I have an web application whcih allows only google users and uses spring-boot-starter-oauth2-client to obtain authentication. I want to integrate Google API into my application, but all examples using its onw Oath2 process to authenticate user. How can I reuse existing spring boot google login for interaction with google API services?
Thanks!
You have to use the spring-boot-starter-oauth2-client dependency that allows the client registration for oauth2 providers, but before that it's necessary the client-id and client-secret provided by your oauth2 provider (such google). Here's a nice guide of how do that.
Related
I am creating a native android application and I am using keycloak authentication, because my web app and my API is already configured with keycloak. I setup Facebook and Google as identity providers for keycloak but now I don't know how I am supposed to configure it in the Android application.
For the general authentication I am using retrofit with rest calls to get the token and after that I am storing the token in Android Account manager.
I want my android app to successfully authenticate via Facebook or Google through Keycloak. Any suggestions, please?
The answer is that I should use the keycloak functionality for token exchange from external to internal. See for more details: https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/token-exchange/token-exchange.adoc.
AWS Cognito primarly meant for Serverless user authentication from Mobile or Web application (Javascript).
The primary concern is that, we need to do client implementation for each of the client like Android, IOS and Javascript.
Instead of that can we have spring boot server which will expose a login/signup/action rest endpoint for all the above clients where the spring boot will authenticate/signup with Congnito on behalf of the clients and send the access_token response back to the client. This way, Conginto integration will be done only in one place which is the Spring boot application.
Can we go ahead with this approach? Does AWS SDK supports Java for cognito access from Server?
Here's an article which shows an example of implementing a Spring boot application that is able to authenticate the user against Amazon Cognito using OAuth 2.0 authorization code grant and JSON Web Tokens.
This github repo contains the example code in Kotlin
Probably, this is in some ways, similar to your usecase.
I work in a project using GAE.
I have a GAE app that consume Rest services from others GAE apps (this apps uses different Google Apis with 2LO oauth2, eg: one app uses Gcalendar Api, other Gmail Api, ...). The REST apps are in Java and use GoogleCredential for consume Google Apis. All the apps are in same domain (Company is own of all projects).
I need migrate the principal GAE app (also in Java) from 2LO Oauth 1 to 2LO Oauth2.
I see this example but not is 2LO. https://code.google.com/p/google-oauth-java-client/wiki/Samples
Can I use Credential from Google-Oauth-api or GoogleCredential? Or GoogleCredential is only for Google Apis?
Thanks.
This [1] is the 2LO OAuth 2.0 implementation of Google OAuth you can use on App Engine and is usually refereed as the OAuth for Server to Server Applications on public documentation. This method requires of a Service Account that you can obtain on the Google Developers Console of your app. More info here [2].
[1] https://developers.google.com/accounts/docs/OAuth2ServiceAccount
[2] https://developers.google.com/api-client-library/java/google-api-java-client/app-engine
I am developing an application on Google App Engine in java. In this application I have to implement SSO using SAML2. My google app engine application will act as service provider and identity provider will be a separate server. I have just to write the SP side of SSO. I am new to SAML and did much google on SAML and come to basic flow of user authentication in SSO. I found opensaml library that can be used to handle SAML messages between Idp and SP. I also found Shibboleth which is the implementation of opensaml library. I am very confuse on the decision of choosing opensaml or Shibboleth. can anyone suggest me on choosing opensaml or Shibboleth and if some one have found any tutorial on SP implementation of SSO in Google app engine he can also share it.
You can embed Spring SAML Extension (product built on top of OpenSAML) into your application. It will enable you to act as a SAML 2.0 Service Provider.
You can see a working demo of such approach at http://saml-federation.appspot.com/ which shows a Spring SAML sample application connected to SSO Circle IDP.
Shibboleth doesn't provide a SAML SP component which can be embedded into applications. The Shibboleth SPs act as plugins to Apache or IIS web servers and cannot be used with Google App Engine.
You can also see the Spring SAML as an example of SAML 2.0 WebSSO implementation to follow in case you'd like to write it youself. Latest documentation is available in Spring repos, sources are at GitHub.
I am creating a web application on GAE. In this application i have to implement the SSO feature using SAML 2.0. I am suffering lot on web but i didn't find any example. I get the knowledge how SAML work, which library i have to use in java. But before starting i want to know if this feature is possible in GAE. I know google apps are based on SAML and provide SSO functionality. But i didn't find any link where it stated that GAE also support SAML and we can create SAML application on GAE. Thanks
I have done some integration with my demo google app engine account. Here i used Java based SAML2 IDP in my local which has been connected to LDAP user store. And using this IDP, i could login to google app account. Here what i understood. We need to configure about the IDP details (uri and so on) in the google account and upload a certificate of my IDP. Then i want to create same user which was in my IDP, in the google app account (I guess, it is for authorization purpose). Once i tried to login to google app, then it redirects me to my local SAML2 IDP and i need to provide user credentials to IDP. Then i would be directed to google app and can login to it. Here is some guide how to enable SAML2 SSO with shibboleth. I guess this would be help you.