java - looking for a simple example program on how to login with google using OAuth 2.0 -


i new oauth, looking simple java example program on how login google using oauth 2.0, searched lot didn't find appropriate solutions. can please me this.

i had hard time myself. there examples in different languages out there, none of them explain what's going on, , many rely on third-party libraries actual implementation. not recommend implementing solution uses third-party libraries. why? because lot of third-party libraries can fall behind in maintenance, security , bug fixes, , abandoned altogether. caution against using google's own libraries, because still relying on google continue supporting language. not risk worth taking when you're dealing security , authentication.

a few years ago dug in , figured out how actually perform oauth2 login , verification using nothing standard libraries, complete necessary validation ensure integrity of data coming google. in c#, tried explain code line-by-line as could, should figure out how in java.

this article covers series (three parts) along links bunch of documentation found helped immensely in understanding oauth2 process , how jwts work.

google uses jwt - javascript web token - return application digitally-signed information need validate user are. jwt standardized json-based format 3 segments in base64-encoded string. first 2 segments straightforward , can converted base64 regular json. third segment digital signature. this documentation ietf explains, step-by-step, how digital signature created , how use validate data returned google. read thoroughly understand need accomplish in application.

i did quick search on java's available libraries support rsa pkcs#1 (this need validate jwt signature against google's public certificates) , coming empty-handed, i'm not java dev, might have easier time finding need.

i want stress on this.

if can't figure out how use rsa pkcs#1 validate digitally-signed data google returns after user authorizes application, don't try implement oauth2 on own.

there serious security implications of allowing application authorize user without validating login information, , not want open possibility.

that being said, it's not hard once figure out digital signature part. third part of article series covers how works pretty in-depth, should able figure out how translate java.

in high-level view, here's want achieve:

  1. send user google’s login service via url
  2. process data returned google
  3. request user details google via post
  4. verify returned, digitally-signed user data valid

the important bits you'll need are:

  • post submitting data google's oauth2 service
  • base64 decoding google's jwt response usable data
  • some way of locally caching google's public certificates (they change every 24 hours)
  • x.509 converting google's public certificate (which base64 text representation of cert) actual x.509 certificate object
  • rsa pkcs#1 (not same rsa pkcs#11; they're 2 different standards , not interchangeable) validating signed jwt against google's public x509 certificate.

please comment here (or on blog) if have questions how works, , i'll best help. have background in both development , little cryptography, can understand how works , why.

disclaimer: if it's against rules link article versus explaining here, i'll revise post. oauth2 involved, though, trying copypasta entire code explanation pretty arduous.


Comments

Post a Comment

Popular posts from this blog

authentication - Mongodb revoke acccess to connect test database -

i have ec2 instance mongodb 3.2.0 installed. have user admin access. can connect user , perform operation remotely. 1 can connect database test remote if knows ip mongo 11.11.11.11. although not able make operations, want restrict access user credentials can connect server. first need create users , grant roles users, example: use admin db.createuser( { user: "myuseradmin", pwd: "abc123", roles: [ { role: "useradminanydatabase", db: "admin" } ] } ) then need start server --auth parameter mongod --auth more information here
Read more

r - Update two sets of radiobuttons reactively - shiny -

i have read ( how make choices in radiobuttons reactive in shiny? ) shows me how update radiobutton s in reactive way. however, when try , update 2 sets of buttons same data, 1 set renders. example: server: # create example data wafer <- rep(c(1:3), each=3) length <- c(1,1,2,1,1,1,3,5,1) width <- c(3,1,6,1,1,1,1,1,6) dd <- data.frame(wafer, length, width) shinyserver(function(input, output, session){ # create reactive dataframe store data values <- reactivevalues() values$df <- data.frame() # lengths , widths of wafer user input <- eventreactive(input$do, { subset(dd, wafer %in% input$wafer, select = length:width) }) # update reactive data frame lengths , widths have been selected user input observe({ if(!is.null(a())) { values$df <- rbind(isolate(values$df), a()) } }) output$wl <- renderdatatable({ a() }) # update radio buttons unique length , widths stored in values$df # ever "observe" put first in co...
Read more

ios - Realm over CoreData should I use NSFetchedResultController or a Dictionary? -

i'm working on app using core data , nsfetchedresultcontroller many reasons switch use realm. saw there "realm version" of nsfetchedresultcontroller on github wouldn't compatible current code using core data. the view controller displaying list of people same school, address book. list sublist of people studied in same city. so thinking make 1 unique request database retrieve list of people , filter locally list within 1 dictionary per school [string: anyobject] string section name within tableview , anyobject array of people. first solution, make nsfetchedresultcontroller each school predicate filtering location. delete actions etc.. handled delegates -> not compatible realm create dictionaries , update them each actions... -> works realm it's annoying code. any better solution? edit: i need clarify request: i'd write class inherit uitableviewcontroller. this class has list of people sorted in alphabetical order the tableview has ...
Read more