OAuth and google plus api_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-04-13 08:55 出处：网络

I\'m using google-start-project\'s code into one of my gaelyk app. This is the groovy-ed code for the OAuth 2.0 authorization process. Unlike twitter, whenever开发者_如何学Python the app requests auth

I'm using google-start-project's code into one of my gaelyk app. This is the groovy-ed code for the OAuth 2.0 authorization process. Unlike twitter, whenever开发者_如何学Python the app requests authorization the user must allow the app to continue and I think is weird. There are some mistakes that I made?

    // Check for an error returned by OAuth
if ( params.error ) {
    response.setContentType("text/plain");
    out.println("There was a problem during authentication: " + error);
    log.severe("There was a problem during authentication: " + error);
    return;
}

// When we're redirected back from the OAuth 2.0 grant page, a code will be supplied in a GET parameter named 'code'

if ( !params.code ) {
    // Now that we have the OAuth 2.0 code, we must exchange it for a token to make API requests.

    // Build the authorization URL
    AuthorizationRequestUrl authorizeUrl = new GoogleAuthorizationRequestUrl(
            CLIENT_ID,
            REDIRECT_URI,
            SCOPES
        );
    authorizeUrl.redirectUri = REDIRECT_URI;
    authorizeUrl.scope = SCOPES;
    String authorizationUrl = authorizeUrl.build();

    log.info("Redirecting browser for OAuth 2.0 authorization to " + authorizationUrl);
    response.sendRedirect(authorizationUrl);
    return;
} else {
    log.info("Exchanging OAuth code for access token using server side call");

    AccessTokenResponse accessTokenResponse = new GoogleAccessTokenRequest.GoogleAuthorizationCodeGrant(
            new NetHttpTransport(),
            new GsonFactory(),
            CLIENT_ID,
            CLIENT_SECRET,
            params.code,
            REDIRECT_URI
        ).execute();

    log.info("Storing authentication token into the session");
    request.session.accessToken = accessTokenResponse.accessToken
    request.session.refreshToken = accessTokenResponse.refreshToken

    //The authentication is all done! Redirect back to the samples index so you can play with them.
    response.sendRedirect("/");
}

No, you are doing it right. I think Google+ does not support authentication - only authorization. Which is the idea of OAuth - to authorize users, not to authenticate them. For authentication you can use OpenID.

Btw, the starter project is a bit complicated, doesn't support maven and does not get updated in a timely manner when google add new API methods. Hence I created this project, you can check if it suites you.