There are a few features not supported by this implementation:

• {@code PLAINTEXT} signature algorithm
• {@code "application/x-www-form-urlencoded"} HTTP request body
• {@code "oauth_*"} parameters specified in the HTTP request URL (instead assumes they are specified in the {@code Authorization} header)

Before using this library, you may need to set up your application as follows:

1. For web applications, you may need to first register your application with the authorization server. It may provide two pieces of information you need:
   • OAuth Consumer Key: use this as the {@code consumerKey} on every OAuth request, for example in {@link com.google.api.client.auth.oauth.AbstractOAuthGetToken#consumerKey}.
   • OAuth Consumer Secret: use this as the {@link com.google.api.client.auth.oauth.OAuthHmacSigner#clientSharedSecret} when using the {@code "HMAC-SHA1"} signature method.
2. For an installed application, an unregistered web application, or a web application running on localhost, you must use the {@code "HMAC-SHA1"} signature method. The documentation for the authorization server will need to provide you with the {@code consumerKey} and {@code clientSharedSecret} to use.
3. For the {@code "HMAC-SHA1"} signature method, use {@link com.google.api.client.auth.oauth.OAuthHmacSigner}.
4. For the {@code "RSA-SHA1"} signature method, use {@link com.google.api.client.auth.oauth.OAuthRsaSigner}.

After the set up has been completed, the typical application flow is:

1. Request a temporary credentials token from the Authorization server using {@link com.google.api.client.auth.oauth.OAuthGetTemporaryToken}. A callback URL should be specified for web applications, but does not need to be specified for installed applications.
2. Direct the end user to an authorization web page to allow the end user to authorize the temporary token using using {@link com.google.api.client.auth.oauth.OAuthAuthorizeTemporaryTokenUrl}.
3. After the user has granted the authorization:
   • For web applications, the user's browser will be redirected to the callback URL which may be parsed using {@link com.google.api.client.auth.oauth.OAuthCallbackUrl}.
   • For installed applications, see the authorization server's documentation for figuring out the verification code.
4. Request to exchange the temporary token for a long-lived access token from the Authorization server using {@link com.google.api.client.auth.oauth.OAuthGetAccessToken}. This access token must be stored.
5. Use the stored access token to authorize HTTP requests to protected resources by setting the {@link com.google.api.client.auth.oauth.OAuthParameters#token} and invoking {@link com.google.api.client.auth.oauth.OAuthParameters#signRequestsUsingAuthorizationHeader}.

This package depends on the {@link com.google.api.client.auth}, {@link com.google.api.client.escape}, {@link com.google.api.client.http}, and {@link com.google.api.client.util} packages.

Warning: this package is experimental, and its content may be changed in incompatible ways or possibly entirely removed in a future version of the library