Lessons

Lesson Info

Saving the Access Tokens

and now step for the final process where we save the access token and become and authenticated application. Do you work with Twitter? Okay, so once the user logs in this Web view that we've loaded that Web page inside there is going to redirect to the URL that we told, um, Twitter to use as the redirection URL and when we set up the application. So we're gonna use the Web view client to catch that redirection and check to see if everything's is good with where it's redirecting to. And then, um, that will be our indication that the user successfully locked in. So how the process is going to go. It's basically when your process here in the sequence diagram, the user will log in to Twitter. Through that Web view, Twitter will redirect with the part of the token with with the public part of the token, um, each of those each of these keys the consumer token. There's two keys. Remember, there's the consumer king, the consumer to secret. Each of those keys is set up with a public part and a p...

rivate part, and those kind of derived from each other than the public part is derived from the private parts. So that's kind of how um um Cryptologic Lee. They know that the keys air are good and refer to a certain certain some sort of resource application or user whatever. So anyway, um, Twitter's going to redirect, redirect with the public part of the token in there, Earl, the authorization activity is going to grab that redirection and then kick off a process where we load the access token, which was, if you remember the durable part of the water process that we can keep around and identify the user to Twitter with. Then once the access token Zehr loaded the out, there is, ah, the application will store those tokens or will tell the oath helper rather distort the tokens. And then we'll have the tokens for the next time so that we don't have to do this song and dance every time that we want to load something off of Twitter. So one more time the the web you will redirect will catch that, Um, we'll be looking for in the redirection. URL is a query parameter caldo auth underscore token. And that will be our indication that everything has gone right, and then we'll go load the lots token through Twitter for J and save the I'm sorry. All token will save the all token and secret tokens, and we'll have them from then on out. And then, after all, this whole process happens for the first time, the user will be able to go toe the user now, not the application developer. And if you sign into Twitter, you'll probably be using the same user in both cases. But you can go to your settings on Twitter on the Web page and go to connections. And you can see that here, all the applications that you've given access to you and whether they're reading right and what the name is. And this this is part of that trust, the user trust these, these air applications, the users trusted to a certain level to act on their behalf on Twitter. So let's go through that process. I'm gonna come over here to eclipse and open up step for and let's look through the through the through the process from the start, so status less activity is going to. There's one more step that's new here online. 26. We're going to get Twitter from the application. So this is the Twitter Ah, class of type Twitter for Jadot Twitter that pretty Pretty much just like the delegate for all the things we want to do through to the Twitter application were through the Twitter website. Somebody hit. I'll show you how I set that up and hit F three here online 26 get Twitter and jump into the tweet application. Ah, get Twitter access or method that just returns An instance variable on point online 27 here Twitter, which you can see is highlighted online 22 in the on create. Ah, the way we get Twitter is we create a new Twitter factory which is from Twitter for Jane can get an instance and then that can that will be the The class that we do are the object that we do all the interactions with Twitter through so once that's all set up now status list activity. Figure back there has an instance of twitter, which you can use, um, again on resume. If the APP is authorized or the APP is not authorized, we need to begin authorizations. Let's look through there and we'll come back to other cases later. Um, once we start this activity, the authorization activity starts up so ahead of three to go to their Now we're looking at the authorization activity. Um, you can see here. I'm gonna minimize this. A lot of the other stuff is pretty much the same here on Create. We set the content view to the authorization view. When we set up views, we get a reference to the web view. But there's this new step here where we set the web you client to a local variable. An instance variable called Web View client. And that is all set up here online. 18. So we expand this code and let's look at the web. You client. So the Web, you client, if you'll remember from the beginning I talked about that being sort of a class that gets a lot of delegates, a delegation from the Web view when anything happens, the Web you client, if you create a web you client, and set the web You client for the Web view the web. You client gets called back when many different things happen inside the web. You and you can hook in and decide to do certain things if you'd like, based on the user's interaction with the Web view. So what I'm gonna do in here an eclipse is right. Click this Web. You client, um ah, constructor here and say open type hierarchy. I can also hit at four. And that will open up this type hierarchy thing here. I'm gonna maximize that. And we can look at some of the things that you can do. Let me zoom in a little bit here, Web view client. So here are some of the things that you can do is it will be client. You can, um, get called back when a form is resubmitted. So you'll you know, sometimes when you're browsing the web, if you hit reload on a page, that was that was sort of derived from a form that was submitted on a previous page. Um, it's sometimes warned you. Hey, you sure you wanna reload this with all the things that you submitted from the previous form? That's one thing you can hook into on the web view. You can also figure out when the resource is getting loaded. That means, like any any audio content, any images, any video content, something like that. You'll get a notification and the URL for each one of those things that gets reloaded. You can also find out when a page is finished when it paid. Just started, Um, and then it will On page started also gives you a bit map resource for the favor. Aiko. The favorite icon. Um, for that Web page, you could you could kind of construct your own Web client, um, whenever an errors received when the Web page says that you need to a lot to log in with basic challenge. Response. HTTP authentication If the scale has changed, if there's too many Web, too many redirects. If there is a key event like the user hits a key on the soft or hard keyboard, but it's not handled by the Web Web view, this will tell you. Then you can say whether or not you should override certain key events and whether you should override Earl loading. These are all things that you can do is a Web you client, Um, and you can get more information about those at the three sdk information on the Android developer site. But Basically all we need to do here is on load resource. We're gonna override this omelet revealed resource method and that will be called when anything tries to get loaded out of the Web views and this will be called first. So he could actually over override it and and stop it from happening if we want, which is exactly what we want to do in this case. So we have two cases here and again in this comments here. It's a reminder we're looking for Twitter to call some sort of Ah, it's gonna redirect once the user logs into some sort of earl that looks like this tweet dot com authenticated, which is what we wanted to put into the application when we set it up on Twitter. But it's also going to append this oh, off token to the end. And that's the public part of the access token. We don't really we're not gonna use that, but we will use that, um to tell us that everything is gone correctly. So what I need to do is parse the URL to figure out if that's what happened. If everything is signed in, the user signed incorrectly and Twitter is now gonna redirect. So I just grabbed the u R I of that Earl by parsing it out so that I could get access different parts of it as a string. So I can say you're I get host. If that equals a tweet dot com, basically, if right appear, this is tweet dot com that I know things, they're going going my way. Then I can grab the token as a query parameter, um, and make sure we have that. And so if that's not know that I know things, they're pretty much exactly as we want them. So what's gonna happen? Air is we're not going to return. Um, whatever the super on load resource returns in this case, in every other case, we will let it happen. Um, so what will happen is that web you will kind of sit there and time out because it's not actually gonna weren't actually gonna let it redirect. And what happens is it kind of looks messy after a certain bit. It says, Say the Web is not responding. Um, bless Fine. We don't We don't really care about what happens as long as we know that the oath token is getting passed through. So basically, I'm just going to set the web view visibility to invisible because I don't want it to show up anymore. And then I'm going to still the application that we are authorized. So the user is signed in and we can kick off the next part where we actually get the access token, and then basically, I'll just finish this this activity. So that will. Most likely since the status looks list activity started kicked off the started the activity, the authorization activity. It's probably gonna come back to show this, um and then call on resume this in the status like list activity, and then, in that case, it will be authorized and the way it will be authorized. Um, this This will return true. I'm sorry. Intellectually turned fall. So the opposite of this, whatever turns and then we'll loan that load the timeline. So everything is gonna be working fine at that point and the reason it will work fine. So if I switch back to authorization activity is because we called online 28 we called app dot authorized. So let's go look at what happens in there. I can put my pointer here and hit F three and we'll jump in here. Teoh Tweet application. This new method that we added, um called authorized. And basically what that's going to do is now that we have everything set up the Twitter, the instance that we've kept around so far knows about our consumer tokens. We've set the consumer tokens so far. When we called, um, when we called this begin authorization method from the authorization activity, it's ah, got the current request open. So we also from from Twitter. So we also know about the current request token. Um, so Twitter knows about all these things. So all we need to do is Twitter, for Jay is set up to basically say, get the access token based on everything that's happened so far. So that makes a call out to Twitter with the request token that had the temporary request token and says, Well, it sounds like this user log in successfully. Can I have the more durable access token now than Twitter says? Sure, here you go. And now we have this access token object. So the next step to do is inside the O off helper. We're gonna store that access token. So let me jump into that method with F three. And now we're looking at a loss helper. Um, store access token online 41. It takes the access token. And basically, what we're gonna do is store that access talking in the and, uh, has some local settings. So preps You can see we did this a little bit in the last. Actually think it was a homework X homework assignment for the last class? Um, I had you store something in a local user settings. So if I go over here and look at preps, um, I actually construct that online. 27 of the constructor less helper. I'm creating some shared preferences. Um, using this string key here. Application preferences, which is created in mode Private. So its particular to our application No one else. No other application could read it on there. Should be stored locally, so eventually make a place to store the authorization and access tokens locally in some shared preferences. So, inside the editor, this is how you how you store preferences inside those settings, the local settings you need to create an editor offer the perfect preferences. And then we'll put us put a string off key and put the access token, get token return and not inside of there. And then off. Secret Key will get this token secret off the access token and then commit those changes through the editor. And then we'll keep the access token around in memory for any any time we need that. And then, um so off key and off secret key or just, uh, just process that I created appeared. So you just you just treat those. Ah, the shared preferences. Kind of like a hash with a key value pair. And we got the strings off of that access token to save those locally. So now that we've saved them inside this settings, the shared preferences, we also kept that around in memory. So we're gonna be working out for the ones that are in memory. So in the case that we're signing in, let's let's go back through the whole flow. Um, as if we had just started the application from scratch like the phone shut down, nothing was running. Um, the application was just started again. Um, but in that we had saved the access tokens or the authorization tokens at some previous point. So one create will get called on the status list activity, and it will set everything up and get an access getting get a reference to Twitter in the application. But then on resume will get called and it will say the application are we authorized to say, Let me jump into that method. And then, in this case, the authorization, just like the last last case will be delegated off to the old helper. And then we'll ask whether we have access tokens to let me jump into that method of three. And in this case, instead of just hard coded false we're going to say, um if they ask access toking is not Nolde. And yes, we have an access token. And where we have the access token set up from from scratch from the beginning is in the oath. Helper constructor here online 25 Deadline 30. Ah, we load the access token when the off helper is created through this load access token method. So what me jumping for that f three, we'll bring us down the line 49 on the OAS helper. Um in load access token. So this is the case, remember? We're not signing in yet. We just started up again. But we have the access token in the shared preferences, so we're loading this out of the preferences. Preps get string off key press kit, string off secret key, um, with a default of knoll, and then if the token is not null on the token is not secret will construct a Twitter for J access token. Twitter for j dot http dot access token off of the token and token secret that we created in return. That and then that is how we will from from then on, we won't. We won't make the user sign every time we'll have that access token created off of the shared preferences. So that status last status lis activity will get a false here for for this and then go to the else and then load timeline, if not loaded. That is how we will load the home timeline from Twitter. Now that we know we have the access, tokens and everything is set up. Um, those air passed into Twitter. Ah, that's that's a good another step. Let me jump over toe tweet application. We need to get those access tokens into Twitter, that Twitter class that we've created, um, from ah, from Twitter for J. Uh, You see where that happens? I think that happened. Okay, I actually happens back in status, Less activity. Okay, so load timeline, if not loaded, is called on resume if we're authorized. And that calls load hunt, load Home timeline, which is down here on line 50. So online, 50 through 59. Um, we're actually calling out to Twitter the class, which is a total for Jay Twitter. The home timeline is the all the tweets that the user sees on the home view. If they would have log into Twitter and those air called, um the Twitter for J class that that represents those air called Twitter for J status, and we're gonna get an array list of those and create a new status list adapter, which is, if you remember from last class on adapter is a class that provides the data to a list view. And that's just gonna be a simple status list. AC adaptor that I create down here. It's private. Class 61 to 67. It extends array adaptor with a generic type of status. So it knows that a status is the guy that we're displaying. Um, and then that just calls up to super. This is this is something that you could just used to quickly set up an android list. It just takes a context. It takes a layout item, which it will use for each in each individual element of the list. Um, and there is one that we're that is shipped along with Android. Call Andrew dot r dot layout That simple list item one, which just has a piece of text on it, and the way it will get that text is by calling to string on this on whatever instance that gets passed each individual list item. And in this case, we're passing Twitter statuses, which are basically tweets. And then we're passing the array. A list of all the status is that we've got, um and that is what will happen when we're logged in. And then So I didn't actually show you where the access token has saved into Twitter. Let me go track that down. So when we construct the application, the O tweet application, the first thing we do is Twitter. Um, we created Twitter. Ah, Twitter class Twitter object from the Twitter factory. And then we say, a wife helper configure aloft and then passing that that instance. Okay, so this is where we do it. So a helper let me jump into here. Configure off is called right away from the application construction. So that means right from the start for when the application is started, we say configure often passing Twitter. And that's where we set the off consumer key in the OSS. The access token, which we construct again inside the a lot helper um, constructor. So for it from the start, the twitter instance that we're using to go get the tweets has the consumer secret keys and the access tokens. So, um, let me run this application from scratch and we'll sign into Twitter and we'll see a the very generic sort of ugly list of all the the tweets that my user has. See, once I sign in. Okay. So again, status list activity starts up, kicks over to the authorization view. It loads the correct web view for this for this ah, application. And then I'm going to sign in with ah tweet Android, which is a user that I set up just for this case. You can follow me if you want. It's not very not very chatty, but that's just the one that I set up for this for this particular class, and I'm gonna move the If you'll excuse me, I'll move this off the screen so that I can put in my password. Nobody sees it, and I'll start the sign in process and you can see that answer is asking. Do you want to remember this password? And I'll say No, I don't password. And then now Twitter is redirecting. It's saying that yes, you've allowed access toe. Are you outwit Android? The user that signed in has allowed access toe tweet, and it is now redirecting, and we're catching that Earl, and it's gonna redirect, um, to the correct Earl and we'll catch that redirection. And then we'll finish the authorization activity after it sets up all those keys and whatnot and saves them into the shared preferences. And then it will kick back to the status lists activity right here. And you could see this. This is this is what you get when you call to string on each one of those statuses that that Twitter for Jay returns. So it's pretty ugly, but at least it shows that we're getting something, and it gives us something we can step forward and easily make it look nicer. Um, so to String is also saying in response to an earlier question, that we're that it's using the Jason service from Twitter. So there you go. We have a full round trip from from signing in the Web view to redirection, to catching that redirection to saving the access token. And now this tweet instance can act on behalf of my user that I signed into Twitter with and see in summary. After the user logs in Twitter will redirect to the URL that we configured in application profile. We'll catch that with the Web you client, and then get the access tokens through Twitter for J. And now we were signed in, so it was a little bit of a long along. Go there. Let's see if we have any questions we do. We have a bunch of questions, and before I ask any questions, I just got to say I think it's so cool that you call the multiple statuses Stat, I yes. What else would a quick What else would it be called him? Totally. And we have another naming a question for you. Somebody noted that you're using a K instead of a C in off secret key and wanted to know if there was a special reason for that. Oh, no, I shouldn't have done that. I was just me. That's just me screwing around. So where was that Office helper? Yeah. Secret? Yes. Like that's pronounced secret. It's a real secret. Okay, that's awesome. Um, Mex question is, what will Twitter return if the authentication fails instead of the tweet dot com authenticated girl? Well, what'll happen is it won't return anything. It will, actually, it just won't redirect to the to the right earl. So we won't ever catch that redirection. It'll display some sort of page that says, Hey, you didn't log incorrectly or something. You want to try again or or if you were if you had deny I think it says it redirects another page that says you've denied, I don't know going from here, something like that. So there we're not actually gonna catch anything. In that case, it's just gonna sit there on the Web view. So it then it's up to Twitter to basically ask the user. Try again if they make a mistake or Yep, exactly. So if they're if they're user name and password wasn't recognized, Twitter will will keep on handling that in the Web view. So let me let me switch back to authorization activity inside the Web client. The only time we're doing anything is if the host equals a tweet dot com that they're getting redirected. Teoh. All right, um, somebody was asking about the permissions. The read permission versus the read write permission. Yep. So when you set up your application, you can. There's a choice you get to make whether or not your application is requesting, um, read or read, read or create. So if you read, then you can read things. Basically, you can look at the users twitter stream. You can get individual tweets. You can get information about friends and see tweets that are private that the user follows those kinds of things. But you can't create tweets. You can't update statuses. You can upload. Um, well, you can upload pictures to Twitter anyway. But you can't. You can't create statuses, basically, the individual tweets. Okay, um and then I have one more question than I'll hand it over to Ruth and Sarah. One person asked if you need to refer to the files in the lib folder, which in our Kays cases, the tweet for J library in our android Manifest xml to tell it to load? Nope, because at that point, live is just for conflict compilation like you're compiling against those jars, and that's all compiled by the time the manifest is loaded. So at that point, you've got some job of binaries that better loaded and know how to reference the thing. So it just gets put in the right place. You don't have to. You have to do anything special to load those libraries. Okay, cool. All right. Ruth and Sarah questions you have, ah, question and goto goto webinar from Sapna. Can you go over how the off token received from the Earl Redirect is used? It's not clear how it is passed to acquit to Twitter class. I'm not using it at all. That's that. So that's one little confusing point I'm just All I'm doing is checking for its existence. And the existence tells me that things went okay with logging process, that's all. Si OK, because that's basically that's that's the public part of the access token that will be getting from Twitter. But I want I don't want to construct an access token. Twitter for J access token. I want Twitter for Jay to go get it the way it knows how. So basically back here in Theo tweet application. Um, I'm saying, get the access token based on the session information you have so far, like with the request token in the consumer tokens you know about so far, just get the whole access token, which is the the public part and the private part. So all I'm doing here inside the web, you client is just checking for the existence of that token on the redirect URL, and that tells me that things are going OK. I don't actually use it. Where did the o tweet dot com host name in the authentication? Your l come from the Twitter developer account. Yep. Okay, so let me go back in the slides. So when you set up your developer account kind of fly back a little ways here when you set up your developer account there certain things that you can do, um, one of them looks like this. What you're seeing on the screen right now, you can choose what the application type is. He say browser. And then the callback girl is a tweet dot com authenticated. You put that in yourself when you set up the application. When you go to twitter dot com maps new created app. Um, you put that in. So So that's why I know in my code I can rely on the URL being there because I set up the application. Um, and since you will be using my code unless you choose to change the code, you want to put the same one in there. No tweet dot com doesn't exist, is just is just a key. It's just something I can see being redirected to. Um so, like, Andrea doesn't have the concept. In case you've done any IPhone development, you can associate ah, protocol with your application. Um, and then when Earl's air called than the IPhone operating system knows how to redirect your application, Andrea doesn't have that kind of thing. I just need something that I can something that I can rely on being there for Twitter to redirect to. Is that making sense? I think so. Yeah, I believe, but but the other, the other key is that it has to be in the form of Ah, Earl. It can't just be like, Yeah, we're cool. Or or it worked or something like that. It has to be an Earl to redirect you. Otherwise, Twitter won't let you save it. So that's why it's an Earl, the callback girl. How persistent are the shared preferences where the authentication tokens air held? Ah, those exists for the life of the application until you remove the application. Okay. They're a couple comments. It looks like the whole authentication authentication process was slow. What's the timing on the real device is not gonna be a very Is that gonna be sort of a bottleneck? I guess. Right? It is a little slow, and you'll notice that I didn't show any user. Uh, I didn't say like, hey, we're doing something at this point. And in fact, you couldn't even see the little, um, spinney rotating thing on the Twitter page running because I'm doing I'm calling out through Twitter for J at that point, which is a perfect Segway into what we're gonna talk about next class. So let me go through that, Um, What we're gonna talk about next class, then we can get back to some more questions. Okay, Thanks. That's a good Segway. So thanks. Whoever said that? Ah, yes. Summary went through that. Okay, let's recap really quickly. We created an android Projects or an android project was created at some point. Added the Twitter for J library to the lib directory. Loaded the apse. Consumer tokens from the properties file. The wall stopped properties file that you will create inside the raw directory inside the resurrect tree. Then we loaded Twitter's authorization page when we didn't have those authorization tokens yet intercepted Twitter's redirection when the user successfully logged in. And then we got the users authentication tokens and save them for later use. Um, so if you would like Well, okay. Okay. So I guess here are the instructions for doing that one more time. You create a nap on Twitter. The instructions air are on the screen cast, which we haven't Earl for Savior. Consumer tokens in rez raw A lot of properties. Run the application, authenticate with your user and then look at your Twitter settings. So you go to twitter dot com and go to the settings, um, menu, and then view your authorized applications and you will see the application that you created as an authorized, authorized application. There and again. Here's a look at where you need to put consumer key and consumer secret key inside rez raw. A lot of properties. So now to get back to the question that someone just asked about how slow that process was, what we didn't do is any of we didn't do any of the network operations on a thread, which is exactly what you want to do to make sure that the user that these air seized some response they see something going on in the application to know that it's still working and hasn't frozen. Um, when you're doing something in a on A like a net cake net, uh, some sort of net network operation or some sort of long running operation in the background. So that's what we're gonna be talking about next time. So we're going to load the tweets from the currently logged in user, and we're gonna use threads, and we're gonna form of those tweets nicely. And then we'll see how threads will help us show that the application is still responsive. Teoh to the user case. Cool. Let's go back to some questions. Um, I have a couple of, well, ruthless looking through hers. Somebody wanted. And I know we talked about this in the first part of the course, but somebody wondered about the magic I d in the status activity that we're using us. And when we're creating the view, Yeah, that it bears repeating. So let me let me hop out of here and just jump back quickly and keynote. Oh, wait. Non keynote. No, it's in the code. Okay, so in the code, um, what you will notice Here, I'll go and step to the step to code. Ah, and status list activity. Colorado Leandro Tweet activities, status, Lis activity. It is a list activity. And that was a change from step one. I didn't really highlight that, but this is something we talked about in depth in the first class list activity is an activity that knows how to deal with a list really easily. And at no point here, um, well, we do is set content view, um, to our that layout that main. And at no point do we tell the list activity what list we want to use. So if we look at, um in rez layout main XML, you'll see that there's a list for you sitting inside of a relatively out. And then there's a text for you on what I should kind of at the beginning is that the text view is the is the empty has this magic android Colon empty I. D. And listsview also has this Magic Android Cohen list I d. And those air the those are the ones that, by default, the list view tries to load once the content view is set. And so we don't have to do any extra wiring up just by convention. If we call our list Android Colin List for an I d and the and some some sort of container Doesn't matter what, um, android Colin empty than the list view. I'm sorry. The list activity knows how to manage those back here status list activity that knows that that will be the list that it will. It will put put things into and it will show that empty view. If there's nothing inside of an adapter or no adaptor is set, stuff like that makes sense. We went through this kind of in depth in the last class, but that that bear some repeating, I think, yeah. And then while you're looking at those files, can you jump over to string? Start excellent. Because somebody wanted to see where a couple of strings were identified. Sure, Let me look at Step four. So that would be the most complete strings I hate looking at. These views are like that smell view. Sosa's sex will be. We just have, like, authorization authorized inter pin. Okay, so yeah, in Japan, I still I guess I still have that in here because originally I didn't do the redirection when I created this code. Actually went through the process of having the user type in a pin that was shown on the Web view. But then I realized that I could use that Web Web you client to catch the redirection instead. And that would be just one less step for the user to go through while signing in. So I guess this is kind of some old code here, Um and then we have no tweets and then the application name, By the way, whenever you have a Ah, A case like this where this ah single single quote is a is a special character, you can escape it with a with a slash, right? And I've got one more question. I'll see if Ruth and Sarah have anymore somebody had asked how many, um applications cannon activity load, which I think they might have it backwards. I think they might have meant how many activities can an application load? Well, I'll answer it both ways, I guess. I mean, there's an unlimited amount of activities that your application can have, and there is always one application tune in next week and we will load tweets, and we will talk about running things on a thread to keep our app responsive, which is pretty important, as you can already see by how slow the app gets. Once we log in through through Twitter, it also looks like we'll be making the tweets a little prettier next week. Yep. That's good. Let's hope, Tony. Yeah, because I was a big chunk text, which is interesting for debugging purposes. Well, thank you so much, Tony. I want to just do one more call out for our sponsor Admin. Thank you. Add mob and thank you, Tony. So let's give a round of applause for Tony. Thanks, everybody, and I'll see you next week.