Package com.google.api.client.extensions.servlet.auth.oauth2 (1.36.0)

OAuth 2.0 utilities that help simplify the authorization flow in HTTP servlets.

Classes

AbstractAuthorizationCodeCallbackServlet

Thread-safe OAuth 2.0 authorization code callback servlet to process the authorization code or error response from authorization page redirect.

This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. The main servlet class extends AbstractAuthorizationCodeServlet which if the end-user credentials are not found, will redirect the end-user to an authorization page. If the end-user grants authorization, they will be redirected to this servlet that extends AbstractAuthorizationCodeCallbackServlet and the #onSuccess will be called. Similarly, if the end-user grants authorization, they will be redirected to this servlet and #onError will be called.

Sample usage:

public class ServletCallbackSample extends AbstractAuthorizationCodeCallbackServlet {

@Override protected void onSuccess(HttpServletRequest req, HttpServletResponse resp, Credential credential) throws ServletException, IOException { resp.sendRedirect("/"); }

@Override protected void onError( HttpServletRequest req, HttpServletResponse resp, AuthorizationCodeResponseUrl errorResponse) throws ServletException, IOException { // handle error }

@Override protected String getRedirectUri(HttpServletRequest req) throws ServletException, IOException { GenericUrl url = new GenericUrl(req.getRequestURL().toString()); url.setRawPath("/oauth2callback"); return url.build(); }

@Override protected AuthorizationCodeFlow initializeFlow() throws IOException { return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(), new NetHttpTransport(), new GsonFactory(), new GenericUrl("https://server.example.com/token"), new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"), "s6BhdRkqt3", "https://server.example.com/authorize").setCredentialStore( new JdoCredentialStore(JDOHelper.getPersistenceManagerFactory("transactions-optional"))) .build(); }

@Override protected String getUserId(HttpServletRequest req) throws ServletException, IOException { // return user ID } }

AbstractAuthorizationCodeServlet

Thread-safe OAuth 2.0 authorization code flow HTTP servlet that manages and persists end-user credentials.

This is designed to simplify the flow in which an end-user authorizes your web application to access their protected data. Your application then has access to their data based on an access token and a refresh token to refresh that access token when it expires. Your main servlet class should extend AbstractAuthorizationCodeServlet and implement the abstract methods. To get the persisted credential associated with the current request, call #getCredential(). It is assumed that the end-user is authenticated by some external means by which a user ID is obtained. This user ID is used as the primary key for persisting the end-user credentials, and passed in via #getUserId(HttpServletRequest). The first time an end-user arrives at your servlet, they will be redirected in the browser to an authorization page. Next, they will be redirected back to your site at the redirect URI selected in #getRedirectUri(HttpServletRequest). The servlet to process that should extend AbstractAuthorizationCodeCallbackServlet, which should redirect back to this servlet on success.

Although this implementation is thread-safe, it can only process one request at a time. For a more performance-critical multi-threaded web application, instead use AuthorizationCodeFlow directly.

Sample usage:

public class ServletSample extends AbstractAuthorizationCodeServlet {

@Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { // do stuff }

@Override protected String getUserId(HttpServletRequest req) throws ServletException, IOException { // return user ID } }