====== Autentization, Authorization, SSO, OAuth, OpenID ====== ===== Lesson plan ===== * How OAuth and OpenID works * Samples * OAuth * OpenID ===== How OAuth and OpenID works ===== Short presentation on SSO, OAuth, OpenID is given there [[https://docs.google.com/presentation/d/1jB7YoEJdJ8WRNPoItdIajxTlCDPf631CXkY7nJ_dP3A/edit#slide=id.p|Presentation]] ===== Samples ===== In both samples the authentication/authorisation service is Google. We suppose that you have a Google account. If not, try to use your FEL login. ==== OAuth ==== The library for authentication and authorization is google-api-java-client (https://code.google.com/p/google-api-java-client/wiki/OAuth2). We need to add the following maven dependency: com.google.apis google-api-services-oauth2 v2-rev29-1.13.2-beta The sample uses the class GoogleOAuthHelper. The class helps to generate correct URL which redirects the user to the page of the authentication provider (which is Google in this case). Your application has to be registered by the authentication provider. When registering the application it is necessary to set the URL which the user will be redirected to by the server. In the GoogleOAuthHelper class you also need to set the variables CLIENT_ID and CLIENT_SECRET. You will get the values when registering your application. The query string is generated using these variables. Sample {{:courses:a4m36aos:cviceni:aos-oauth.zip|aos-oauth.zip}} Before running the sample: - OAuth requires registration on the provider site. You first need to register your application at this address: [[https://code.google.com/apis/console/]]. You need to create new project first and then create new keay for the application in the APIs & auth section. - As a redirect URL set http://localhost:8080/aos-oauth/index.jsp - Set the CLIENT_ID and CLIENT_SECRET parameters (obtained from the previous point) in GoogleAuthHelper. - Deploy to the application server ==== OpenID ==== V případě openid je použita knihovna openid4java (https://code.google.com/p/openid4java/). Jako poskytovatel autentizace je použit Google. V tomto případě není nutné registrovat uživatele. To test the openId you need to use the openid4java library (https://code.google.com/p/openid4java/). The provider is Google again. In this case we don't need to register the user. Maven: org.openid4java openid4java 0.9.8 The sample contains the helper class GoogleOpenIDHelper, which generates the query string. {{:courses:a4m36aos:cviceni:aos-openid.zip|aos-openid.zip}} The following code is interesting: FetchRequest fetch = FetchRequest.createFetchRequest(); fetch.addAttribute("email", "http://schema.openid.net/contact/email", true); Using the chosen attributes it is necessary to authorize the user at the authentication service - the email address in this case.