Hi folks,
I guess many of you want to implement Google OAuth in your Web applications but it will be so hard to start it by following Google Developers site.So here i'm going to explaine you how to implement Google OAuth 2.0.
Basic Steps to be followed ::
-->Register Application:
All applications that access a Google API must be registered through the APIs Console. The result of this registration process is a set of values that are known to both Google and your application(e.g. client_id, client_secret,redirect_uri, etc). The set of values generated varies based on what type of application you are building. For example a JavaScript application does not require a secret, but a web application does.
-->Obtain an Access Token from the Google Authorization Server:
Before your application can access a Google API, it must obtain an access token that grants access to that API. A single access token may grant varying degrees of access to multiple APIs. The set of resources and operations permitted by an access token is controlled during the access token request via a variable parameter called 'scope'. Several scopes may be included in a request.
-->Send Access Token to an API:
After an application has obtained an access token, it may send the access token in a request to a Google API. Access tokens are valid only for the set of operations and resources described in the token request. For example, if an access token is issued for the Google+ API, it will not grant access to the Google Contacts API. It may, however, be sent to the Google+ API multiple times for similar operations. Access tokens are sent to a Google API in the HTTP Authorization header, or as a query string parameter (if HTTP header operations are not available).
-->Refresh the Access Token (optional):
Access tokens have a limited lifetime and, in some cases, an application needs access to a Google API beyond the lifetime of a single access token. When this is the case, your application can obtain what is called a refresh token. A refresh token allows your application to obtain new access tokens.
Note that there are limits on the number of refresh tokens that will be issued; one limit per client/user combination, and another per user across all clients. You should save refresh tokens in long-term storage and continue to use them as long as they remain valid. If your application requests too many refresh tokens, it may run into these limits, in which case older refresh tokens will stop working.
Implementation Of Sample Application:-
Now we are going to implement a small application which is having Google Authentication.
Before getting into the code make sure like you are having the following jar's in your classpath.
Try it out for yourself!!
commons-logging-1.0.4.jar
google-api-client-1.5.0-beta.jar
google-api-client-extensions-1.5.0-beta.jar
google-api-services-plus-v1-1.2.4-beta.jar
google-api-services-plus-v1-1.2.4-beta-sources.jar
google-http-client-1.5.0-beta.jar
google-http-client-extensions-1.5.0-beta.jar
google-oauth-client-1.5.0-beta.jar
google-oauth-client-extensions-1.5.0-beta.jar
gson-1.6.jar
guava-r09.jar
jackson-core-asl-1.9.3.jar
jackson-mapper-asl-1.9.3.jar{make sure both jackson-core and jackson-mapper should be of same version}
json-20080701.jar
So let me write one small html page with a button , on clicking on the button we l request for Google Authentication .
index.html
Now in the controller(servlet) side we need to implement the service like .Here we need to Map the URL "/googleOauth" with the controller in web.xml.
oAuthController.java
So now on clicking on the Button in index.html you will be redirected to authorization page there by allowing to get the details you will get user profile details,like firstName, Lastname,email etc.
I guess many of you want to implement Google OAuth in your Web applications but it will be so hard to start it by following Google Developers site.So here i'm going to explaine you how to implement Google OAuth 2.0.
Basic Steps to be followed ::
-->Register Application:
All applications that access a Google API must be registered through the APIs Console. The result of this registration process is a set of values that are known to both Google and your application(e.g. client_id, client_secret,redirect_uri, etc). The set of values generated varies based on what type of application you are building. For example a JavaScript application does not require a secret, but a web application does.
-->Obtain an Access Token from the Google Authorization Server:
Before your application can access a Google API, it must obtain an access token that grants access to that API. A single access token may grant varying degrees of access to multiple APIs. The set of resources and operations permitted by an access token is controlled during the access token request via a variable parameter called 'scope'. Several scopes may be included in a request.
-->Send Access Token to an API:
After an application has obtained an access token, it may send the access token in a request to a Google API. Access tokens are valid only for the set of operations and resources described in the token request. For example, if an access token is issued for the Google+ API, it will not grant access to the Google Contacts API. It may, however, be sent to the Google+ API multiple times for similar operations. Access tokens are sent to a Google API in the HTTP Authorization header, or as a query string parameter (if HTTP header operations are not available).
-->Refresh the Access Token (optional):
Access tokens have a limited lifetime and, in some cases, an application needs access to a Google API beyond the lifetime of a single access token. When this is the case, your application can obtain what is called a refresh token. A refresh token allows your application to obtain new access tokens.
Note that there are limits on the number of refresh tokens that will be issued; one limit per client/user combination, and another per user across all clients. You should save refresh tokens in long-term storage and continue to use them as long as they remain valid. If your application requests too many refresh tokens, it may run into these limits, in which case older refresh tokens will stop working.
Implementation Of Sample Application:-
Now we are going to implement a small application which is having Google Authentication.
Before getting into the code make sure like you are having the following jar's in your classpath.
Try it out for yourself!!
commons-logging-1.0.4.jar
google-api-client-1.5.0-beta.jar
google-api-client-extensions-1.5.0-beta.jar
google-api-services-plus-v1-1.2.4-beta.jar
google-api-services-plus-v1-1.2.4-beta-sources.jar
google-http-client-1.5.0-beta.jar
google-http-client-extensions-1.5.0-beta.jar
google-oauth-client-1.5.0-beta.jar
google-oauth-client-extensions-1.5.0-beta.jar
gson-1.6.jar
guava-r09.jar
jackson-core-asl-1.9.3.jar
jackson-mapper-asl-1.9.3.jar{make sure both jackson-core and jackson-mapper should be of same version}
json-20080701.jar
So let me write one small html page with a button , on clicking on the button we l request for Google Authentication .
index.html
Now in the controller(servlet) side we need to implement the service like .Here we need to Map the URL "/googleOauth" with the controller in web.xml.
oAuthController.java
So now on clicking on the Button in index.html you will be redirected to authorization page there by allowing to get the details you will get user profile details,like firstName, Lastname,email etc.
