scribejava | Simple OAuth library for Java | OAuth library

 by   scribejava Java Version: 8.3.3 License: MIT

kandi X-RAY | scribejava Summary

kandi X-RAY | scribejava Summary

scribejava is a Java library typically used in Security, OAuth applications. scribejava has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has medium support. You can download it from GitHub, Maven.

Simple OAuth library for Java

            kandi-support Support

              scribejava has a medium active ecosystem.
              It has 5344 star(s) with 1689 fork(s). There are 307 watchers for this library.
              It had no major release in the last 12 months.
              There are 34 open issues and 585 have been closed. On average issues are closed in 110 days. There are 23 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of scribejava is 8.3.3

            kandi-Quality Quality

              scribejava has 0 bugs and 0 code smells.

            kandi-Security Security

              scribejava has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              scribejava code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              scribejava is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              scribejava releases are available to install and integrate.
              Deployable package is available in Maven.
              Build file is available. You can build the component from source.
              Installation instructions, examples and code snippets are available.
              scribejava saves you 7944 person hours of effort in developing the same functionality from scratch.
              It has 16654 lines of code, 1573 functions and 326 files.
              It has low code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed scribejava and discovered the below as its top functions. This is intended to give you an instant insight into scribejava implemented functionality, and help decide if they suit your requirements.
            • Gets the request token
            • Prepare an OAuth request token request
            • Extracts the access token from the response
            • Extract a parameter from the response body
            • Adds the signature
            • Creates a MD5 hash of the given string
            • Returns true if this instance is equal to the given values
            • Compares this instance with the given object
            • Sign the given OAuth request
            • Compose headers from headers
            • Returns a unique hash code
            • Generates an OAuth2 error response
            • Generate error code
            • Extracts the token from the response
            • Compares this token for equality
            • Get the authorization URL
            • Converts an OkHttpResponse into a OkHttpFuture
            • Adds the Facebook appsecret_proof
            • On successful response
            • Composes the HTTP headers
            • Extracts the authorization header from the URL
            • Handles the response
            • Initialize SSLS1 or tcp1
            • Extracts the Authorization header from the given request
            Get all kandi verified functions for this library.

            scribejava Key Features

            No Key Features are available at this moment for scribejava.

            scribejava Examples and Code Snippets

            No Code Snippets are available at this moment for scribejava.

            Community Discussions


            Making Twitter OAuth1 PUT request with JSON body with scribejava
            Asked 2021-Jun-08 at 17:30

            I am trying to call this twitter v2 endpoint to hide a tweet using OAuth1 and ScribeJava

            Here is what I have tried



            Answered 2021-Jun-08 at 17:30

            The reason of your problem probably has to do with the fact that you are trying to hide a tweet that you do not have the ability to do so. Please, note the restrictions that a tweet must adhere to in order to be hidden. It is stated in the section Step three: Find a Tweet ID to hide in the Twitter developer documentation:

            The hide replies endpoint can hide or unhide replies on behalf of an authorized user. Because we are using the Access Tokens related to your user profile in this example, you will be able to hide replies from users who participate in a conversation started by you. Similarly, if you were using Access Tokens that belong to another user that authorized your app, you would be able to moderate replies to any conversations started by that account.

            Ask a friend to reply to a Tweet (let them know you're testing hide replies) or reply to any of your Tweets from a test account. Click on that reply, then copy the numeric part of its URL. That will be the Tweet ID we will hide.



            Getting access token from refresh token failing with invalid_grant error, and Bad Request OR Token has been expired or revoked as error description
            Asked 2021-May-22 at 00:18

            Using Java OAuth2 client library: scribe 1.2.0 (

            I am able to get refresh token from the authorization code (i.e; by making POST call to with client_id, client_secret, code, scope, grant_type (authorization_code), redirect_uri parameters). And I have persisted the refresh token in DB. And we support drive and calendar scopes => so, I do store two refresh token per user (email)

            And then clients will be invoking API to get access token (then I am making POST call to with refresh_token, grant_type (refresh_token), client_id and client_secret). And the call is successful. i.e; happy normal path works.

            But eventually getting new access token from refresh token is failing with invalid_grant error code (with Bad Request OR Token has been expired or revoked as errors) (like in 2 days or 3 days etc)

            Please do note that the refresh token is not revoked or invalidated explicitly by user or code. Password is not changed. Code is not changed. Client ID and secrets didn't change. I am kind of lost.


            1. Since refresh token supposed to be a long lasting token, why my application is not able to get new access token from refresh token? Its just failing in like in 2 to 3 days - and its happening regularly in stage and production environments.

            2. Is storing two refresh tokens based on scope (drive and calendar) - per user (email) problem (i.e; as soon as second refresh token is issued the previous refresh token expire)? [Shouldn't be the case - I do know there are limitations per user and client, per user for all clients. But, 2 is too low to reach that limit.]

            Answer Finally was able to resolve it, please see the answer below comment(s) - its related to having two refresh tokens of same email for different scopes, and invalidating one of them.

            Getting access token from Refresh token - PostMan

            Getting refresh token from authorization code - PostMan

            Relevent questions: Google token refresh returns "Token has been expired or revoked." Since couple of days Refresh token has been automatically expired



            Answered 2021-May-21 at 08:11
            Changed password

            There are serval reasons why your refresh token maybe expiring. The first one we can lockout as the cause is the user changing their password if you are using a gmail scope and the user changes their password this will cause all outstanding refresh tokens to expire.

            User revoked access

            If the user revokes your access directly though their Google account this will also revoke your refresh token.

            Application status.

            Now is your application still in testing on Google cloud console? Have you moved it to published has it been though the verification process? If not then your refresh tokens will probably be expiring after about two weeks although the time frame may have changed as this seams to be something that Google has been working on for the last serval months and there is no official word on it.

            Refresh access token gives refresh token.

            Another cause which actually could be the case, when you refresh the access token does it return a new refresh token. sometimes I will do this. Always check that this is the same refresh token that you use before if note then its a new one and you should store the new one. See next point for more info on why.

            Max number of outstanding refresh tokens.

            When a user authorizes your application using offline access you are given a refresh token, if the user authorizes your application again you are given another refresh tokens. you can keep doing this up to fifty times and all fifty refresh tokens will continue to work. As soon as you go over the magic number of fifty then the first one that was created will be expired. This is why it is important to ensure that you are always storing the most recent refresh token for a user in your database.



            No matching variant of Kotlin Multiplatrom Mobile library found
            Asked 2021-May-21 at 12:45

            I have a Kotlin Multiplatform Mobile library that I published to Maven Central. I am also trying to use this library in a non-KMM Android app. When I declare the dependency in the android app I get this error



            Answered 2021-May-17 at 09:16

            If I understand the error correctly, your project requests for the debug version of the artifact, while in the build script I see publishLibraryVariants("release"). Try changing the script to follow the code snippet from the documentation.



            Intellij Maven Test Failed
            Asked 2020-Jun-05 at 20:15

            I"m running selenium automation code on intellij but it shows test failed but my code is empty test only. The test result shows passed but this warning bothering me

            Error log: Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M3:test (default-test) on project dsf-automation: There are test failures.



            Answered 2020-Jun-05 at 20:15

            If your "test code" is really empty have you considered using Maven flag to skip the test step?



            Sonarqube delegate authtication to Gitlab fail
            Asked 2020-Apr-14 at 05:31
            • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

            • what are you trying to achieve

              I try to delegate sonarqube authtication to Gitlab SSO.

            • what have you tried so far to achieve this

              I create a Gitlab Application named sonarqube, and set callback url, grant read_user and api scope:

              Then configure sonarqube ALM Integration with Gitlab, Force user authentication, set Server base URL to, so I can see this in sonarqube login page:

              When I click Log in with Gitlab, I get this: sonarqube web log show:



            Answered 2020-Apr-14 at 05:31

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            No vulnerabilities reported

            Install scribejava

            Check the Getting Started page and start rocking! Please Read the FAQ before creating an issue :). Some useful info and answers you can find on the wiki. Also, remember to read the fantastic tutorial that @akoskm wrote to easily integrate a server side app with an API (twitter in this case).


            RFC 6749 The OAuth 2.0 Authorization Framework, Authorization Code Authorization Grant, exampleRFC 6749 The OAuth 2.0 Authorization Framework, Resource Owner Password Credentials Authorization GrantRFC 6749 The OAuth 2.0 Authorization Framework, Client Credentials Authorization Grant, exampleRFC 6749 The OAuth 2.0 Authorization Framework, Refreshing an Access Token, exampleRFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token UsageRFC 7636 Proof Key for Code Exchange by OAuth Public Clients (PKCE), exampleRFC 7009 OAuth 2.0 Token Revocation, exampleRFC 8628 OAuth 2.0 Device Authorization Grant exampleRFC 5849 The OAuth 1.0 Protocol, example
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
          • HTTPS


          • CLI

            gh repo clone scribejava/scribejava

          • sshUrl


          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link