Merge pull request #49 from pengisgood/dev

Integrate Twitter

Merge pull request #49 from pengisgood/dev
Integrate Twitter
43459c31 · 智布道 · GitHub · 9e4815cd · de038b85 · 43459c31
10 changed file
--- a/README.en-US.md
+++ b/README.en-US.md
@@ -70,6 +70,11 @@
            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20"></td>
        </tr>
    </table>
+    <table>
+            <tr>
+                <td align="center" width="200"><img src="" width="20" title="Twitter"></td>
+            </tr>
+        </table>
 </center>

 -------------------------------------------------------------------------------
@@ -157,6 +162,7 @@ authRequest.login(callback);
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitlab.png" width="20">  |  [AuthGitlabRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java)  |  <a href="https://docs.gitlab.com/ee/api/oauth2.html" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/meituan.png" width="20">  |  [AuthMeituanRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMeituanRequest.java)  |  <a href="http://open.waimai.meituan.com/openapi_docs/oauth/" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20">  |  [AuthElemeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthElemeRequest.java)  |  <a href="https://open.shop.ele.me/openapi/documents/khd001" target="_blank">参考文档</a> |
+|  <img src="" width="20">  |  [AuthTwitterRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java)  |  <a href="https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20">  |  [AuthCsdnRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java)  |  无 |


@@ -187,4 +193,4 @@ I look forward to your joining us.
 ## References

 - [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
- [OAuth 2.0](https://oauth.net/2/)
\ No newline at end of file
+- [OAuth 2.0](https://oauth.net/2/)
--- a/README.md
+++ b/README.md
@@ -70,6 +70,11 @@
            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20"></td>
        </tr>
    </table>
+    <table>
+        <tr>
+            <td align="center" width="200"><img src="" width="20" title="Twitter"></td>
+        </tr>
+    </table>
 </center>

 -------------------------------------------------------------------------------
@@ -163,6 +168,7 @@ authRequest.login(callback);
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitlab.png" width="20">  |  [AuthGitlabRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java)  |  <a href="https://docs.gitlab.com/ee/api/oauth2.html" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/meituan.png" width="20">  |  [AuthMeituanRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMeituanRequest.java)  |  <a href="http://open.waimai.meituan.com/openapi_docs/oauth/" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20">  |  [AuthElemeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthElemeRequest.java)  |  <a href="https://open.shop.ele.me/openapi/documents/khd001" target="_blank">参考文档</a> |
+|  <img src="" width="20">  |  [AuthTwitterRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java)  |  <a href="https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20">  |  [AuthCsdnRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java)  |  无 |

 _请知悉：经咨询CSDN官方客服得知，CSDN的授权开放平台已经下线。如果以前申请过的应用，可以继续使用，但是不再支持申请新的应用。so, 本项目中的CSDN登录只能针对少部分用户使用了_

--- a/example.md
+++ b/example.md
@@ -98,7 +98,7 @@ _注：非全部平台，部分平台可能不存在图例_

 #### 授权Twitter

-暂无
+![授权Twitter]( "授权Twitter")

 #### 授权csdn


--- a/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java
+++ b/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java
@@ -672,6 +672,28 @@ public enum AuthDefaultSource implements AuthSource {
        public String refresh() {
            return "https://open-api.shop.ele.me/token";
        }
+    },
+
+    /**
+     * Twitter
+     *
+     * @since 1.12.0
+     */
+    TWITTER {
+        @Override
+        public String authorize() {
+            return "https://api.twitter.com/oauth/authenticate";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://api.twitter.com/oauth/access_token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.twitter.com/1.1/users/show.json";
+        }
    }

 }
--- a/src/main/java/me/zhyd/oauth/model/AuthCallback.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java
 package me.zhyd.oauth.model;

+import lombok.Builder;
 import lombok.Getter;
 import lombok.Setter;

@@ -11,6 +12,7 @@ import lombok.Setter;
 */
 @Getter
 @Setter
+@Builder
 public class AuthCallback {

    /**
@@ -34,4 +36,18 @@ public class AuthCallback {
     * @since 1.10.0
     */
    private String authorization_code;
+
+    /**
+     * Twitter回调后返回的oauth_token
+     *
+     * @since 1.12.0
+     */
+    private String oauthToken;
+
+    /**
+     * Twitter回调后返回的oauth_verifier
+     *
+     * @since 1.12.0
+     */
+    private String oauthVerifier;
 }
--- a/src/main/java/me/zhyd/oauth/model/AuthToken.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthToken.java
@@ -42,4 +42,15 @@ public class AuthToken {
     */
    private String code;

+    /**
+     * Twitter附带属性
+     *
+     * @since 1.12.0
+     */
+    private String oauthToken;
+    private String oauthTokenSecret;
+    private String userId;
+    private String screenName;
+    private Boolean oauthCallbackConfirmed;
+
 }
--- a/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
+package me.zhyd.oauth.request;
+
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.GlobalAuthUtil;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static me.zhyd.oauth.config.AuthDefaultSource.TWITTER;
+import static me.zhyd.oauth.utils.GlobalAuthUtil.generateTwitterSignature;
+import static me.zhyd.oauth.utils.GlobalAuthUtil.urlEncode;
+
+/**
+ * Twitter登录
+ *
+ * @author hongwei.peng (pengisgood(at)gmail(dot)com)
+ * @since 1.12.0
+ */
+public class AuthTwitterRequest extends AuthDefaultRequest {
+
+    private static final String PREAMBLE = "OAuth";
+
+    public AuthTwitterRequest(AuthConfig config) {
+        super(config, TWITTER);
+    }
+
+    public AuthTwitterRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, TWITTER, authStateCache);
+    }
+
+    /**
+     * Obtaining a request token
+     * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
+     *
+     * @return request token
+     */
+    public AuthToken getRequestToken() {
+        String baseUrl = "https://api.twitter.com/oauth/request_token";
+
+        Map<String, Object> oauthParams = buildOauthParams();
+        oauthParams.put("oauth_callback", config.getRedirectUri());
+        oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", baseUrl, config.getClientSecret(), null));
+        String header = buildHeader(oauthParams);
+        HttpResponse requestToken = HttpRequest.post(baseUrl).header("Authorization", header).execute();
+        checkResponse(requestToken);
+
+        Map<String, Object> res = GlobalAuthUtil.parseQueryToMap(requestToken.body());
+
+        return AuthToken.builder()
+            .oauthToken(res.get("oauth_token").toString())
+            .oauthTokenSecret(res.get("oauth_token_secret").toString())
+            .oauthCallbackConfirmed(Boolean.valueOf(res.get("oauth_callback_confirmed").toString()))
+            .build();
+    }
+
+    /**
+     * Convert request token to access token
+     * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
+     *
+     * @return access token
+     */
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        Map<String, Object> oauthParams = buildOauthParams();
+        oauthParams.put("oauth_token", authCallback.getOauthToken());
+        oauthParams.put("oauth_verifier", authCallback.getOauthVerifier());
+        oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback.getOauthToken()));
+        String header = buildHeader(oauthParams);
+        HttpResponse response = HttpRequest.post(source.accessToken())
+            .header("Authorization", header)
+            .header("Content-Type", "application/x-www-form-urlencoded")
+            .form("oauth_verifier", authCallback.getOauthVerifier())
+            .execute();
+        checkResponse(response);
+
+        Map<String, Object> requestToken = GlobalAuthUtil.parseQueryToMap(response.body());
+
+        return AuthToken.builder()
+            .oauthToken(requestToken.get("oauth_token").toString())
+            .oauthTokenSecret(requestToken.get("oauth_token_secret").toString())
+            .userId(requestToken.get("user_id").toString())
+            .screenName(requestToken.get("screen_name").toString())
+            .build();
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        Map<String, Object> queryParams = new HashMap<>();
+        queryParams.put("user_id", authToken.getUserId());
+        queryParams.put("screen_name", authToken.getScreenName());
+        queryParams.put("include_entities", true);
+
+        Map<String, Object> oauthParams = buildOauthParams();
+        oauthParams.put("oauth_token", authToken.getOauthToken());
+
+        Map<String, Object> params = new HashMap<>(oauthParams);
+        params.putAll(queryParams);
+        oauthParams.put("oauth_signature", generateTwitterSignature(params, "GET", source.userInfo(), config.getClientSecret(), authToken.getOauthTokenSecret()));
+        String header = buildHeader(oauthParams);
+        HttpResponse response = HttpRequest.get(userInfoUrl(authToken)).header("Authorization", header).execute();
+        checkResponse(response);
+        JSONObject userInfo = JSONObject.parseObject(response.body());
+
+        return AuthUser.builder()
+            .uuid(userInfo.getString("id_str"))
+            .username(userInfo.getString("screen_name"))
+            .nickname(userInfo.getString("name"))
+            .remark(userInfo.getString("description"))
+            .avatar(userInfo.getString("profile_image_url_https"))
+            .blog(userInfo.getString("url"))
+            .location(userInfo.getString("location"))
+            .source(source.toString())
+            .token(authToken)
+            .build();
+    }
+
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("user_id", authToken.getUserId())
+            .queryParam("screen_name", authToken.getScreenName())
+            .queryParam("include_entities", true)
+            .build();
+    }
+
+    private Map<String, Object> buildOauthParams() {
+        Map<String, Object> params = new HashMap<>();
+        params.put("oauth_consumer_key", config.getClientId());
+        params.put("oauth_nonce", GlobalAuthUtil.generateNonce(32));
+        params.put("oauth_signature_method", "HMAC-SHA1");
+        params.put("oauth_timestamp", GlobalAuthUtil.getTimestamp());
+        params.put("oauth_version", "1.0");
+        return params;
+    }
+
+    private String buildHeader(Map<String, Object> oauthParams) {
+        final StringBuilder sb = new StringBuilder(PREAMBLE);
+
+        for (Map.Entry<String, Object> param : oauthParams.entrySet()) {
+            if (sb.length() > PREAMBLE.length()) {
+                sb.append(", ");
+            }
+            sb.append(param.getKey())
+                .append("=\"")
+                .append(urlEncode(param.getValue().toString()))
+                .append('"');
+        }
+
+        return sb.toString();
+    }
+
+    private void checkResponse(HttpResponse response) {
+        if (!response.isOk()) {
+            throw new AuthException(response.body());
+        }
+    }
+}
--- a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java
+++ b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java
@@ -17,7 +17,13 @@ import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import java.util.TreeMap;

 /**
 * 全局的工具类
@@ -27,7 +33,8 @@ import java.util.*;
 */
 public class GlobalAuthUtil {
    private static final Charset DEFAULT_ENCODING = StandardCharsets.UTF_8;
-    private static final String ALGORITHM = "HmacSHA256";
+    private static final String HMAC_SHA1 = "HmacSHA1";
+    private static final String HMAC_SHA_256 = "HmacSHA256";

    /**
     * 生成钉钉请求的Signature
@@ -37,24 +44,25 @@ public class GlobalAuthUtil {
     * @return Signature
     */
    public static String generateDingTalkSignature(String secretKey, String timestamp) {
-        byte[] signData = sign(secretKey.getBytes(DEFAULT_ENCODING), timestamp.getBytes(DEFAULT_ENCODING));
+        byte[] signData = sign(secretKey.getBytes(DEFAULT_ENCODING), timestamp.getBytes(DEFAULT_ENCODING), HMAC_SHA_256);
        return urlEncode(new String(Base64.encode(signData, false)));
    }

    /**
     * 签名
     *
-     * @param key  key
-     * @param data data
+     * @param key       key
+     * @param data      data
+     * @param algorithm algorithm
     * @return byte[]
     */
-    private static byte[] sign(byte[] key, byte[] data) {
+    private static byte[] sign(byte[] key, byte[] data, String algorithm) {
        try {
-            Mac mac = Mac.getInstance(ALGORITHM);
-            mac.init(new SecretKeySpec(key, ALGORITHM));
+            Mac mac = Mac.getInstance(algorithm);
+            mac.init(new SecretKeySpec(key, algorithm));
            return mac.doFinal(data);
        } catch (NoSuchAlgorithmException ex) {
-            throw new AuthException("Unsupported algorithm: " + ALGORITHM, ex);
+            throw new AuthException("Unsupported algorithm: " + algorithm, ex);
        } catch (InvalidKeyException ex) {
            throw new AuthException("Invalid key: " + Arrays.toString(key), ex);
        }
@@ -184,6 +192,57 @@ public class GlobalAuthUtil {
        return StringUtils.isEmpty(url) || url.contains("127.0.0.1") || url.contains("localhost");
    }

+
+    /**
+     * Generate nonce with given length
+     *
+     * @param len length
+     * @return nonce string
+     */
+    public static String generateNonce(int len) {
+        String s = "0123456789QWERTYUIOPLKJHGFDSAZXCVBNMqwertyuioplkjhgfdsazxcvbnm";
+        Random rng = new Random();
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < len; i++) {
+            int index = rng.nextInt(62);
+            sb.append(s, index, index + 1);
+        }
+        return sb.toString();
+    }
+
+    /**
+     * Get current timestamp
+     *
+     * @return timestamp string
+     */
+    public static String getTimestamp() {
+        return String.valueOf(System.currentTimeMillis() / 1000);
+    }
+
+    /**
+     * Generate Twitter signature
+     * https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature
+     *
+     * @param params      parameters including: oauth headers, query params, body params
+     * @param method      HTTP method
+     * @param baseUrl     base url
+     * @param apiSecret   api key secret can be found in the developer portal by viewing the app details page
+     * @param tokenSecret oauth token secret
+     * @return BASE64 encoded signature string
+     */
+    public static String generateTwitterSignature(Map<String, Object> params, String method, String baseUrl, String apiSecret, String tokenSecret) {
+        TreeMap<String, Object> map = new TreeMap<>();
+        for (Map.Entry<String, Object> e : params.entrySet()) {
+            map.put(urlEncode(e.getKey()), e.getValue());
+        }
+        String str = parseMapToString(map, true);
+        String baseStr = method.toUpperCase() + "&" + urlEncode(baseUrl) + "&" + urlEncode(str);
+        String signKey = apiSecret + "&" + (StringUtils.isEmpty(tokenSecret) ? "" : tokenSecret);
+        byte[] signature = sign(signKey.getBytes(DEFAULT_ENCODING), baseStr.getBytes(DEFAULT_ENCODING), HMAC_SHA1);
+
+        return new String(Base64.encode(signature, false));
+    }
+
    /**
     * 生成饿了么请求的Signature
     * <p>

--- a/src/test/java/me/zhyd/oauth/request/AuthExtendRequestTest.java
+++ b/src/test/java/me/zhyd/oauth/request/AuthExtendRequestTest.java
@@ -41,9 +41,10 @@ public class AuthExtendRequestTest {

        String state = AuthStateUtils.createState();
        request.authorize(state);
-        AuthCallback callback = new AuthCallback();
-        callback.setCode("code");
-        callback.setState(state);
+        AuthCallback callback = AuthCallback.builder()
+            .code("code")
+            .state(state)
+            .build();
        AuthResponse response = request.login(callback);
        Assert.assertNotNull(response);


--- a/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilTest.java
+++ b/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilTest.java
 package me.zhyd.oauth.utils;

+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
 import org.junit.Assert;
 import org.junit.Test;

 import java.util.HashMap;
 import java.util.Map;

+import static me.zhyd.oauth.config.AuthDefaultSource.TWITTER;
+import static me.zhyd.oauth.utils.GlobalAuthUtil.generateTwitterSignature;
+import static me.zhyd.oauth.utils.GlobalAuthUtil.urlEncode;
+import static org.junit.Assert.assertEquals;
+
 public class GlobalAuthUtilTest {

    @Test
    public void testGenerateDingTalkSignature() {
-        Assert.assertEquals("mLTZEMqIlpAA3xtJ43KcRT0EDLwgSamFe%2FNis5lq9ik%3D",
-                GlobalAuthUtil.generateDingTalkSignature(
-                        "SHA-256", "1562325753000 "));
+        assertEquals("mLTZEMqIlpAA3xtJ43KcRT0EDLwgSamFe%2FNis5lq9ik%3D",
+            GlobalAuthUtil.generateDingTalkSignature("SHA-256", "1562325753000 "));
    }

    @Test
    public void testUrlDecode() {
-        Assert.assertEquals("", GlobalAuthUtil.urlDecode(null));
-        Assert.assertEquals("https://www.foo.bar",
-                GlobalAuthUtil.urlDecode("https://www.foo.bar"));
-        Assert.assertEquals("mLTZEMqIlpAA3xtJ43KcRT0EDLwgSamFe/Nis5lq9ik=",
-                GlobalAuthUtil.urlDecode(
-                        "mLTZEMqIlpAA3xtJ43KcRT0EDLwgSamFe%2FNis5lq9ik%3D"));
+        assertEquals("", GlobalAuthUtil.urlDecode(null));
+        assertEquals("https://www.foo.bar", GlobalAuthUtil.urlDecode("https://www.foo.bar"));
+        assertEquals("mLTZEMqIlpAA3xtJ43KcRT0EDLwgSamFe/Nis5lq9ik=",
+            GlobalAuthUtil.urlDecode("mLTZEMqIlpAA3xtJ43KcRT0EDLwgSamFe%2FNis5lq9ik%3D"));
    }

    @Test
    public void testParseStringToMap() {
        Map expected = new HashMap();
        expected.put("bar", "baz");
-        Assert.assertEquals(expected,
-                GlobalAuthUtil.parseStringToMap("foo&bar=baz"));
+        assertEquals(expected, GlobalAuthUtil.parseStringToMap("foo&bar=baz"));
    }

    @Test
@@ -46,8 +50,7 @@ public class GlobalAuthUtilTest {
        Assert.assertFalse(GlobalAuthUtil.isHttpsProtocol(""));
        Assert.assertFalse(GlobalAuthUtil.isHttpsProtocol("foo"));

-        Assert.assertTrue(
-                GlobalAuthUtil.isHttpsProtocol("https://www.foo.bar"));
+        Assert.assertTrue(GlobalAuthUtil.isHttpsProtocol("https://www.foo.bar"));
    }

    @Test
@@ -58,4 +61,90 @@ public class GlobalAuthUtilTest {
        Assert.assertTrue(GlobalAuthUtil.isLocalHost("127.0.0.1"));
        Assert.assertTrue(GlobalAuthUtil.isLocalHost("localhost"));
    }
+
+    @Test
+    public void testGenerateTwitterSignatureForRequestToken() {
+        AuthConfig config = AuthConfig.builder()
+            .clientId("HD0XLqzi5Wz0G08rh45Cg8mgh")
+            .clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5")
+            .redirectUri("https://codinglife.tech")
+            .build();
+        Map<String, Object> params = new HashMap<>();
+        params.put("oauth_consumer_key", config.getClientId());
+        params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN");
+        params.put("oauth_signature_method", "HMAC-SHA1");
+        params.put("oauth_timestamp", "1569750981");
+        params.put("oauth_callback", config.getRedirectUri());
+        params.put("oauth_version", "1.0");
+
+        String baseUrl = "https://api.twitter.com/oauth/request_token";
+        params.put("oauth_signature", generateTwitterSignature(params, "POST", baseUrl, config.getClientSecret(), null));
+
+        params.forEach((k, v) -> params.put(k, "\"" + urlEncode(v.toString()) + "\""));
+        String actual = "OAuth " + GlobalAuthUtil.parseMapToString(params, false).replaceAll("&", ", ");
+
+        assertEquals("OAuth oauth_nonce=\"sTj7Ivg73u052eXstpoS1AWQCynuDEPN\", oauth_signature=\"%2BL5Jq%2FTaKubge04cWw%2B4yfjFlaU%3D\", oauth_callback=\"https%3A%2F%2Fcodinglife.tech\", oauth_consumer_key=\"HD0XLqzi5Wz0G08rh45Cg8mgh\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1569750981\", oauth_version=\"1.0\"", actual);
+    }
+
+    @Test
+    public void testGenerateTwitterSignatureForAccessToken() {
+        AuthConfig config = AuthConfig.builder()
+            .clientId("HD0XLqzi5Wz0G08rh45Cg8mgh")
+            .clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5")
+            .build();
+        AuthCallback authCallback = AuthCallback.builder()
+            .oauthToken("W_KLmAAAAAAAxq5LAAABbXxJeD0")
+            .oauthVerifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
+            .build();
+        Map<String, Object> params = new HashMap<>();
+        params.put("oauth_consumer_key", config.getClientId());
+        params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN");
+        params.put("oauth_signature_method", "HMAC-SHA1");
+        params.put("oauth_timestamp", "1569751082");
+        params.put("oauth_token", authCallback.getOauthToken());
+        params.put("oauth_verifier", authCallback.getOauthVerifier());
+        params.put("oauth_version", "1.0");
+
+        params.put("oauth_signature", generateTwitterSignature(params, "POST", TWITTER.accessToken(), config.getClientSecret(), authCallback.getOauthToken()));
+
+        params.forEach((k, v) -> params.put(k, "\"" + urlEncode(v.toString()) + "\""));
+        String actual = "OAuth " + GlobalAuthUtil.parseMapToString(params, false).replaceAll("&", ", ");
+
+        assertEquals("OAuth oauth_verifier=\"lYou4gxfA6S5KioUa8VF8HCShzA2nSxp\", oauth_nonce=\"sTj7Ivg73u052eXstpoS1AWQCynuDEPN\", oauth_signature=\"9i0lmWgvphtkl2KcCO9VyZ3K2%2F0%3D\", oauth_token=\"W_KLmAAAAAAAxq5LAAABbXxJeD0\", oauth_consumer_key=\"HD0XLqzi5Wz0G08rh45Cg8mgh\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1569751082\", oauth_version=\"1.0\"", actual);
+    }
+
+    @Test
+    public void testGenerateTwitterSignatureForUserInfo() {
+        AuthConfig config = AuthConfig.builder()
+            .clientId("HD0XLqzi5Wz0G08rh45Cg8mgh")
+            .clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5")
+            .build();
+        AuthToken authToken = AuthToken.builder()
+            .oauthToken("1961977975-PcFQaCnpN9h9xqtqHwHlpGBXFrHJ9bOLy7OtGAL")
+            .oauthTokenSecret("ffyKe39GYYf8tAyhliSe3QmazpO65kZp5b49xOFX6wHho")
+            .userId("1961977975")
+            .screenName("pengisgood")
+            .build();
+
+        Map<String, Object> oauthParams = new HashMap<>();
+        oauthParams.put("oauth_consumer_key", config.getClientId());
+        oauthParams.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN");
+        oauthParams.put("oauth_signature_method", "HMAC-SHA1");
+        oauthParams.put("oauth_timestamp", "1569751082");
+        oauthParams.put("oauth_token", authToken.getOauthToken());
+        oauthParams.put("oauth_version", "1.0");
+
+        Map<String, Object> queryParams = new HashMap<>();
+        queryParams.put("user_id", authToken.getUserId());
+        queryParams.put("screen_name", authToken.getScreenName());
+        queryParams.put("include_entities", true);
+
+        Map<String, Object> params = new HashMap<>(oauthParams);
+        params.putAll(queryParams);
+        oauthParams.put("oauth_signature", generateTwitterSignature(params, "GET", TWITTER.userInfo(), config.getClientSecret(), authToken.getOauthTokenSecret()));
+        oauthParams.forEach((k, v) -> oauthParams.put(k, "\"" + urlEncode(v.toString()) + "\""));
+
+        String actual = "OAuth "+ GlobalAuthUtil.parseMapToString(oauthParams, false).replaceAll("&", ", ");
+        assertEquals("OAuth oauth_nonce=\"sTj7Ivg73u052eXstpoS1AWQCynuDEPN\", oauth_signature=\"elV04U%2FiLm%2Ff3ue1dSrZeChFkEM%3D\", oauth_token=\"1961977975-PcFQaCnpN9h9xqtqHwHlpGBXFrHJ9bOLy7OtGAL\", oauth_consumer_key=\"HD0XLqzi5Wz0G08rh45Cg8mgh\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1569751082\", oauth_version=\"1.0\"", actual);
+    }
 }