From the left flank

Last Friday Dan and I worked on accessing a user’s Google Docs via OAuth. We were able to make it work except that I found out that our solution doesn’t scale!

Our observations are

1. Two or more users getting an unauthorized request token returns an invalid token to one of the users.

2. Two or more users getting an unauthorized request token in succession returns an invalid token to the last person who requests. The latter can try again after a certain time after the last person has finished accessing his/her google docs.

We followed are the tutorials for accessing Gdata using Oauth at the Gdata website and used the Gdata Java libraries.

I think the problems are

1. that the helper classes that come in with the libraries are instantiated only once for the whole app (a singleton). Meaning any client who visits the app and uses the same instance to connect to google via oauth uses the same instance every time.

2. the helper classes are maintaining state, hence the invalid token received by another user while someone is still “using” our app to access his/her google docs. This is the same problem that I have with using Twitter4j, you can’t wire them as a singleton because they’re maintaining state.

If that’s the case, then I should probably remove this line of code in our controllers:

public class GoogleOauthController extends MultiActionController {
	...
	private GoogleOAuthParameters oAuthParameters;
	private GoogleOAuthHelper oAuthHelper;
        ...

and refactor this by instantiating one instance of GoogleOAuthParameters and GoogleOAuthHelper per invokation of any of the methods in the controllers that make use of them. I’ll be able to do this using the abstract factory method or an abstract factory class which I’ve just finished reading about this week! That came at just the right time, thank God for my book Head First Design patterns.

But which refactoring to do?

I think the abstract factory method is more appropriate although it shouldn’t be called abstract because I don’t expect any controller to extend the controller I am going to build for Oauth. I’ll call my solution the oauth-factory-method.

But on the other hand, I might need the same functionality of the oauth-factory-method so that oauth controllers that have provider specific logic can use the oauth-factory-method to get the helper classes that they need and more importantly that are otherwise needed in a lot of other controllers.