Google 2 legged oauth

最新推荐文章于 2023-05-07 12:08:51 发布

totogogo

最新推荐文章于 2023-05-07 12:08:51 发布

阅读量2.1k

点赞数

分类专栏： Google 文章标签： google credentials domain user access calendar

本文链接：https://blog.csdn.net/totogogo/article/details/6853142

版权

Google 专栏收录该内容

18 篇文章 0 订阅

订阅专栏

参考文档：

* 2 legged oauth基本概念(中文) http://djb4ke.iteye.com/blog/664958

* google 2 legged oauth for google apps domain: http://code.google.com/intl/zh-TW/apis/accounts/docs/OAuth.html#GoogleAppsOAuth

* 使用google client library来进行google 2 legged oauth的例子: http://code.google.com/intl/zh-TW/apis/gdata/docs/auth/oauth.html#2LeggedOAuth

Two legs的意思是OAuth的参与者为两个：Social Network Server和App server.

2-legged OAuth协议是两个服务器backend的交互，与3-legged相比，缺少了user这个角色，不需要经过user-agent(Gadget，浏览器等)。

因为不需要user，所以自然不需要用户认证。这就要求用户事先已经允许App Server访问存放于Social Site的私人数据。

2-legged 与 3-legged的区别及联系

OAuth一般是指3-legged OAuth，这点从OAuth协议就能看出，整个OAuth的过程需要用户的这个角色，用户需要登录（身份认证）和允许APP访问数据（授权操作）。因此3 legged OAuth是OAuth的标准版本，并已被Yahoo Google Aol等部署应用，3-legged需要用户的参与，从OAuth consmer开始，重定向到OAuth provider，去做登录及授权，如果授权通过，用户又被弹回OAuth consumer，因此用户这一些列操作被戏称为“dance”。而这支非常灵动的舞蹈，让整个网络的app和数据互动起来了，但是代价却是让用户头晕的一些列操作，用户体验是非常差的= =#（可以想想，一个并不了解OAuth流程的用户，对于两个site间来回跳并且要阅读很多类似法律条款的授权警告，以及操作，是多么的困惑）

阅读完上面的参考文档和基本概念后，下面step by step搭建一个google 2 legged oauth的最简单的环境和例子

Step 1: 申请一个google apps for education at http://www.google.com/apps/intl/en/edu/get_apps.html，我之前申请了一个，URL is https://www.google.com/a/chtl.hkbu.edu.hk

Step 2: 以admin登录step 1申请的google apps, access "Advance Tools > Manage OAuth domain key"，选上"Two-legged OAuth access control" option, and then click "save changes" button

Step 3: 为了执行step 4的code，我在chtl.hkbu.edu.hk google app里create a user "student1@chtl.hkbu.edu.hk"

Step 4: create following class

package example_tomson.twoleggedoauth;

import java.net.URL;

import sample.oauth.TwoLeggedOAuthUserInputHelper;
import sample.oauth.UserInputHelper;
import sample.oauth.UserInputVariables;

import com.google.gdata.client.GoogleService;
import com.google.gdata.client.authn.oauth.GoogleOAuthHelper;
import com.google.gdata.client.authn.oauth.GoogleOAuthParameters;
import com.google.gdata.client.authn.oauth.OAuthHmacSha1Signer;
import com.google.gdata.client.authn.oauth.OAuthSigner;
import com.google.gdata.data.BaseEntry;
import com.google.gdata.data.BaseFeed;
import com.google.gdata.data.Feed;

/**
 * 演示google 2 legged oauth。
 * 
 * 在使用google 2 legged oauth之前，需要要在http://www.google.com/apps/intl/en/edu/get_apps.html 
 * 申请一个google apps for education/business
 */
public class TwoLeggedOauthExample {
	public static void main(String[] args) throws Exception {
		//来自chtl.hkbu.edu.hk google apps domain https://www.google.com/a/chtl.hkbu.edu.hk
		String oauthConsumerKey="chtl.hkbu.edu.hk";
		String oauthConsumerSecret="xxx";
		
		String scope = "http://www.google.com/calendar/feeds/";
		String strCalendarFeedUrl="http://www.google.com/calendar/feeds/default/allcalendars/full";

		//该值会以"xoauth_requestor_id" param的值添加到feed url里
		//它用来设置which user you are loading the data for.
		//例如，to access chtl.hkbu.edu.hk google apps domain的user "student1@chtl.hkbu.edu.hk"
		String xoauthRequestorId="student1@chtl.hkbu.edu.hk"; 
		// !!!Append the "xoauth_requestor_id" parameter to the feed url. This
		// parameter indicates which user you are loading the data for.
		strCalendarFeedUrl += "?xoauth_requestor_id=" + xoauthRequestorId;
		
		// //
		// STEP 1: Set up the OAuth objects
		// //

		// You first need to initialize a few OAuth-related objects.
		// GoogleOAuthParameters holds all the parameters related to OAuth.
		// OAuthSigner is responsible for signing the OAuth base string.
		GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters();
		oauthParameters.setOAuthConsumerKey(oauthConsumerKey);
		oauthParameters.setOAuthConsumerSecret(oauthConsumerSecret);
		// Set the scope for this particular service.
		oauthParameters.setScope(scope);
		// Initialize the OAuth Signer. 2-Legged OAuth must use HMAC-SHA1!
		OAuthSigner signer = new OAuthHmacSha1Signer();		
		// create a new GoogleOAuthHelperObject which is used for all OAuth-related interaction.
		GoogleOAuthHelper oauthHelper = new GoogleOAuthHelper(signer);

		// //
		// STEP 2: Make a request to Google
		// //

		URL feedUrl = new URL(strCalendarFeedUrl);

		System.out.println("Sending request to " + feedUrl.toString());
		System.out.println();
		String googleServiceName = "cl";
		//!!注意第2个参数的值
		GoogleService googleService = new GoogleService(googleServiceName, "2-legged-oauth-sample-app");

		// Set the OAuth credentials which were obtained from the steps above.
		googleService.setOAuthCredentials(oauthParameters, signer);

		// Make the request to Google
		BaseFeed resultFeed = googleService.getFeed(feedUrl, Feed.class);
		System.out.println("Response Data:");
		System.out.println("=====================================================");
		System.out.println("| TITLE: " + resultFeed.getTitle().getPlainText());
		if (resultFeed.getEntries().size() == 0) {
			System.out.println("|\tNo entries found.");
		} else {
			for (int i = 0; i < resultFeed.getEntries().size(); i++) {
				BaseEntry entry = (BaseEntry) resultFeed.getEntries().get(i);
				System.out.println("|\t" + (i + 1) + ": "
						+ entry.getTitle().getPlainText());
			}
		}
		System.out.println("=====================================================");
	}
}

step 5: run it, you will get calendar list of student1@chtl.hkbu.edu.hk

totogogo

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Google 2 legged oauth

参考文档：* 2 legged oauth基本概念(中文) http://djb4ke.iteye.com/blog/664958* google 2 legged oauth for google apps domain: http://code.google.com/intl/zh-TW/apis/accounts/docs/OAuth.html#GoogleAppsOAuth*
复制链接

扫一扫

专栏目录