulers   JSON   Keyboard   Kotlin   Layouts   Library Demos   List View   List Views   Localization   Location   Lock Patterns   Logcat   Logging   Mails   Maps   Markdown   Mathematics   Maven Plugins   MBaaS   Media   Menus   Messaging   MIME   Mobile Web   Native Image   Navigation   NDK   Networking   NFC   NoSQL   Number Pickers   OAuth   Object Mocking   OCR Engines   OpenGL   ORM   Other Pickers   Parallax List   Parcelables   Particle Systems   Password Inputs   PDF   Permissions   Physics Engines   Platforms   Plugin Frameworks   Preferences   Progress Indicators   ProGuard   Properties   Protocol Buffer   Pull To   Purchases   Push/Pull   QR Codes   Quick Return   Radio Buttons   Range Bars   Ratings   Recycler Views   Resources   REST   Ripple Effects   RSS   Screenshots   Scripting   Scroll Views   SDK   Search Inputs   Security   Sensors   Services   Showcase Views   Signatures   Sliding Panels   Snackbars   SOAP   Social Networks   Spannable   Spinners   Splash Screens   SSH   Static Analysis   Status Bars   Styling   SVG   System   Tags   Task Managers   TDD &   Template Engines   Testing   Testing Tools   Text Formatting   Text Views   Text Watchers   Text-to   Toasts   Toolkits For   Tools   Tooltips   Trainings   TV   Twitter   Updaters   USB   User Stories   Utils   Validation   Video   View Adapters   View Pagers   Views   Watch Face   Wearable Data   Wearables   Weather   Web Tools   Web Views   WebRTC   WebSockets   Wheel Widgets   Wi-Fi   Widgets   Windows   Wizards   XML   XMPP   YAML   ZIP Codes