in src/main/java/org/apache/sling/auth/xing/oauth/impl/XingOauthAuthenticationHandler.java [159:200]
public AuthenticationInfo extractCredentials(final HttpServletRequest request, final HttpServletResponse response) {
logger.debug("extract credentials");
if (oAuthService == null) {
logger.error("OAuthService is null, check configuration");
return null;
}
try {
final HttpSession httpSession = request.getSession(true);
Token accessToken = (Token) httpSession.getAttribute(OAuthConstants.ACCESS_TOKEN);
XingUser xingUser = (XingUser) httpSession.getAttribute(USER_SESSION_ATTRIBUTE_NAME);
if (accessToken == null) {
// we need the request token and verifier to get an access token
final Token requestToken = (Token) httpSession.getAttribute(OAuthConstants.TOKEN);
final String verifier = request.getParameter(OAuthConstants.VERIFIER);
if (requestToken == null || verifier == null) {
return null;
}
accessToken = oAuthService.getAccessToken(requestToken, new Verifier(verifier));
logger.debug("access token: {}", accessToken);
httpSession.setAttribute(OAuthConstants.ACCESS_TOKEN, accessToken);
}
if (xingUser == null) {
xingUser = fetchUser(accessToken);
logger.debug("xing user: {}", xingUser);
httpSession.setAttribute(USER_SESSION_ATTRIBUTE_NAME, xingUser);
}
final AuthenticationInfo authenticationInfo = new AuthenticationInfo(XingOauth.AUTH_TYPE, xingUser.getId());
authenticationInfo.put(XingOauth.AUTHENTICATION_CREDENTIALS_ACCESS_TOKEN_KEY, accessToken);
authenticationInfo.put(XingOauth.AUTHENTICATION_CREDENTIALS_USER_KEY, xingUser);
return authenticationInfo;
} catch (Exception e) {
logger.error(e.getMessage(), e);
removeAuthFromSession(request);
return null;
}
}