There are a few features not supported by this implementation:
"application/x-www-form-urlencoded"HTTP request body
"oauth_*"parameters specified in the HTTP request URL (instead assumes they are specified in the
Before using this library, you may need to set up your application as follows:
- For web applications, you may need to first register your application with the
authorization server. It may provide two pieces of information you need:
- OAuth Consumer Key: use this as the
consumerKeyon every OAuth request, for example in com.google.api.client.auth.oauth.AbstractOAuthGetToken#consumerKey.
- OAuth Consumer Secret: use this as the com.google.api.client.auth.oauth.OAuthHmacSigner#clientSharedSecret when using the
- OAuth Consumer Key: use this as the
- For an installed application, an unregistered web application, or a web application running
on localhost, you must use the
"HMAC-SHA1"signature method. The documentation for the authorization server will need to provide you with the
- For the
"HMAC-SHA1"signature method, use com.google.api.client.auth.oauth.OAuthHmacSigner.
- For the
"RSA-SHA1"signature method, use com.google.api.client.auth.oauth.OAuthRsaSigner.
After the set up has been completed, the typical application flow is:
- Request a temporary credentials token from the Authorization server using com.google.api.client.auth.oauth.OAuthGetTemporaryToken. A callback URL should be specified for web applications, but does not need to be specified for installed applications.
- Direct the end user to an authorization web page to allow the end user to authorize the temporary token using using com.google.api.client.auth.oauth.OAuthAuthorizeTemporaryTokenUrl.
- After the user has granted the authorization:
- For web applications, the user's browser will be redirected to the callback URL which may be parsed using com.google.api.client.auth.oauth.OAuthCallbackUrl.
- For installed applications, see the authorization server's documentation for figuring out the verification code.
- Request to exchange the temporary token for a long-lived access token from the Authorization server using com.google.api.client.auth.oauth.OAuthGetAccessToken. This access token must be stored.
- Use the stored access token to authorize HTTP requests to protected resources by setting the com.google.api.client.auth.oauth.OAuthParameters#token and using com.google.api.client.auth.oauth.OAuthParameters as the com.google.api.client.http.HttpRequestInitializer.
Implementation of the OAuth 2.0 Authorization Framework.
Before using this library, you will typically need to register your application with the authorization server to receive a client ID and client secret. See Client Registration.
These are the typical steps of the web server flow based on an authorization code, as specified in Authorization Code Grant:
- Redirect the end user in the browser to the authorization page using com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl to grant your application access to the end user's protected data.
- Process the authorization response using com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl to parse the authorization code.
- Request an access token and possibly a refresh token using com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest.
- Access protected resources using com.google.api.client.auth.oauth2.Credential. Expired access tokens will automatically be refreshed using the refresh token (if applicable).
These are the typical steps of the the browser-based client flow specified in Implicit Grant:
- Redirect the end user in the browser to the authorization page using com.google.api.client.auth.oauth2.BrowserClientRequestUrl to grant your browser application access to the end user's protected data.
These servlets will allow an App Engine user to quickly get started with the auth object interface from the main client. They will utilize the App Engine Datastore and Credentials to manage credentials on behalf of users.
Warning: starting with version 1.7, usage of this for OAuth 2.0 is deprecated. Instead use com.google.api.client.extensions.appengine.auth.oauth2.
OAuth 2.0 utilities that help simplify the authorization flow on Google App Engine.
Auth object framework that will provide an interface to create easy to use, object-oriented methods to obtain and manage auth credentials.
Warning: starting with version 1.7, usage of this for OAuth 2.0 is deprecated. Instead use
Implementation of auth objects to obtain and manage OAuth 1 credentials using the web server flow.
OAuth 2.0 utilities that help simplify the authorization flow on Java 6.
OAuth 2.0 utilities that simplify the authorization flow using an HTTP server.
Servlets that can be completed by users to create and complete a web server auth flow to obtain a credential.
Warning: starting with version 1.7, usage of this for OAuth 2.0 is deprecated. Instead use com.google.api.client.extensions.servlet.auth.oauth2.
OAuth 2.0 utilities that help simplify the authorization flow in HTTP servlets.