· 7 years ago · Aug 26, 2018, 07:50 PM
1Hi Pablo,
2
3I've reviewed all of the Scribe examples you have provided and they all seem to require the original request Token object to persist before and after the callback/authorization.
4In a stateless webapp, different servlet requests would be involved in getting the access token using the callback verifier than were previously involved in generating the original request token and auth URL.
5
6None of your examples show how to do this.
7
8I Googled it and saw other people using Scribe who were storing the Token object in the HTTP session, which is a bad idea if you are not using sticky sessions and plan to have subsequent HTTP requests possibly handled by different nodes in a server cluster that are not bothering to do any session replication (both sticky session and session replication are common in heavyweight enterprise Java stuff but horrible for scaling a consumer web app.)
9
10So basically I'm wondering if this is something Scribe simply does not support? i.e. a servlet is provided the callback oauth_token and oauth_verifier params but does not have access to the old Token object with the secret.