public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl)
      throws OAuthMessageSignerException, OAuthNotAuthorizedException,
          OAuthExpectationFailedException, OAuthCommunicationException {

    // invalidate current credentials, if any
    consumer.setTokenWithSecret(null, null);

    // 1.0a expects the callback to be sent while getting the request token.
    // 1.0 service providers would simply ignore this parameter.
    retrieveToken(consumer, this.requestTokenEndpointUrl, OAuth.OAUTH_CALLBACK, callbackUrl);

    String callbackConfirmed = this.responseParameters.getFirst(OAuth.OAUTH_CALLBACK_CONFIRMED);
    this.responseParameters.remove(OAuth.OAUTH_CALLBACK_CONFIRMED);
    this.isOAuth10a = Boolean.TRUE.toString().equals(callbackConfirmed);

    // 1.0 service providers expect the callback as part of the auth URL,
    // Do not send when 1.0a.
    if (this.isOAuth10a) {
      return OAuth.addQueryParameters(
          this.authorizationWebsiteUrl, OAuth.OAUTH_TOKEN, consumer.getToken());
    } else {
      return OAuth.addQueryParameters(
          this.authorizationWebsiteUrl,
          OAuth.OAUTH_TOKEN,
          consumer.getToken(),
          OAuth.OAUTH_CALLBACK,
          callbackUrl);
    }
  }
  public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier)
      throws OAuthMessageSignerException, OAuthNotAuthorizedException,
          OAuthExpectationFailedException, OAuthCommunicationException {

    if (consumer.getToken() == null || consumer.getTokenSecret() == null) {
      throw new OAuthExpectationFailedException(
          "Authorized request token or token secret not set. "
              + "Did you retrieve an authorized request token before?");
    }

    if (this.isOAuth10a && oauthVerifier != null) {
      retrieveToken(consumer, this.accessTokenEndpointUrl, OAuth.OAUTH_VERIFIER, oauthVerifier);
    } else {
      retrieveToken(consumer, this.accessTokenEndpointUrl);
    }
  }