图书馆将Google的OAuth / OpenID混合集成在Java Web App中? [英] Library to integrate Google's OAuth/OpenID hybrid in Java Web App?
问题描述
我正在构建一个需要访问用户的Google日历数据的Java Web应用程序 - 因此我认为OAuth / OpenID混合是最好的方式。
I'm building a Java web app that needs access to a user's Google Calendar data - therefore I thought the OAuth/OpenID hybrid is the best way to go.
什么是最好的库来处理这项工作 - 并减少我的代码量?
What's the best library to handle the job - and reduce the amount of code on my end?
我试过 openid4java & Spring Security OpenID (两者都不支持混合)以及 dyuproject (无法将其集成)。
I tried openid4java & Spring Security OpenID (both don't support hybrid) as well as dyuproject (couldn't get it integrated).
PS:GAE不是一个选项
PS: GAE is not an option
任何想法?
推荐答案
我不知道任何集成库,但我使用的是OpenID库( openid4java ),一个OAuth库( net.oauth Java实现 )和我的双手如下:
I don't know any integrated library but I do it with an OpenID library (openid4java), an OAuth library (net.oauth Java implementation ) and my bare hands as follows:
我的 OAuth使用者密钥
与www.example.com类似,因此我使用http://*.example.com作为 OpenID领域
。
My OAuth consumer key
is like www.example.com so I use http://*.example.com as OpenID realm
.
在将用户重定向到Google OpenID端点时,我添加了以下参数(重定向网址或表单):
I add following parameters (to redirect url or form) when redirecting user to Google OpenID endpoint:
openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0
openid.ext2.consumer=<my oauth consumer key>
openid.ext2.scope=<oauth scope to be authorized>
作为回报,除了我收到的普通OpenID回复:
In return in addition to plain OpenID response I receive:
openid.ext2.request_token=<request-token>
我将收到的请求令牌与access-token和access-secret交换成需要的OAuth授权的电话。就这样!
I exchange received request-token with access-token and access-secret which are what is needed to make OAuth-authorized calls. That's all!
请注意,在普通OAuth和请求令牌中,您必须使用请求密钥和验证程序,但此处您不需要它们。
Note that in plain OAuth along with request-token you have to use a request-secret and verifier but here you don't need them.
要想获得更好的观点,您可以阅读 Google OAuth , Google OpenID 和 OpenID OAuth扩展。
To have a better view you may read Google OAuth, Google OpenID and OpenID OAuth Extension.
编辑:此处(评论8)是OAuth的扩展名openid4java就是为你做的。
Here (comment 8) is the OAuth extension for openid4java that does above for you.
这篇关于图书馆将Google的OAuth / OpenID混合集成在Java Web App中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!