Dear Spring Community,

We are pleased to announce the release of Spring Social 1.0.0.RC2. Spring Social lets you connect your Java applications to Software-as-a-Service (SaaS) providers such as Facebook and Twitter.

This announcement is for the Spring Social core project as well as the Spring Social Facebook and Spring Social Twitter projects which are also seeing their 1.0.0.RC2 releases today.

This release includes fixes for bugs reported since 1.0.0.RC1, as well as a few improvements:

• The Twitter and Facebook clients now support paging for API operations that can return paged results.
• ProviderSignInController now handles the scenario where the user denies authorization.
• The exceptional case where multiple local users are matched during a provider sign in attempt is now handled.
• The set of sample applications has been updated.

See the change logs for more information on what's new in this release (Core | Facebook | Twitter)

To get the software, download the release distribution (Core | Facebook | Twitter) or simply add the maven artifacts to your project. To see it live, run through the quickstart and spin up the showcase app (updated for 1.0.0.RC2). Supplement as you go with information from the reference manual.

Spring Social requires Spring Framework 3.0.5 or > to run. We recommend Spring 3.1 for new applications to take advantage of the latest advances in the core framework. See the reference manual for a full description of dependencies.

Many thanks to the community for helping us shake out and resolve issues in RC1. As we move toward the GA release, we appreciate the community involvement and are eager to hear your thoughts on this RC2 release. Participate in the forum or, if you have any suggestions or find any bugs, post them in the issue tracker.

We hope you enjoy using Spring Social!

Dear Spring Community,

We are pleased to announce that the first release candidate of the Spring Social project is now available!

The Spring Social project allows you to connect your Java applications to Software-as-a-Service (SaaS) providers such as Facebook and Twitter.

This release includes:

• Additions to the Facebook API binding such as photo and video upload, Facebook page support, and Facebook search.
• Expansion of the Twitter API binding to include mobile notifications, blocking, and geo location operations.
• Implicit sign up support enabling automatic sign up of a user from a connection.
• A new quickstart showing how to get up and running quickly.
• Numerous bug fixes and other improvements based on user feedback (see the changelog for details).

Also, with this release we have extracted the provider modules (Twitter, Facebook, etc) into their own projects so they can progress at a separate schedule from the main Spring Social project. Coinciding with the release of Spring Social 1.0.0.RC1, Spring Social Twitter and Facebook 1.0.0.RC1 are also now available.

To get the software, download the release distribution (Core | Facebook | Twitter) or simply add the maven artifacts to your project. To see it live, run through the quickstart and spin up the showcase app (recently updated for 1.0.0.RC1). Supplement as you go with information from the reference manual.

Spring Social requires Spring Framework 3.0.5 or > to run. We recommend Spring 3.1 for new applications to take advantage of the latest advances in the core framework. See the reference manual for a full description of dependencies.

It is awesome to see the community interest in extending Spring Social to work with numerous SaaS providers. Check out Matt Wright's work on Instagram and Foursquare and Morten Andersen-Gott's Yammer extension. Work on LinkedIn, Github, TripIt, and Gowalla has also started. We're committed to working with the community to build an ecosystem of quality Spring Social extensions. If you're integrating a SaaS API into your application, consider contributing to the Spring Social project. Have a look at our guide to extending Spring Social and discuss with the development team at our forum.

As we push toward a GA release, we would like to hear you think of the RC1 release. Participate in the forum or, if you have any suggestions or find any bugs, post them in the issue tracker. We hope you enjoy using Spring Social!

Dear Spring Community,

We are pleased to announce that the third milestone release of the Spring Social project is now available!

The Spring Social project allows you to integrate APIs exposed by Software-as-a-Service (SaaS) providers such as Facebook and Twitter into your applications.

This is a big release for us. Some of the most exciting highlights of the 1.0.0.M3 release include:

• One of the most complete Java bindings to Facebook's Graph API available, including operations for working with users, friends, feeds, user interests and likes, events, invitations, albums, photos, videos, groups, and checkins with Facebook Places.
• A greatly expanded Java binding to Twitter's REST API, including operations for working with timelines, users, saved searches, trends, lists, favorites, direct messages, friends, and followers.
• A new provider signin controller enabling a user to sign into an application using his or her SaaS provider account such as a Facebook or Twitter account.
• Enhanced extensibility, which includes a walkthrough of how to extend Spring Social to add support for new service providers.

Of particular note, many of the enhancements in this release were driven by community feedback. It's great to see folks already extending Spring Social to work with new SaaS providers. For instance, Matt Wright has been working on a Java binding to the Instagram API.

We're committed to working with the community to create an ecosystem of quality API bindings. If you're integrating a SaaS API into your application, consider contributing your API binding to the Spring Social project. Have a look at our guide to extending Spring Social and discuss with the development team at our forum.

See the changelog and reference guide for more information on this release.

To get the software, download the release distribution, or simply add the maven artifacts to your project. To see the features live, check out the showcase app (updated for 1.0.0.M3):
git clone git://github.com/SpringSource/spring-social-samples.git

Last week, I introduced you to Spring Social's Service Provider "Connect" Framework and showed you how it simplifies creating connections between a user's local application account and their accounts on Software-as-a-Service (SaaS) providers. Today I want to show you how to extend the service provider framework to handle connections to providers that aren't directly supported by Spring Social.

Extending Spring Social for Netflix

Suppose that you're developing a movie review website where users can go to read and post short movie reviews. Normally, the movie reviews are displayed with the most recent entries appearing first on the home page. But if a user has connected their account to their Netflix account, then you can show them reviews for the movies in their Netflix disc queue. To pull this off, you'd like to take advantage of Spring Social's Service Provider Framework for connecting your user's accounts with their Netflix accounts. Spring Social 1.0.0.M2 doesn't include a Netflix service provider or API binding, but can be easily extended to work with providers that aren't directly supported.

In this article, I'll show you how to build on Spring Social's Service Provider Framework to enable connectivity with Netflix. We'll start by developing a Netflix service provider implementation, then build a simple API binding to support our application's needs. The techniques used to develop the Netflix service provider can be applied to extend Spring Social to support almost any service provider. You can follow along by reviewing the sample code on GitHub.

Getting to Know Netflix' Authorization API

Before we can start developing the Netflix service provider implementation, we need to do a bit of up-front research to get to know a few basic details about how the Netflix Authorization API works.

The first thing we need to determine is what authorization protocol Netflix uses. The Authentication Overview section of the Netflix API documentation tells us that they use OAuth, but doesn't explicitly tell us which version of the OAuth specification is in play. Therefore a bit of detective work will be required.

Down the page a bit (under the "Those Pesky OAuth Parameters" header) we see mention of consumer keys, nonces, and timestamps. These are things that are not applicable to OAuth 2, so Netflix must be an OAuth 1 provider. Furthermore, the description of the oauth_version parameter being set to "1.0" serves to confirm that Netflix implements OAuth 1.

Now we know that Netflix uses OAuth 1. But it's also important to know whether they implement version 1.0 of the specification or version 1.0a. Service providers usually don't spell this out in their documentation and the oauth_version value should be "1.0" in either case. There are a few tell-tale signs, however, that point at a particular version of the OAuth specification. Here are a few clues that indicate that OAuth 1.0 is in play:

• The oauth_callback parameter is sent on the authorization URL and not the request token request.
• There is no notion of verifiers and no oauth_verifier parameter must be sent to the access token URL.

For OAuth 1.0a, watch for these signs:

• The oauth_callback parameter is sent in the request token request and not in the authorization URL.
• A verifier is received from the provider in the callback and an oauth_verifier parameter must be sent to the access token URL.

Looking for these clues in the Netflix documentation, we determine that Netflix uses OAuth 1.0 (not 1.0a). This information is significant and will be useful as we define our service provider implementation.

Finally, we need to know what the request token, authorization, and access token URLs are. Further down the page (under the "Making Protected Calls" header) you'll find details that tell us that the needed URLs are as follows:

• Request Token URL: http://api.netflix.com/oauth/request_token
• Authorization URL: https://api-user.netflix.com/oauth/login
• Access Token URL: http://api.netflix.com/oauth/access_token

Pay particular attention to the protocols used in the request and access token URLs. Most providers are flexible in this regard, recommending that you use https. In my experience with Netflix, however, I've found that if you ask for a request or access token over https, Netflix will complain that the request signature is invalid. The authorization URL works fine over https, though.

Developing a Netflix Service Provider Implementation

To create a new service provider implementation, we'll need to extend either AbstractOAuth1ServiceProvider or AbstractOAuth2ServiceProvider. These two classes provide OAuth version-specific base functionality for OAuth 1.0/1.0a and OAuth 2, respectively. Since Netflix is an OAuth 1.0 provider, our NetFlixServiceProvider will need to extend AbstractOAuth1ServiceProvider:

package org.springframework.social.movies.netflix;
import org.springframework.social.connect.oauth1.AbstractOAuth1ServiceProvider;
import org.springframework.social.connect.support.ConnectionRepository;
import org.springframework.social.oauth1.OAuth1Template;

public final class NetFlixServiceProvider extends AbstractOAuth1ServiceProvider<NetFlixApi> {

    public NetFlixServiceProvider(String consumerKey, String consumerSecret, ConnectionRepository connectionRepository) {
        super("netflix", connectionRepository, consumerKey, consumerSecret, 
            new OAuth…

In my previous post, I introduced you to Spring Social's Java bindings to popular Software-as-a-Service (SaaS) APIs such as Twitter, Facebook, LinkedIn, and TripIt. In addition to providing simple, strongly-typed Java methods for common API operations, these bindings ensure each HTTP request includes the credentials required to authorize your application to invoke the API on behalf of a user.

What my first post did not address was: how do we manage the credentials required to invoke service APIs on behalf of users? I'm pleased to say that we now have answers to that question.

Earlier this week, we announced the release of the second milestone of the Spring Social project. The most significant new feature in Spring Social 1.0.0.M2 is the introduction of a Service Provider "Connect" framework. Today I want to introduce you to this framework and show you how to use it to manage "connections" to SaaS providers.

The examples in this article are from the Spring Social Showcase. To follow along, clone the repository and follow the README to build and deploy the sample app.

Getting Spring Social

With the M2 release, Spring Social has been split into several modules:

• spring-social-core - The service provider framework, OAuth support, and core classes.
• spring-social-web - The connect controller and supporting types.
• spring-social-facebook - A service provider implementation for connecting with Facebook and support for signing into an application via Facebook.
• spring-social-twitter - A service provider implementation for connecting with Twitter and support for signing into an application via Twitter.
• spring-social-linkedin - A service provider implementation for connecting with LinkedIn.
• spring-social-tripit - A service provider implementation for connecting with TripIt.
• spring-social-github - A service provider implementation for connecting with GitHub.
• spring-social-gowalla - A service provider implementation for connecting with Gowalla.
• spring-social-test - Support for testing service provider implementations and API bindings.

Depending on your needs, you won't necessarily need all of these modules. At a minimum, you'll need the core module. You can add this to a Maven-built project with the following entry:

<dependency>
    <groupId>org.springframework.social</groupId>
    <artifactId>spring-social-core</artifactId>
    <version>1.0.0.M2</version>
</dependency>

In the likely case that you'll be using Spring Social in a web application, you'll also need the web module:

<dependency>
    <groupId>org.springframework.social</groupId>
    <artifactId>spring-social-web</artifactId>
    <version>1.0.0.M2</version>
</dependency>

Then, you'll need to add one or more of the provider modules. In our examples, we'll be talking about adding Twitter connectivity to an application, so we'll need the twitter module:

<dependency>
    <groupId>org.springframework.social</groupId>
    <artifactId>spring-social-twitter</artifactId>
    <version>1.0.0.M2</version>
</dependency>

Since we're building off of a milestone release of Spring Social, we're going to need to add Spring's milestone repository to the pom.xml file:

<repository>
	<id>org.springframework.maven.milestone</id>
	<name>Spring Maven Milestone Repository</name…

Dear Spring Community,

We are pleased to announce that the second milestone release of the Spring Social project is now available!

The Spring Social project allows you to integrate the APIs exposed by Software-as-a-Service (SaaS) providers such as Facebook and Twitter into your applications. The 1.0.0.M2 release includes:

• An extensible service provider framework that greatly simplifies the process of connecting local user accounts to hosted provider accounts.
• Full support for connecting to OAuth1 and OAuth2-based service providers from a Java/Spring web application environment.
• The ability for your users to authenticate with your application by signing in with their Twitter or Facebook accounts.
• Expanded service provider APIs, including more Twitter operations and initial support for GitHub and Gowalla.
• Complete reference documentation and samples!

See the changelog and reference guide for more information.

To get the software, download the release distribution, or simply add the maven artifacts to your project. To see the features live, check out the showcase app:
git clone git://github.com/SpringSource/spring-social-samples.git

We've been getting some great feedback from the Spring community about Spring Social and encourage you to collaborate with us on the project. If you are developing your own Java Binding to a SaaS API for use in your applications, be sure to checkout how to extend the framework and consider contributing your extensions back to the community!

Increasingly, web surfers are using the internet to connect with friends, family, and colleagues using social networking sites. Conversations that once took place over email are now taking place in short messages written on someone's Facebook wall or in a brief tweet on Twitter. Connections once made with a handshake are now created using LinkedIn. And when a face-to-face meetings are desired, travel details can be shared using TripIt.

Just as people are using these social networking sites to interact with each other, businesses are also finding ways to inject themselves into the social graph so that they can connect in a more personal way with their customers and also make their web sites an extension of their customers' social experiences.

This week, we are pleased to have released the first milestone of Spring Social, a new extension to Spring that aims to provide a platform upon which social-ready Spring applications may be built. I thought I'd take this opportunity to introduce you to Spring Social and give you a taste of what it offers.

Securely Sharing Social Data

On the surface, developing applications that interact with the various social networks may appear straightforward. Since most of the social networks offer a REST API, Spring's RestTemplate would seem to be all you need. But you'll quickly discover that those social REST APIs are protected by OAuth and that signing a request sent through RestTemplate with OAuth credentials is a non-trivial task.

OAuth is an open protocol that enables a user to share their data hosted on one or more service providers with another application. With access to that data, the application can aggregate, present, and process the information in ways that provide additional value beyond what the service providers themselves ever intended or imagined.

Virtually all of the major service providers support OAuth, including Twitter, Facebook, LinkedIn, TripIt, and Foursquare, as well as the Google and Yahoo APIs. Therefore, OAuth is essential to developing social-ready applications.

At the beginning of an OAuth-secured interaction is a back-and-forth conversation that is commonly known as the "OAuth Dance". In a typical OAuth Dance, there are three parties involved:

• The service provider (such as Twitter or LinkedIn)
• The user who wants to access or update data hosted by that service provider.
• The consumer application that the user wants to share their data with.

The key steps in this dance are as follows:

1. The consumer application directs the user to the service provider's site to sign in and authorize the consumer.
2. Assuming that the user agrees to grant the consumer access to their data, the flow is sent back to the consumer application.
3. The consumer application receives an access token from the service provider.

The access token received in step 3 is the "valet key" that must accompany any request to the service provider's REST API. In OAuth 1, this means that the access token, along with the request URL, parameters, and a few other bits of information are collected together in a base string, encrypted, and sent on the request in an Authorization header. Constructing this header and attaching it to the request is a complicated task. This is the reason that using RestTemplate to access OAuth-secured resources is difficult. If you get it wrong, the service provider will respond with an HTTP 401 for any resource you try to access and debugging the encrypted Authorization header is tricky.

Working with Social Templates

A key component of Spring Social is its collection of social templates. These templates (which leverage RestTemplate under the covers) expose operations of the service providers that they model, handling the intricacies of adding OAuth Authorization headers for you.

Spring Social 1.0.0.M1 includes 4 social templates to choose from:

• TwitterTemplate
• FacebookTemplate
• LinkedInTemplate
• TripItTemplate

To use any of these templates, simply create an instance of it, providing the OAuth connection details through constructor arguments. For example, to create an instance of TwitterTemplate:

TwitterTemplate twitter = new TwitterTemplate(apiKey, apiSecret, accessToken, accessTokenSecret);

The four parameters to TwitterTemplate's constructor are all Strings values. The API key and API secret are given to you when you register your application with Twitter (see http://dev.twitter.com/apps/new). The access token and access token secret are granted to your application on a per-user basis at the end of the OAuth Dance with Twitter. At this point, I'm going to assume that you've already obtained all four of these values; we'll circle back to how to manage API keys and tokens a little later.

Creating instances of the other social templates isn't much different. LinkedInTemplate and TripItTemplate each have constructors with the same argument list as the TwitterTemplate constructor shown above. Since Facebook's API security is based on OAuth 2, FacebookTemplate has a slightly simpler constructor that only requires the value of the access token:

FacebookTemplate facebook = new FacebookTemplate(accessToken);

Once you have an instance of one of these social templates, what can you do with it? If you're using TwitterTemplate, perhaps you want to know the authenticated user's Twitter screen name:

String screenName = twitter.getProfileId();

Or for something a bit more involved, maybe you could send a tweet on behalf of the user:

twitter.updateStatus("Hey, I'm tweeting with #Spring Social!");

Similarly, with a FacebookTemplate in hand, you can post to the user's wall:

facebook.updateStatus("Spring Social can also post to Facebook!");

And if you want to examine a user's upcoming travel itineraries, TripItTemplate's getTrips() can oblige:

List trips = tripIt.getTrips();
for(Trip trip : trips) {
    System.out.println("I'm traveling to " + trip.getPrimaryLocation() +
                                 " on " + trip.getStartDate());
}

This is just a sampling of the kinds of things you can do with Spring Social's templates. Check out the API documentation to see the other operations that are available.

Managing OAuth Connections

When I created the TwitterTemplate instance above, I glossed over where the API key/secret and the access token came from. Initially, the access token would be received after a user authorizes the application to access their data hosted on the service provider. But you probably don't want to force your users to perform authorization every time they use your application, so you'll need a way to store the access tokens long-term for reuse in future sessions.

In its first milestone release Spring Social doesn't provide an OAuth token management strategy, leaving it up to the application to obtain and manage OAuth details for itself. This is something that we intend to address for 1.0 Milestone 2. In the meantime, however, we can look to Greenhouse for an example of how this might take shape.

In Greenhouse, all of the information about a service provider is stored in a relational database in a ServiceProvider table with the following schema:

As you can see, the ServiceProvider table includes, among other things, the provider's API key and secret. To access an individual service provider record, Greenhouse uses JdbcServiceProviderFactory, an implementation of a ServiceProvider interface:

package com.springsource…

Dear Spring Community,

We are pleased to announce that the first milestone release of Spring Social 1.0 is now available!

Spring Social enables development of social-ready applications, linking your application's users to the social networks where they hang out. What's more the capabilities of Spring Social are illustrated by the Greenhouse reference application.

Spring Social 1.0.0-M1 contains the following core features:

• Social templates for interaction with Twitter, Facebook, LinkedIn, TripIt, and Greenhouse
• An OAuth-enabled connection factory for signing RestTemplate requests with OAuth authentication details
• A web argument resolver for extracting Facebook user ID and access token information in a Spring MVC controller

To get you started, I've posted Socializing Spring Applications, an introduction to Spring Social.

This milestone release is just the beginning. We look forward to your feedback to help us shape Spring Social.

Download | Javadoc API