OAuth 和 google plus api
我正在我的 Gaelyk 应用程序之一中使用 google-start-project 的代码。这是 OAuth 2.0 授权过程的常规代码。与 Twitter 不同,每当应用程序请求授权时,用户必须允许应用程序继续,我认为这很奇怪。我犯了一些错误吗?
// Check for an error returned by OAuth
if ( params.error ) {
response.setContentType("text/plain");
out.println("There was a problem during authentication: " + error);
log.severe("There was a problem during authentication: " + error);
return;
}
// When we're redirected back from the OAuth 2.0 grant page, a code will be supplied in a GET parameter named 'code'
if ( !params.code ) {
// Now that we have the OAuth 2.0 code, we must exchange it for a token to make API requests.
// Build the authorization URL
AuthorizationRequestUrl authorizeUrl = new GoogleAuthorizationRequestUrl(
CLIENT_ID,
REDIRECT_URI,
SCOPES
);
authorizeUrl.redirectUri = REDIRECT_URI;
authorizeUrl.scope = SCOPES;
String authorizationUrl = authorizeUrl.build();
log.info("Redirecting browser for OAuth 2.0 authorization to " + authorizationUrl);
response.sendRedirect(authorizationUrl);
return;
} else {
log.info("Exchanging OAuth code for access token using server side call");
AccessTokenResponse accessTokenResponse = new GoogleAccessTokenRequest.GoogleAuthorizationCodeGrant(
new NetHttpTransport(),
new GsonFactory(),
CLIENT_ID,
CLIENT_SECRET,
params.code,
REDIRECT_URI
).execute();
log.info("Storing authentication token into the session");
request.session.accessToken = accessTokenResponse.accessToken
request.session.refreshToken = accessTokenResponse.refreshToken
//The authentication is all done! Redirect back to the samples index so you can play with them.
response.sendRedirect("/");
}
I'm using google-start-project's code into one of my gaelyk app. This is the groovy-ed code for the OAuth 2.0 authorization process. Unlike twitter, whenever the app requests authorization the user must allow the app to continue and I think is weird. There are some mistakes that I made?
// Check for an error returned by OAuth
if ( params.error ) {
response.setContentType("text/plain");
out.println("There was a problem during authentication: " + error);
log.severe("There was a problem during authentication: " + error);
return;
}
// When we're redirected back from the OAuth 2.0 grant page, a code will be supplied in a GET parameter named 'code'
if ( !params.code ) {
// Now that we have the OAuth 2.0 code, we must exchange it for a token to make API requests.
// Build the authorization URL
AuthorizationRequestUrl authorizeUrl = new GoogleAuthorizationRequestUrl(
CLIENT_ID,
REDIRECT_URI,
SCOPES
);
authorizeUrl.redirectUri = REDIRECT_URI;
authorizeUrl.scope = SCOPES;
String authorizationUrl = authorizeUrl.build();
log.info("Redirecting browser for OAuth 2.0 authorization to " + authorizationUrl);
response.sendRedirect(authorizationUrl);
return;
} else {
log.info("Exchanging OAuth code for access token using server side call");
AccessTokenResponse accessTokenResponse = new GoogleAccessTokenRequest.GoogleAuthorizationCodeGrant(
new NetHttpTransport(),
new GsonFactory(),
CLIENT_ID,
CLIENT_SECRET,
params.code,
REDIRECT_URI
).execute();
log.info("Storing authentication token into the session");
request.session.accessToken = accessTokenResponse.accessToken
request.session.refreshToken = accessTokenResponse.refreshToken
//The authentication is all done! Redirect back to the samples index so you can play with them.
response.sendRedirect("/");
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不,你做得对。我认为 Google+ 不支持身份验证 - 仅支持授权。这就是 OAuth 的理念——授权用户,而不是验证用户的身份。对于身份验证,您可以使用 OpenID。
顺便说一句,起始项目有点复杂,不支持maven,并且当google添加新的API方法时没有及时更新。因此我创建了这个项目,你可以检查一下它是否适合你。
No, you are doing it right. I think Google+ does not support authentication - only authorization. Which is the idea of OAuth - to authorize users, not to authenticate them. For authentication you can use OpenID.
Btw, the starter project is a bit complicated, doesn't support maven and does not get updated in a timely manner when google add new API methods. Hence I created this project, you can check if it suites you.