将 Google 的 OAuth/OpenID 混合集成到 Java Web App 中的库? [英] Library to integrate Google's OAuth/OpenID hybrid in Java Web App?
问题描述
我正在构建一个需要访问用户 Google 日历数据的 Java 网络应用程序 - 因此我认为 OAuth/OpenID 混合是最好的方法.
I'm building a Java web app that needs access to a user's Google Calendar data - therefore I thought the OAuth/OpenID hybrid is the best way to go.
处理这项工作的最佳库是什么 - 并减少我的代码量?
What's the best library to handle the job - and reduce the amount of code on my end?
我尝试了 openid4java &Spring Security OpenID(均不支持混合)以及 dyuproject(无法集成).
I tried openid4java & Spring Security OpenID (both don't support hybrid) as well as dyuproject (couldn't get it integrated).
PS:GAE 不是一个选项
PS: GAE is not an option
有什么想法吗?
推荐答案
我不知道任何集成库,但我使用 OpenID 库 (openid4java),一个 OAuth 库(net.oauthJava 实现 ) 和我的双手如下:
I don't know any integrated library but I do it with an OpenID library (openid4java), an OAuth library (net.oauth Java implementation ) and my bare hands as follows:
我的 OAuth 消费者密钥
就像 www.example.com,所以我使用 http://*.example.com 作为 OpenID 领域
.
My OAuth consumer key
is like www.example.com so I use http://*.example.com as OpenID realm
.
在将用户重定向到 Google OpenID 端点时,我添加了以下参数(用于重定向 url 或表单):
I add following parameters (to redirect url or form) when redirecting user to Google OpenID endpoint:
openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0
openid.ext2.consumer=<my oauth consumer key>
openid.ext2.scope=<oauth scope to be authorized>
作为回报,除了我收到的普通 OpenID 响应:
In return in addition to plain OpenID response I receive:
openid.ext2.request_token=<request-token>
我将收到的请求令牌与访问令牌和访问秘密交换,这是进行 OAuth 授权调用所需的.就这样!
I exchange received request-token with access-token and access-secret which are what is needed to make OAuth-authorized calls. That's all!
请注意,在普通 OAuth 和请求令牌中,您必须使用请求秘密和验证器,但在这里您不需要它们.
Note that in plain OAuth along with request-token you have to use a request-secret and verifier but here you don't need them.
要获得更好的视图,您可以阅读 Google OAuth,Google OpenID 和 OpenID OAuth 扩展.
To have a better view you may read Google OAuth, Google OpenID and OpenID OAuth Extension.
这里(评论 8)openid4java 的 OAuth 扩展,为您完成上述工作.
Here (comment 8) is the OAuth extension for openid4java that does above for you.
这篇关于将 Google 的 OAuth/OpenID 混合集成到 Java Web App 中的库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!