OAuth, J2ME and FireEagle

Recently I have started developing a web app to do some location based stuff.. but I’ll save that for another post. The point here is OAuth, J2ME and FireEagle. I don’t want to loose this information, so I’m posting it here, maybe it will help someone else someday too:

OAuth – Lots of services offer this for communicating with their APIs.

J2ME – Java on my phone. I don’t care for Java much at all and I am not good at it, but I do like the fact that I can write applications for my phone and install them without much hassle.

FireEagle – VERY cool “Location Broker” from Yahoo! I love the idea of being able to report my lat/lon to one place and allow other services to retrieve my location information from there to do what they need to with it. Running several apps on my phone that report my location back to whatever service they come from seems kind of stupid. How about one app to report to fireeagle and everyone else can ask fireeagle where i am instead of requiring me to run their own special app!?

There are a few FireEagle applications for J2ME already, but none are light weight enough for me to run on my phone 24 hours a day, most are mapping applications that happen to do FireEagle updates. I wanted just a simple update to FireEagle every so many minutes and if i traveled at all.. and I was stuck trying to write it myself. To talk to FireEagle’s API I needed to do OAuth in J2ME.. which turned out to be a bigger pain that I had hoped. J2ME is very very stripped down and doesn’t have any of the methods I needed to do any SHA or other encryption very easily without getting too involved with third party libraries.  Luckily FireEagle’s OAuth does let you do OAuth with a “PLAINTEXT” signature – no encryption needed! These OAuth transactions can happen over SSL, so I’m comfortable with it. It took me a while to figure out how to do OAuth with plaintext signatures on my own, and I experimented with it using curl first. Here is how I did OAuth for FireEagle using only curl.. hopefully this eventually leads to someone writing a better J2ME FireEagle updater than I have! 🙂

You will need the Consumer Key and Consumer Secret from FireEagle before proceeding. For this example I’ll use:

Consumer Key: myConsumerKey

Consumer Secret:  myConsumerSecret

And you’ll need some way to generate a unix timestamp and an “nonce”, which can be just a random string that you will never duplicate. Replace all occurrences of “myTime” and “myNonce” with something appropriate.

STEP 1: Retrieve a Request Token:


curl  "https://fireeagle.yahooapis.com/oauth/request_token.json?oauth_consumer_key=myConsumerKey&oauth_version=1.0&oauth_signature_method=PLAINTEXT&oauth_signature=myConsumerSecret%2526&oauth_timestamp=myTime&oauth_callback=oob&oauth_nonce=myNonce"

You should receive a response like:


Your J2ME application will present the oauth_token to the user and ask them to enter it at the mobile auth url that you were given at the same time you got your consumer key and secret, probably something like https://fireeagle.yahoo.net/mobile_auth/12345. After your user enters the oauth_token they will be given a verification code, you will need that verification code from the user along with the oauth_token and oauth_token_secret for the next step.

STEP 2: Retrieve a more permanent Access Token that you will store for future use when making FireEagle transactions on behalf of your user.


 curl  "https://fireeagle.yahooapis.com/oauth/access_token.xml?oauth_consumer_key=myConsumerKey&oauth_verifier=usersVerificationCode&oauth_token=theOauthToken&oauth_nonce=myNonce&oauth_timestamp=myTime&oauth_signature_method=PLAINTEXT&oauth_version=1.0&oauth_signature=myConsumerSecret%2526theOauthTokenSecret"

You should get a response like:


You can now store perminantOauthToken and perminantOauthTokenSecret somewhere, you will need them every time you want to do something for this user. You can safely discard of usersVerificationCode and theOauthToken and theOauthTokenSecret from earlier.

Step 3: Do something with the FireEagle API!

For example, if you want to post updated coordinates to FireEagle you can do so with the information you now have without encrypting anything with complex methods that will be difficult to reproduce in a simple J2ME application. Some FireEagle API methods  will require you to make a http POST request, which you can still do with curl for experimentation. Lets say your the coordinates you want to set are:


You can update FireEagle with that information by executing:

 curl "oauth_consumer_key=myConsumerKey&oauth_token=perminantOauthToken&lon=-77.409813&lat=43.201931&oauth_nonce=myNonce&oauth_timestamp=myTime&oauth_signature_method=PLAINTEXT&oauth_version=1.0&oauth_signature=myConsumerSecret%2526myPerminantOauthTokenSecret" https://fireeagle.yahooapis.com/api/0.1/update

If all went well you will get something like:

<?xml version="1.0" encoding="UTF-8"?>
<rsp stat="ok">
  <user  token="bba6Y0a86WaV" located-at="2010-03-24T05:37:59-07:00"/>
<!-- api1.bh.sp1.yahoo.net  uncompressed/chunked Wed Mar 24 05:37:59 PDT 2010 -->

And that covers it.. with that I was able to write up a crude J2ME FireEagle updater. Hopefully this helps someone someday!

About Dustin

Married 39 year old father of three software developer in Rochester, NY.
This entry was posted in Technology. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *