OAuth

Aus Peter Fuerholz' Wiki
Version vom 26. Dezember 2013, 16:02 Uhr von Admin (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Instead of every (web) application setting up its own user authentication it is nowadays often possible to log in by means of an already existent Facebook, Twitter etc. account. This works by means of the OAuth resp. OAuth 2.0 specification. Here now I am setting this up in a Vaadin application.

  1. Create a Vaadin application and import the OAuth Popup AddOn. OAuth Popup AddOn on GitHub explains that you have to import Scribe therefore.
  2. To test the implementation you have to create an "application" within each social network you want to support:
  • Twitter: Create application [1]. Do mind that you have to fill in a URL in 'Callback URL', otherwise you cannot use the Vaadin Addon properly (see here). The 'Consumer key' is your key and 'Consumer secret' the secret to use creating the button: TwitterButton(TW_KEY, TW_SECRET);
  • Google: Do same. Do mind that the OAuth Popup respective its underlying Scribe implementation allows to use the Google Account only under OAuth 1.0. See:
Procedure like this:
  1. Go to Google Console and create new project. (I couldn't define the project id by myself, just took one of the suggestions.)
  2. Go into the newly created project, select 'APIs & auth', then press 'Download JSON'. The downloaded file contains the user id and the secret. Place the file to a safe destination.
  3. Etc.
OAuth 2.0 seems quite different to OAuth 1.0 and I was unable to test it in a reasonable amount of time. (No priority since OAuth popup does not support it anyway...)