[SalesForce] Oauth for Java native app

I have a Java native app I am trying to implement Oauth for. I have gone thru this article by Pat Patterson:

http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com

I am a little lost on a couple of points. I can work out how to make a call from Java to the initial URL (https://login.salesforce.com/services/oauth2/authorize?response_type=token&client_id=xxx&redirect_uri=myapp:oauth&display=full). From what I can see, this returns a redirect. What exactly does the Java app have to do to bring up the browser window with the authorization request?

Thx,
Hamayoun

UPDATE:

Maybe I'm not explaining what I am looking for. Let me clarify. I want to get a refresh token for my desktop app, and store the refresh token. The article says:

In this flow, the client application directs (1) the user to a URL at the authorization server of the form:
https://login.salesforce.com/services/oauth2/authorize?response_type=token& client_id=&redirect_uri=&display=touch&state=

On a browser, this redirects to a URL which takes the user to the SFDC login page, and then to a page asking the user to approve access to the application. So my first question is, in the Java app, how do I open the URL so that it redirects to the browser, while maintaining control of the browser? I tried JPaneEditor, it did not seem to work. The article then continues:

Now, rather than sending an authentication code to the client and it retrieving the access token via a POST request, a redirect is returned (3) containing several parameters in a URL fragment (i.e. after the hash '#' sign) – for example:
myapp:oauth#access_token=00D50000000IZ3Z%21AQ0AQI6qUiQpGCAlNVAEOugF7J6Lr34LHSUUQZ_S4rnPzShAsJzG0qjW1XEx5R6kDORlWE2r9QXJpfAkAkq8V9k_V0PbXYjN&refresh_token=5Aep861eQO5D.6wJBuW5bbARbbxQ8hssCnY1dw3qi59jeys7ob.H_xM395_RJHukNjeustDru8BiA%3D%3D&instance_url=https%3A%2F%2Fna3.salesforce.com&id=https%3A%2F%2Flogin.salesforce.com%2Fid%2F00D50000000IZ3ZEAW%2F00550000001fg5OAAQ&issued_at=1298926970349&signature=Y5ici2QZsudYyH%2F4YWcJd1s3P89mLJPVsO0plVoHD4o%3D&state=mystate
Since these parameters are passed in a fragment, they will remain on the client device, and will not be passed in an HTTP GET to the redirect URI. Note that the redirect URI may have a custom scheme, configured in the desktop/device OS to invoke a callback in the native app, for example, myapp:oauth, or it may have the https scheme.
A native application can directly parse the incoming parameters from the fragment; in contrast a browser-based application would rely on JavaScript, served from the https redirect URI, which would have access to the fragment and its parameters.

So how exactly does my desktop app read the URL fragment at this point?

I hope this clarifies what I am looking for.

Best Answer

If its a non Web Java desktop application, will it be used as a background process or will always have user access.

a. If its a background process, then you should simply store the credentials in property file may be encrypted and decrypt it before you hit the salesforce apis.. b. If its a user access process, then leverage swing based JDialogbox to ask user to enter cedentials or JEditorPane with no CSS , render html pages and compromise with the UI.

Hope that helps

Thanks Jatin

Best Answer

Related Solutions

[SalesForce] OAuth API doesn’t send refresh token with custom redirect_uri

[SalesForce] Authentication Failure when submitting Authorization Code in OAuth Web-Server Flow

Related Topic