图书馆将Google的OAuth / OpenID混合集成在Java Web App中？ [英] Library to integrate Google's OAuth/OpenID hybrid in Java Web App?

问题描述

我正在构建一个需要访问用户的Google日历数据的Java Web应用程序 - 因此我认为OAuth / OpenID混合是最好的方式。

I'm building a Java web app that needs access to a user's Google Calendar data - therefore I thought the OAuth/OpenID hybrid is the best way to go.

什么是最好的库来处理这项工作 - 并减少我的代码量？

What's the best library to handle the job - and reduce the amount of code on my end?

我试过 openid4java & Spring Security OpenID （两者都不支持混合）以及 dyuproject （无法将其集成）。

I tried openid4java & Spring Security OpenID (both don't support hybrid) as well as dyuproject (couldn't get it integrated).

PS：GAE不是一个选项

PS: GAE is not an option

任何想法？

推荐答案

我不知道任何集成库，但我使用的是OpenID库（ openid4java ），一个OAuth库（ net.oauth Java实现 ）和我的双手如下：

I don't know any integrated library but I do it with an OpenID library (openid4java), an OAuth library (net.oauth Java implementation ) and my bare hands as follows:

我的 OAuth使用者密钥与www.example.com类似，因此我使用http：//*.example.com作为 OpenID领域。

My OAuth consumer key is like www.example.com so I use http://*.example.com as OpenID realm.

在将用户重定向到Google OpenID端点时，我添加了以下参数（重定向网址或表单）：

I add following parameters (to redirect url or form) when redirecting user to Google OpenID endpoint:

openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0
openid.ext2.consumer=<my oauth consumer key>
openid.ext2.scope=<oauth scope to be authorized>

作为回报，除了我收到的普通OpenID回复：

In return in addition to plain OpenID response I receive:

openid.ext2.request_token=<request-token>

我将收到的请求令牌与access-token和access-secret交换成需要的OAuth授权的电话。就这样！

I exchange received request-token with access-token and access-secret which are what is needed to make OAuth-authorized calls. That's all!

请注意，在普通OAuth和请求令牌中，您必须使用请求密钥和验证程序，但此处您不需要它们。

Note that in plain OAuth along with request-token you have to use a request-secret and verifier but here you don't need them.

要想获得更好的观点，您可以阅读 Google OAuth ， Google OpenID 和 OpenID OAuth扩展。

To have a better view you may read Google OAuth, Google OpenID and OpenID OAuth Extension.

编辑：此处（评论8）是OAuth的扩展名openid4java就是为你做的。

Here (comment 8) is the OAuth extension for openid4java that does above for you.

这篇关于图书馆将Google的OAuth / OpenID混合集成在Java Web App中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！