I am working on a JSF application.
In which a user should be able to login with gmail/google apps account (redirected to google login page and returned after authentication)
and user should be able to check/delete emails (using Java Gmail) in the subsequent screen.
This application is to be hosted in jboss/tomcat server and not in GAE appspot.
I checked examples to create login and logout urls using GAE API or OAuth2.
https://developers.google.com/appengine/docs/java/users/overview
But it seems it is not possible to access gmail after authentication in the above method.
If somebody can provide any inputs, it is highly appreciated. Thanks for your time.
Related
I managed to get Azure AD Authentication to work by using the sample apps from ADAL4J library from GitHub.
Here it is working.
My question is:
Can the same result be accomplished without the redirect to the Microsoft page?
The customer wants to use his own internal login page.
I'm thinking some sort of behind the scenes POST request to the same URL, and getting the reply. This means my app will see the user credentials, I am ok with that.
Is this supported by Azure AD?
Environment:
Java server side (Spring), AngularJS UI.
Thanks.
The redirect is necessary. Only AAD should be collecting AAD credentials. See this answer for more information on why that is:
How to authenticate user with Azure Active Directory using OAuth 2.0?
I'd like to use the google universal analytics API on the server side. The idea is that there is a browser app showing some graphs which is open to the intranet and doesn't require a login at all. So server either does the login for client and provides the working token to the client or the server provides all the data to the client as well. Oauth login docs and libs from google rely on redirect urls etc which sounds painful for a server-side login . So is it possible and are there any tutorials?
I have developed many stateless RESTful webservices for a mobile application in Java and they are working very well.
For example:
http://.../api/coupon
http://.../api/coupon/{id}
...
Now, I have to extend these services because I have to send different data back to the mobile for every user. So I need to know on the server side which user try to get or set information. And I have to prevent the serve of unauthorized users.
There are two different way how user can login into the mobile application:
log in with facebook account
log in with an application account
I need to develop two login and a logout services because the users who use the mobile application have to login into the application.
I read lots of article about auth and RESTful and OAuth.
I think I have to develop two login services with two imput parameters: username and password.
For example:
localLogin(String username, String password) -> token
facebookLogin(String username, String password) -> token
These logon services have to generate a same token and send it back to the mobile application in the http header. And after the login process the mobile client has a token. And the client has to send this token to the server when it makes a RESTful server call.
What do you think? Is my idea good?
If it is, could you help me how can I start to develop this in Java?
If it is not, could you tell me the good way?
You do not need 2 log in procedures. Just use the Facebook SDK!!
i) In your app would be a login with facebook button.
ii) User clicks on it and is then redirected to the facebook login page, where the user enters his credentials and facebook returns a token to you. You do not have to worry about the user's facebook credentials or storing them anywhere! Facebook will handle that for you. Consider the FB login part as black box to your app - you simply make a FB SDK's login call and it will do some processes and give back a access token to your app.
iii) Now, you can exchange the access token for the user's profile information. Enter this profile info to your database - that will ensure authenticated call.
Once you have verified that the user is logged on you can do whatever you want.
I am developing a web application using strut2 framework and using gmail credentials for login to that application. I am able to use google account services for login purpose successfully. Now I am trying to implement SSO between gmail & my application. The use case is "If user is already logged into gmail, I want that user to log automatically into my application".
How should I go about it?
I have created a java web application using spring. I want the users of my application can be logged automatically into my application when they are logged into facebook. Any help will be highly appreciated.
It depends of your app. BTW, facebook have good documentation about this, you have to use javascript auth (there are many examples), with manually processing result or using facebook-java-api (look at FacebookSignatureUtil for example).
PS you have to register your webapp at facebook before using facebook connect
I don't think it is possible for you to get user to automatically logged into your app. Facebook stores the log in token in a cookie, this cookie will get passed back to same server, not to your server.
The click, will send request to facebook and you will get authentication token from facebook.
In fact, it is possible for facebook login button to log you into site even if user is logged out of facebook. You need to ask for "offline_access" permission.