Hello I am building a app and i am novice to api's and all. I want provide authenticate my users to access my web app via twitter am using servlets and mysql at the back end and jquery and javascript.
Twitter uses OAuth, not OpenID, and I believe what you are looking to do is called Sign in with Twitter, which is outlined here. In order to perform Sign in with Twitter you need to understand OAuth, and have an OAuth implementation you can utilize. A list of libraries that support OAuth is located here.
Related
We have a Spring Boot web app which uses JWT based authentication/authorisation.
Now, we want to add OAuth2 support so that users can login using their Google account.
That would be easy to do using Spring Security.
However, the requirement is a bit different.
If the user wants to use the Google login functionality, he first needs to link their Google account. Basically login into our application using his/her credentials, and on their profile page link their Google account.
The flow would be something like the following:
Click the “Link Google account” button on user’s profile which redirects them to Google
In Google choose the account you want
Google returns with a code. After that, make a request to our backend, on an authenticated endpoint e.g. POST /users/{userId}/accounts which will receive the token returned by Google
In the backend, verify this token by making a request to Google
If all is good, link user’s account with Google by updating the db accordingly
My question is, for step 4, what is the best practice for that? How can I use all the stuff that Spring Security is offering to achieve this?
Thank you in advance,
You have the authorization code and you exchange for access token all over https and all in backend.
There is no need to validate access token ( I don’t think spring security even does this part for integration with google ) at your end.
This should be done by google when you request its resource.
I want to create an application that will download all my photos in Google Photos. I thought it should be easy with the API available.
This should be an CLI application that will run periodically from cron.
But when I looked at the Google Photos API, they use OAuth2.
The sample shows the usage of FixedCredentials:
PhotosLibrarySettings settings =
PhotosLibrarySettings.newBuilder()
.setCredentialsProvider(
FixedCredentialsProvider.create(/* Add credentials here. */))
.build();
The problem is the part where the /* Add credentials here. */ is. How can I provide my user credentials there? There are numerous classes that implement Credentials but none of them look like ones that would allow me to automate retrieval in a CLI application.
The only thing I get from Google is the client_id and client_token for my app, but how to turn that into an access/refresh token so I can use it without my interaction?
I really hope I don't need to launch a web browser to download my photos.
The Google Photos Library API only accepts OAuth User Credentials. This means that users are required to complete the Google OAuth Flow, which means browser based Authorization.
Note: The Library API does not support service accounts. Your
application must use the other OAuth 2.0 flows available such as OAuth
2.0 for web server applications or OAuth 2.0 for mobile and desktop apps.
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses Google
Sign-In, some aspects of authorization are handled for you.
This links details these requirements:
Authentication and authorization scopes
I am developing a application which uses Spring Rest services. I am using basic auth for authentication. I know that it is unsecure. My end client are capable of handling OAuth. I want to use OAuth, can any one point me to how to do OAuth in Java. I saw some examples they mention about Twitter , Google and Facebook.But I don't want to use social networking sites.
OAuth is a concept, and not any library which you can inject, (of course libraries exists to implement that)
So if you want to have OAuth in your application (i.e your application has its own OAuth), you have to setup following things
Authentication Server
Provide Provision to Manage OAuth Clients
Manage AccessTokens
Check out the OAuth 2.0 Specification to get clear understanding of how it works and how to build your own.
https://www.rfc-editor.org/rfc/rfc6749
I have created a Web application in Google App Engine java. Now I want to provide the authentication functionality. User can use his twitter(in future I will provide other OAuth Service provider too) account for login. I have found couple of libraries for twitter authentication like twitter4j. I don't want to use any such kind of library that specifically work for single social site like Twitter, facebook etc. I thought to do oauth implementation by my self. I have pretty good knowledge about oauth mechanism and found google oauth java client library. This library provide the functionality of oauth and is not dependent to any kind of social site(to my knowledge). Unfortunately I didn't find good examples on this library. Can any one help me about the examples, tutorials or any other library that is not dependent to any particular social site.
You can refer http://planet.jboss.org/post/setting_up_google_oauth2_with_java as well as http://googlecode.blogspot.in/2011/09/google-apis-client-library-for-java-now.html links
I need to use oAuth in order to login to my website (with a Twitter account). The backend of the website will be created using Java and the front end will be created using JSP/JSF. Is there any Java based stable API that i could use to connect to Twitter using oAuth ?
Note :
I am aware that there is OAuth and xAuth, i think xAuth uses a pin verification method. What i want to have in my site is a OAuth verification that doesn't use a pin based verification method.
twitter4j - stable and active.
I'm a big fan of Scribe
I created an simple JSP/Spring/twitter4j example.. Twitter OAuth
if you are using Spring you can use Spring Social which can do this for you.