I am developing a Java Application where I am implementing 3-legged OAuth using google gdata in Java. This application is registered on Google App Engine. At the first stage, I am getting the unauthorized request-token successfully. I am storing that token in session and create a link using createUserAuthorizationUrl(oauthParameters). Then on clicking the link, it redirect me to "Grant Access Page".

Now, even though I grant access, it doesn't show me this page. But, it redirects me to my callback url. However, this seems proper. But, it also doesn't add the entry under My Account. Here, I am storing the oauth_token in session.

When getting redirected, the url of that page contains oauth_token & oauth_verifier, both ! Now, on this callback url, I have a submit button & set action of for to an accessTokenServlet.java. The code of this servlet is as follow :

Now I am sending request to fetch Access Token. My code is :

            GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters();
            oauthParameters.setOAuthConsumerKey(CONSUMER_KEY);
            oauthParameters.setOAuthConsumerSecret(CONSUMER_SECRET);
            oauthParameters.setOAuthType(OAuthParameters.OAuthType.THREE_LEGGED_OAUTH);

            GoogleOAuthHelper oauthHelper = new GoogleOAuthHelper(new OAuthHmacSha1Signer());

            oauthParameters.setOAuthToken(request.getSession().getAttribute("oauth_token").toString());
            oauthParameters.setOAuthTokenSecret(request.getSession().getAttribute("oauth_token_secret").toString());

            try {
                String accessToken = oauthHelper.getAccessToken(oauthParameters);
                out.println("Access Token : " + accessToken);
            } catch (OAuthException e) {
                //System.out.print("Response Status : " + response.getStatus());
                out.println("Exception : ");
                e.printStackTrace();
                return;
            }

While clicking on submit button, it prints "Access Token : " & nothing ! No token returns !

I am getting wrong at the stage of authorizing the request token itself. But, I am not getting, what problem got generated ?

The page with the verifier you linked to should only happen if you pass in an oauth_callback of oob — this indicates that you will be moving the verifier out-of-band. I strongly recommend against using oob for anything but debugging. Instead, you should be setting a callback URL and getting the verifier out of the query string.

In the code above, I don't see anything that sets the verifier in the OAuth parameters, so that's likely your problem. You're also not doing much in the way of error handling, and that's a really important piece of the OAuth flow — for example, once you've got it working, try canceling the OAuth process and see how your application handles it.

You will only see the entry in your issued tokens list after you've fully completed the process and obtained an upgraded access token.