We're using the goole-client-api library to verify google accounts from our backend. This implementation runs on Google Cloud Platform (GCP) using App Engine and DataStore.
What we're seeing so far is for the GoogleIdTokenVerifier to work but only returns email and uid along with token signature.
The token and uid used does return all profile infos when run against our servlet but does not through our App Engine Endpoint.
Here is the code used:
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.extensions.appengine.http.UrlFetchTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Collections;
import java.util.logging.Logger;
public class GoogleVerifier implements TokenVerifier {
final Logger logger = Logger.getLogger(GoogleVerifier.class.getName());
private static GoogleVerifier instance = null;
private String privAppId;
private UrlFetchTransport httpTransport; //library required to run on GCP
private JsonFactory jsonFactory;
private GoogleVerifier() {
}
private static GoogleVerifier getInstance() {
if (instance == null) {
instance = new GoogleVerifier();
}
return instance;
}
public static void setAppId(String appId) {
getInstance().setPrivAppId(appId);
getInstance().setHttpTransport(new UrlFetchTransport());
getInstance().setJsonFactory(new JacksonFactory());
}
public static String[] verify(String token, String uid) {
return getInstance().verifyPrivate(token, uid);
}
public String[] verifyPrivate(String token, String uid) {
#SuppressWarnings("unused")
GoogleCredential credential = new GoogleCredential().setAccessToken(token);
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(httpTransport, jsonFactory)
.setAudience(Collections.singletonList(privAppId))
.build();
String[] payloadInfo = new String[5];
try {
GoogleIdToken idToken = verifier.verify(token);
if (idToken != null) {
GoogleIdToken.Payload payload = idToken.getPayload();
if (payload.getSubject().equals(uid)) {
logger.info("Matching google id: " + uid);
payloadInfo[0] = payload.getSubject();
payloadInfo[1] = payload.get("given_name").toString();
payloadInfo[2] = payload.get("family_name").toString();
payloadInfo[3] = payload.get("picture").toString();
payloadInfo[4] = payload.getEmail();
return payloadInfo;
} else {
logger.info("Mismatching google id: " + uid);
return payloadInfo;
}
}
}
catch (Exception e) {
e.printStackTrace();
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
e.printStackTrace(pw);
logger.warning(sw.toString());
return payloadInfo;
}
return payloadInfo;
}
private void setPrivAppId(String appId) {
this.privAppId = appId;
}
private void setHttpTransport(UrlFetchTransport httpTransport) {
this.httpTransport = httpTransport;
}
private void setJsonFactory(JsonFactory jsonFactory) {
this.jsonFactory = jsonFactory;
}
}
Here is our App Engine Endpoint:
#ApiMethod(name = "loginSocial", path = "loginSocial", httpMethod = HttpMethod.PUT)
public Response loginSocial(#Named("token") String token,
#Named("uid") String uid,
#Named("socialWebSite") SOCIALWEBSITE socialWebSite,
HttpServletRequest request) throws DatabaseException, IOException {
Response response = new Response();
//make sure parameters and not null or empty
if (token != null && uid != null && socialWebSite != null &&
!token.trim().isEmpty() && !uid.trim().isEmpty()){
String [] userInfo = new String[5];
//validate token and retrieve info first
if (socialWebSite.equals(SOCIALWEBSITE.GOOGLE)){
GoogleVerifier.setAppId(APP_ID);
userInfo = GoogleVerifier.verify(token, uid);
}else if(socialWebSite.equals(APP_ID);
userInfo = FacebookVerifier.verify(token, uid);
}
}
}
Thanks!
I ended up using a different library which is much simpler and provided the same information.
https://stackoverflow.com/questions/22516693
Related
I'm using snmp4j 3.4.2 inside my java application (full code below)
I'm trying to execute a snmpget with snmpv3, security DES and auth MD5 and custom OID (python script, which is executed by snmp's extend funtionality). To create better understanding I used SnmpConstants.sysUpTime in the example below.
The SNMP resource has this user configured:
defSecurityName demo
defSecurityLevel authPriv
defAuthType MD5
defPrivType DES
defAuthPassphrase pass
defPrivPassphrase pass
I'm already using this user and resource to successfully perform the snmpget with python (pysnmp) and bash (snmpget), so I can definitely tell that my setup works and the java code is the problem.
I have two java classes (Listener.java and ServerStatusHelper.java)
Listener.java contains main and calls the snmpGet inside ServerStatusHelper.java, other code of Listener is excluded as its not neccessary.
import org.snmp4j.PDU;
import org.snmp4j.ScopedPDU;
import org.snmp4j.Snmp;
import org.snmp4j.Target;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.AuthMD5;
import org.snmp4j.security.AuthSHA;
import org.snmp4j.security.PrivAES128;
import org.snmp4j.security.PrivDES;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.VariableBinding;
public class Listener {
public static void main(String[] args) {
ServerStatusHelper agent = new ServerStatusHelper("host.tld", "udp", 161, "demo", "demo",
"pass", "pass", new AuthMD5(), new PrivDES(), true);
try {
agent.startAgent();
ResponseEvent response = agent.snmpGetOperation(SnmpConstants.sysUpTime);
if (response != null) {
System.out.println(
"response null - error: "+ response.getError() +
"peerAddress: " + response.getPeerAddress() +
"source: " + response.getSource().toString() +
"request: " + response.getRequest());
}
} catch (
IOException e) {
e.printStackTrace();
}
}
}
ServerStatusHelper.java
import java.io.IOException;
import org.snmp4j.CommunityTarget;
import org.snmp4j.PDU;
import org.snmp4j.ScopedPDU;
import org.snmp4j.Snmp;
import org.snmp4j.TransportMapping;
import org.snmp4j.UserTarget;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.MPv3;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.AuthGeneric;
import org.snmp4j.security.AuthMD5;
import org.snmp4j.security.PrivDES;
import org.snmp4j.security.PrivacyGeneric;
import org.snmp4j.security.SecurityLevel;
import org.snmp4j.security.SecurityModels;
import org.snmp4j.security.SecurityProtocols;
import org.snmp4j.security.USM;
import org.snmp4j.security.UsmUser;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.TransportIpAddress;
import org.snmp4j.smi.VariableBinding;
import org.snmp4j.transport.DefaultTcpTransportMapping;
import org.snmp4j.transport.DefaultUdpTransportMapping;
public class ServerStatusHelper {
private Address nmsIP;
private String user;
private String securityName;
private String privacyPassword;
private String authorizationPassword;
private AuthGeneric authProtocol;
private PrivacyGeneric privacyProtocol;
private String protocol;
private boolean encryption;
private long timeOut = 1000;
private int noOfRetries = 10;
private Snmp snmp;
private UserTarget target;
private CommunityTarget v1target;
ServerStatusHelper(String ip, String protocol, int snmpPort, String username, String securityName,
String privacyPassword, String authPassowrd, AuthGeneric authProtocol, PrivacyGeneric privacyProtocol,
boolean encryption) {
nmsIP = GenericAddress.parse(protocol + ":" + ip + "/" + snmpPort);
System.out.println("NMS IP set : " + nmsIP.toString());
this.protocol = protocol;
this.user = username;
this.securityName = securityName;
this.privacyPassword = privacyPassword;
this.authorizationPassword = authPassowrd;
this.authProtocol = authProtocol;
this.privacyProtocol = privacyProtocol;
this.encryption = encryption;
SecurityProtocols.getInstance().addAuthenticationProtocol(new AuthMD5());
SecurityProtocols.getInstance().addPrivacyProtocol(new PrivDES());
}
public void startAgent() throws IOException {
if (snmp == null) {
TransportMapping<? extends TransportIpAddress> transport = null;
if (protocol.equalsIgnoreCase("udp")) {
System.out.println("UDP Protocol selected.");
transport = new DefaultUdpTransportMapping();
} else {
System.out.println("TCP Protocol selected.");
transport = new DefaultTcpTransportMapping();
}
snmp = new Snmp(transport);
USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);
SecurityModels.getInstance().addSecurityModel(usm);
transport.listen();
snmp.getUSM().addUser(new OctetString(user),
new UsmUser(new OctetString(securityName), authProtocol.getID(),
new OctetString(authorizationPassword), privacyProtocol.getID(),
new OctetString(privacyPassword)));
if (encryption)
target = createUserTarget();
else
v1target = createUserTargetWithoutEncryption();
}
}
public ResponseEvent snmpSetOperation(VariableBinding[] vars) throws IOException {
PDU setPdu = new ScopedPDU();
for (VariableBinding variableBinding : vars) {
setPdu.add(variableBinding);
}
return snmp.send(setPdu, target);
}
public ResponseEvent snmpGetOperation(OID oid) throws IOException {
if (encryption) {
PDU getPdu = new ScopedPDU();
getPdu.add(new VariableBinding(oid));
getPdu.setType(ScopedPDU.GET);
return snmp.get(getPdu, target);
} else {
PDU getPdu = new PDU();
getPdu.add(new VariableBinding(oid));
getPdu.setType(PDU.GET);
return snmp.get(getPdu, v1target);
}
}
private UserTarget createUserTarget() {
UserTarget target = new UserTarget();
target.setAddress(nmsIP);
target.setRetries(noOfRetries);
target.setTimeout(timeOut);
target.setVersion(SnmpConstants.version3);
target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
target.setSecurityName(new OctetString(securityName));
return target;
}
private CommunityTarget createUserTargetWithoutEncryption() {
CommunityTarget target = new CommunityTarget();
target.setCommunity(new OctetString("public"));
target.setAddress(nmsIP);
target.setRetries(noOfRetries);
target.setTimeout(timeOut);
target.setVersion(SnmpConstants.version1);
return target;
}
public long getTimeOut() {
return timeOut;
}
public void setTimeOut(long timeOut) {
this.timeOut = timeOut;
}
public int getNoOfRetries() {
return noOfRetries;
}
public void setNoOfRetries(int noOfRetries) {
this.noOfRetries = noOfRetries;
}
}
The execution of the program exits with
NMS IP set : **IPREMOVED**/161
UDP Protocol selected.
response null - error: nullpeerAddress: **IPREMOVED**/161source: org.snmp4j.Snmp#e580929 request: GET[{contextEngineID=80:00:1f:88:80:5e:2e:49:07:2f:68:44:57:00:00:00:00, contextName=}, requestID=588252045, errorStatus=0, errorIndex=0, VBS[1.3.6.1.2.1.1.3.0 = Null]]
Anyone has an idea what I'm doing wrong?
Edit:
From the servers syslog I can see, that the request arrives at the resource:
Jul 31 11:52:46 loadbalancer snmpd[1219]: Connection from UDP: [IP REMOVED]:54734->[IP REMOVED]:161
Jul 31 11:52:46 loadbalancer snmpd[1219]: Connection from UDP: [IP REMOVED]:54734->[IP REMOVED]:161
#i-shm I think you are doing everything ok.
The only problem in your code could be just the line in which you evaluate the response variable. Your are indicating response != null when it should be actually response == null. I mean:
import org.snmp4j.PDU;
import org.snmp4j.ScopedPDU;
import org.snmp4j.Snmp;
import org.snmp4j.Target;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.AuthMD5;
import org.snmp4j.security.AuthSHA;
import org.snmp4j.security.PrivAES128;
import org.snmp4j.security.PrivDES;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.VariableBinding;
public class Listener {
public static void main(String[] args) {
ServerStatusHelper agent = new ServerStatusHelper("host.tld", "udp", 161, "demo", "demo",
"pass", "pass", new AuthMD5(), new PrivDES(), true);
try {
agent.startAgent();
ResponseEvent event = agent.snmpGetOperation(SnmpConstants.sysUpTime);
final PDU response = event.getResponse();
if (response == null) {
System.out.println(
"response null - error: "+ event.getError() +
"peerAddress: " + event.getPeerAddress() +
"source: " + event.getSource().toString() +
"request: " + event.getRequest());
} else {
System.out.println("Response PDU:" + response.toString());
// Process the response as you need, maybe something like this:
long sysUpTime = response.get(0).getVariable().toLong();
// You can find relevant information in the javadocs of the library:
// https://agentpp.com/doc/snmp4j/index.html?org/snmp4j/package-summary.html
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
This is why you do not receive errors in the java code and your syslog indicates that the requests were actually sent.
I am using Log4j logging.
As Jersey 2.25 uses java util logging, Requests and responses are not getting logged
In Older jersey, I had custom filter for this.
Does any one have idea to fix it.
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.List;
import java.util.Map;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.protocol.HttpContext;
import org.glassfish.jersey.message.internal.ReaderWriter;
import org.glassfish.jersey.server.ContainerException;
import org.glassfish.jersey.server.ContainerRequest;
import org.glassfish.jersey.server.ContainerResponse;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.server.spi.ContainerResponseWriter;
public class LoggingFilter implements ContainerRequestFilter, ContainerResponseFilter {
/**
* If true the request and response entities (if present) will not be logged. If false the request
* and response entities will be logged.
* <p>
* The default value is false.
*/
public static final String FEATURE_LOGGING_DISABLE_ENTITY =
"com.sun.jersey.config.feature.logging.DisableEntitylogging";
private static final Log LOGGER = LogFactory.getLog(LoggingFilter.class.getName());
private static final String NOTIFICATION_PREFIX = "* ";
private static final String REQUEST_PREFIX = "> ";
private static final String RESPONSE_PREFIX = "< ";
private final Log logger;
private #Context HttpContext hc;
private #Context ResourceConfig rc;
private long id = 0;
/**
* Create a logging filter logging the request and response to a default JDK logger, named as the
* fully qualified class name of this class.
*/
public LoggingFilter() {
this(LOGGER);
}
/**
* Create a logging filter logging the request and response to a JDK logger.
*
* #param logger the logger to log requests and responses.
*/
public LoggingFilter(Log logger) {
this.logger = logger;
}
private synchronized void setId() {
if (hc.getAttribute("request-id") == null) {
hc.setAttribute("request-id", Long.toString(++id));
}
}
private StringBuilder prefixId(StringBuilder b) {
b.append(hc.getAttribute("request-id").toString()).append(" ");
return b;
}
public ContainerRequest filter(ContainerRequest request) {
setId();
final StringBuilder b = new StringBuilder();
printRequestLine(b, request);
printRequestHeaders(b, request.getRequestHeaders());
if (rc.getProperties().get(FEATURE_LOGGING_DISABLE_ENTITY)) {
logger.debug(b.toString());
return request;
} else {
ByteArrayOutputStream out = new ByteArrayOutputStream();
InputStream in = request.getEntityInputStream();
try {
if (in.available() > 0) {
ReaderWriter.writeTo(in, out);
byte[] requestEntity = out.toByteArray();
try {
String contentType = request.getRequestHeaders().getFirst(HttpHeaders.CONTENT_TYPE);
if (contentType != null && (contentType.startsWith("image")
|| contentType.equals("application/octet-stream"))) {
b.append("Binary content: " + contentType).append("\n");
} else {
printEntity(b, requestEntity);
}
} catch (Exception e) {
logger.warn("Failed to log request", e);
}
request.setEntityInputStream(new ByteArrayInputStream(requestEntity));
}
return request;
} catch (IOException ex) {
throw new ContainerException(ex);
} finally {
logger.debug(b.toString());
}
}
}
private void printRequestLine(StringBuilder b, ContainerRequest request) {
prefixId(b).append(NOTIFICATION_PREFIX).append("Server in-bound request").append('\n');
prefixId(b).append(REQUEST_PREFIX).append(request.getMethod()).append(" ")
.append(request.getRequestUri().toASCIIString()).append('\n');
}
private void printRequestHeaders(StringBuilder b, MultivaluedMap<String, String> headers) {
for (Map.Entry<String, List<String>> e : headers.entrySet()) {
String header = e.getKey();
for (String value : e.getValue()) {
prefixId(b).append(REQUEST_PREFIX).append(header).append(": ").append(value).append('\n');
}
}
prefixId(b).append(REQUEST_PREFIX).append('\n');
}
private void printEntity(StringBuilder b, byte[] entity) throws IOException {
if (entity.length == 0) {
return;
}
b.append(new String(entity)).append("\n");
}
private final class Adapter implements ContainerResponseWriter {
private final ContainerResponseWriter crw;
private final boolean disableEntity;
private long contentLength;
private ContainerResponse response;
private ByteArrayOutputStream baos;
private StringBuilder b = new StringBuilder();
Adapter(ContainerResponseWriter crw) {
this.crw = crw;
this.disableEntity = rc.getFeature(FEATURE_LOGGING_DISABLE_ENTITY);
}
public OutputStream writeStatusAndHeaders(long contentLength, ContainerResponse response)
throws IOException {
printResponseLine(b, response);
printResponseHeaders(b, response.getHttpHeaders());
if (disableEntity) {
logger.debug(b.toString());
return crw.writeStatusAndHeaders(contentLength, response);
} else {
this.contentLength = contentLength;
this.response = response;
return this.baos = new ByteArrayOutputStream();
}
}
public void finish() throws IOException {
if (!disableEntity) {
byte[] entity = baos.toByteArray();
try {
MediaType mediaType =
(MediaType) response.getHttpHeaders().getFirst(HttpHeaders.CONTENT_TYPE);
if (mediaType != null && "application".equals(mediaType.getType())
&& "pdf".equals(mediaType.getSubtype()) == false) {
printEntity(b, entity);
} else {
b.append("Binary content: ");
if (mediaType != null && mediaType.getType() != null
&& mediaType.getSubtype() != null) {
b.append(mediaType.getType());
b.append("/");
b.append(mediaType.getSubtype());
}
b.append("\n");
}
} catch (Exception e) {
logger.error("Failed to log response", e);
}
//Output to log
logger.debug(b.toString());
// Write out the headers and buffered entity
OutputStream out = crw.writeStatusAndHeaders(contentLength, response);
out.write(entity);
}
crw.finish();
}
}
public ContainerResponse filter(ContainerRequest request, ContainerResponse response) {
setId();
response.setContainerResponseWriter(new Adapter(response.getContainerResponseWriter()));
return response;
}
private void printResponseLine(StringBuilder b, ContainerResponse response) {
prefixId(b).append(NOTIFICATION_PREFIX).append("Server out-bound response").append('\n');
prefixId(b).append(RESPONSE_PREFIX).append(Integer.toString(response.getStatus())).append('\n');
}
private void printResponseHeaders(StringBuilder b, MultivaluedMap<String, Object> headers) {
for (Map.Entry<String, List<Object>> e : headers.entrySet()) {
String header = e.getKey();
for (Object value : e.getValue()) {
prefixId(b).append(RESPONSE_PREFIX).append(header).append(": ")
.append(ContainerResponse.getHeaderValue(value)).append('\n');
}
}
prefixId(b).append(RESPONSE_PREFIX).append('\n');
}
}
I want to create a user authentication form for my java application using firebase. The dependencies for connection to the realtime database is available and the use of Firebase Admin is well documented here.
But presently Firebase Admin supports user authentication only for Node.js and it is documented here.
Here is my test code.
public class Login {
private JPanel jPanel;
public static void main(String[] args) {
// Show My Form
JFrame jFrame = new JFrame("Login");
jFrame.setContentPane(new Login().jPanel);
jFrame.pack();
jFrame.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE);
jFrame.setVisible(true);
// Firebase
FirebaseOptions options = null;
try {
options = new FirebaseOptions.Builder()
.setServiceAccount(new FileInputStream("xxx.json"))
.setDatabaseUrl("https://xxx.firebaseio.com/")
.build();
} catch (FileNotFoundException e) {
e.printStackTrace();
}
if (options != null) {
FirebaseApp.initializeApp(options);
DatabaseReference ref = FirebaseDatabase.getInstance().getReference("Clip");
ref.addValueEventListener(new ValueEventListener() {
public void onDataChange(DataSnapshot dataSnapshot) {
System.out.println("ClipText = [" + dataSnapshot.getValue() + "]");
}
public void onCancelled(DatabaseError databaseError) {
}
});
}
}
}
Can anyone please guide me how can I create user authentication (e.g. Create user using email & password, Sign in) for my java application?
Note: I'm using Gradle.
Basing on the REST API documentation here: https://firebase.google.com/docs/reference/rest/auth/
i created a singleton like that to get a valid token from email and password and to validate it using the getAccountInfo method:
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
public class FireBaseAuth {
private static final String BASE_URL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/";
private static final String OPERATION_AUTH = "verifyPassword";
private static final String OPERATION_REFRESH_TOKEN = "token";
private static final String OPERATION_ACCOUNT_INFO = "getAccountInfo";
private String firebaseKey;
private static FireBaseAuth instance = null;
protected FireBaseAuth() {
firebaseKey = "YOUR FIREBASE KEY HERE";
}
public static FireBaseAuth getInstance() {
if(instance == null) {
instance = new FireBaseAuth();
}
return instance;
}
public String auth(String username, String password) throws Exception {
HttpURLConnection urlRequest = null;
String token = null;
try {
URL url = new URL(BASE_URL+OPERATION_AUTH+"?key="+firebaseKey);
urlRequest = (HttpURLConnection) url.openConnection();
urlRequest.setDoOutput(true);
urlRequest.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
OutputStream os = urlRequest.getOutputStream();
OutputStreamWriter osw = new OutputStreamWriter(os, "UTF-8");
osw.write("{\"email\":\""+username+"\",\"password\":\""+password+"\",\"returnSecureToken\":true}");
osw.flush();
osw.close();
urlRequest.connect();
JsonParser jp = new JsonParser(); //from gson
JsonElement root = jp.parse(new InputStreamReader((InputStream) urlRequest.getContent())); //Convert the input stream to a json element
JsonObject rootobj = root.getAsJsonObject(); //May be an array, may be an object.
token = rootobj.get("idToken").getAsString();
} catch (Exception e) {
return null;
} finally {
urlRequest.disconnect();
}
return token;
}
public String getAccountInfo(String token) throws Exception {
HttpURLConnection urlRequest = null;
String email = null;
try {
URL url = new URL(BASE_URL+OPERATION_ACCOUNT_INFO+"?key="+firebaseKey);
urlRequest = (HttpURLConnection) url.openConnection();
urlRequest.setDoOutput(true);
urlRequest.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
OutputStream os = urlRequest.getOutputStream();
OutputStreamWriter osw = new OutputStreamWriter(os, "UTF-8");
osw.write("{\"idToken\":\""+token+"\"}");
osw.flush();
osw.close();
urlRequest.connect();
JsonParser jp = new JsonParser(); //from gson
JsonElement root = jp.parse(new InputStreamReader((InputStream) urlRequest.getContent())); //Convert the input stream to a json element
JsonObject rootobj = root.getAsJsonObject(); //May be an array, may be an object.
email = rootobj.get("users").getAsJsonArray().get(0).getAsJsonObject().get("email").getAsString();
} catch (Exception e) {
return null;
} finally {
urlRequest.disconnect();
}
return email;
}
}
This not allow you to create users dinamically but suppose to have them already created on Firebase
I've intentionally copy-pasted this question dont be angry for duplicate.
There are several unclear moments for me in the topic:
1)
xmpp.login(apiKey + "|" + sessionKey, sessionSecret, "Application");
sessionKey is the second part of the access token. If the token is in
this form, AAA|BBB|CCC, the BBB is the session key
But my access token looks like: BAADcfjCWMLABAIyzRSZA69eAtA9Dr3EQVlXA8Ql6rr5odDWxNYZCHhssiaar8S0gaPLZAm1ZBKCqWO3QFegJPR39hT0JR5ZCyIP1AJZC19qh9mFAExUd9KDjJ05yjE3IUZD
so I cant see any "second part"...
2)
sessionSecret is obtained using the old REST API with the method
auth.promoteSession. To use it, it's needed to make a Http get to this
url:
https://api.facebook.com/method/auth.promoteSession?access_token=yourAccessToken
Despite of the Facebook Chat documentation says that it's needed to
use your application secret key, only when I used the key that
returned that REST method I was able to make it works. To make that
method works, you have to disable the Disable Deprecated Auth Methods
option in the Advance tab in your application settings.
I've read here that REST is deprecated and
We will not be supporting this method in the Graph API.
What should I do? I'm using only Graph API. Is there any other way to get sessionSecret?
Thanks!
I tested this one and it worked for me .
First of all Edit your SASLXFacebookPlatformMechanism class . Copy and paste this code .
package com.facebook.android;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import org.apache.harmony.javax.security.auth.callback.CallbackHandler;
import org.apache.harmony.javax.security.sasl.Sasl;
import org.jivesoftware.smack.SASLAuthentication;
import org.jivesoftware.smack.XMPPException;
import org.jivesoftware.smack.sasl.SASLMechanism;
import org.jivesoftware.smack.util.Base64;
import android.util.Log;
public class SASLXFacebookPlatformMechanism extends SASLMechanism {
private static final String NAME = "X-FACEBOOK-PLATFORM";
private String apiKey = "";
private String accessToken = "";
/**
* Constructor.
*/
public SASLXFacebookPlatformMechanism(SASLAuthentication saslAuthentication) {
super(saslAuthentication);
}
#Override
protected void authenticate() throws IOException, XMPPException {
getSASLAuthentication().send(new AuthMechanism(NAME, ""));
}
#Override
public void authenticate(String apiKey, String host, String accessToken) throws IOException, XMPPException {
if (apiKey == null || accessToken == null) {
throw new IllegalArgumentException("Invalid parameters");
}
this.apiKey = apiKey;
this.accessToken = accessToken;
this.hostname = host;
String[] mechanisms = { "DIGEST-MD5" };
Map<String, String> props = new HashMap<String, String>();
this.sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, this);
authenticate();
}
#Override
public void authenticate(String username, String host, CallbackHandler cbh) throws IOException, XMPPException {
String[] mechanisms = { "DIGEST-MD5" };
Map<String, String> props = new HashMap<String, String>();
this.sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh);
authenticate();
}
#Override
protected String getName() {
return NAME;
}
#Override
public void challengeReceived(String challenge) throws IOException {
byte[] response = null;
if (challenge != null) {
String decodedChallenge = new String(Base64.decode(challenge));
Map<String, String> parameters = getQueryMap(decodedChallenge);
String version = "1.0";
String nonce = parameters.get("nonce");
String method = parameters.get("method");
String composedResponse =
"method=" + URLEncoder.encode(method, "utf-8") +
"&nonce=" + URLEncoder.encode(nonce, "utf-8") +
"&access_token=" + URLEncoder.encode(accessToken, "utf-8") +
"&api_key=" + URLEncoder.encode(apiKey, "utf-8") +
"&call_id=0" +
"&v=" + URLEncoder.encode(version, "utf-8");
response = composedResponse.getBytes();
}
String authenticationText = "";
if (response != null) {
authenticationText = Base64.encodeBytes(response);
}
// Send the authentication to the server
getSASLAuthentication().send(new Response(authenticationText));
}
private Map<String, String> getQueryMap(String query) {
Map<String, String> map = new HashMap<String, String>();
String[] params = query.split("\\&");
for (String param : params) {
String[] fields = param.split("=", 2);
map.put(fields[0], (fields.length > 1 ? fields[1] : null));
}
return map;
}
}
Then use this method in your activity class from where you want to login to facebook.
private void testLogin(){
ConnectionConfiguration config = new ConnectionConfiguration("chat.facebook.com", 5222);
config.setSASLAuthenticationEnabled(true);
config.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);
xmpp = new XMPPConnection(config);
SASLAuthentication.registerSASLMechanism("X-FACEBOOK-PLATFORM",SASLXFacebookPlatformMechanism.class);
SASLAuthentication.supportSASLMechanism("X-FACEBOOK-PLATFORM", 0);
Log.i("XMPPClient",
"Access token to " + mFacebook.getAccessToken());
Log.i("XMPPClient",
"Access token to " + mFacebook.getAppId());
Log.i("XMPPClient",
"Access token to " + mFacebook.getAccessToken());
try {
xmpp.connect();
Log.i("XMPPClient",
"Connected to " + xmpp.getHost());
} catch (XMPPException e1) {
Log.i("XMPPClient",
"Unable to " + xmpp.getHost());
e1.printStackTrace();
}
try {
xmpp.login(PreferenceConnector.APP_ID, mFacebook.getAccessToken());
getRoster(xmpp);
} catch (XMPPException e) {
e.printStackTrace();
}
}
When i am using this code it gives error:
2011-08-10 13:18:13.368::WARN: EXCEPTION
java.lang.IllegalAccessError: tried to access method org.mortbay.util.Utf8StringBuffer.(I)V from class org.mortbay.jetty.HttpURI
Code:
package com.google.api.client.sample.docs.v3;
import com.google.api.client.auth.oauth.OAuthCredentialsResponse;
import com.google.api.client.auth.oauth.OAuthHmacSigner;
import com.google.api.client.auth.oauth.OAuthParameters;
import com.google.api.client.googleapis.auth.oauth.GoogleOAuthAuthorizeTemporaryTokenUrl;
import com.google.api.client.googleapis.auth.oauth.GoogleOAuthGetAccessToken;
import com.google.api.client.googleapis.auth.oauth.GoogleOAuthGetTemporaryToken;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.sample.docs.v3.model.DocsUrl;
import java.awt.Desktop;
import java.awt.Desktop.Action;
import java.net.URI;
public class Auth {
private static final String APP_NAME ="Google Documents List Data API Java Client Sample";
private static OAuthHmacSigner signer;
private static OAuthCredentialsResponse credentials;
static void authorize(HttpTransport transport) throws Exception {
// callback server
LoginCallbackServer callbackServer = null;
String verifier = null;
String tempToken = null;
try {
callbackServer = new LoginCallbackServer();
callbackServer.start();
// temporary token
GoogleOAuthGetTemporaryToken temporaryToken =new GoogleOAuthGetTemporaryToken();
signer = new OAuthHmacSigner();
signer.clientSharedSecret = "anonymous";
temporaryToken.signer = signer;
temporaryToken.consumerKey = "in.gappsdemo.in";
//temporaryToken.scope ="https://apps-apis.google.com/a/feeds/user/";
temporaryToken.scope = DocsUrl.ROOT_URL;
temporaryToken.displayName = APP_NAME;
temporaryToken.callback = callbackServer.getCallbackUrl();
System.out.println("temporaryToken.callback: "+temporaryToken.callback);
OAuthCredentialsResponse tempCredentials = temporaryToken.execute();
signer.tokenSharedSecret = tempCredentials.tokenSecret;
System.out.println("signer.tokenSharedSecret: " + signer.tokenSharedSecret);
// authorization URL
GoogleOAuthAuthorizeTemporaryTokenUrl authorizeUrl =new GoogleOAuthAuthorizeTemporaryTokenUrl();
authorizeUrl.temporaryToken = tempToken = tempCredentials.token;
String authorizationUrl = authorizeUrl.build();
System.out.println("Go to this authorizationUrl: " + authorizationUrl);
// launch in browser
boolean browsed = false;
if (Desktop.isDesktopSupported()) {
Desktop desktop = Desktop.getDesktop();
if (desktop.isSupported(Action.BROWSE)) {
System.out.println("In if browsed condition:");
desktop.browse(URI.create(authorizationUrl));
browsed = true;
}
}
if (!browsed) {
String browser = "google-chrome";
Runtime.getRuntime().exec(new String[] {browser, authorizationUrl});
System.out.println("In if !browsed condition1:");
}
System.out.println("tempToken: "+tempToken);
verifier = callbackServer.waitForVerifier(tempToken);
System.out.println("GoogleOAuthGetAccessToken: ");
} finally {
System.out.println("server Stop:");
if (callbackServer != null) {
System.out.println("server Stop:");
callbackServer.stop();
}
}
System.out.println("GoogleOAuthGetAccessToken: ");
GoogleOAuthGetAccessToken accessToken = new GoogleOAuthGetAccessToken();
accessToken.temporaryToken = tempToken;
accessToken.signer = signer;
accessToken.consumerKey = "in.gappsdemo.in";
accessToken.verifier = verifier;
credentials = accessToken.execute();
signer.tokenSharedSecret = credentials.tokenSecret;
System.out.println("signer.tokenSharedSecret: ");
createOAuthParameters().signRequestsUsingAuthorizationHeader(transport);
}
static void revoke() {
if (credentials != null) {
try {
GoogleOAuthGetAccessToken.revokeAccessToken(createOAuthParameters());
} catch (Exception e) {
e.printStackTrace(System.err);
}
}
}
private static OAuthParameters createOAuthParameters() {
OAuthParameters authorizer = new OAuthParameters();
authorizer.consumerKey = "in.gappsdemo.in";
authorizer.signer = signer;
authorizer.token = credentials.token;
return authorizer;
}
}
Here are two potentially related, posts. Notice you're getting an Error, not an Exception, so that is interesting. You might try running your JVM with -verbose to see where each class is getting loaded from, to see if maybe you're compiling with one class/jar, but accidentally running with another.
Also notice from the error that the packages are slightly different "org.mortbay.util" vs. "org.mortbay.jetty", so the UTF8StringBuffer constructor would need to be more visible. But again, normally a compiler would catch that.
I realize this isn't a full answer, to be sure, but at least a couple places to start looking.