com.google.api.client.auth.oauth
com.google.api.client.util.Beta
OAuth 1.0 authorization as specified in RFC 5849:
The OAuth 1.0 Protocol (see detailed package specification).
There are a few features not supported by this implementation:
PLAINTEXT
signature algorithm"application/x-www-form-urlencoded"
HTTP request body"oauth_*"
parameters specified in the HTTP request URL (instead assumes they are specified in theAuthorization
header)
Before using this library, you may need to set up your application as follows:
- For web applications, you may need to first register your application with the
authorization server. It may provide two pieces of information you need:
- OAuth Consumer Key: use this as the
consumerKey
on every OAuth request, for example in com.google.api.client.auth.oauth.AbstractOAuthGetToken#consumerKey. - OAuth Consumer Secret: use this as the com.google.api.client.auth.oauth.OAuthHmacSigner#clientSharedSecret when using the
"HMAC-SHA1"
signature method.
- OAuth Consumer Key: use this as the
- For an installed application, an unregistered web application, or a web application running
on localhost, you must use the
"HMAC-SHA1"
signature method. The documentation for the authorization server will need to provide you with theconsumerKey
andclientSharedSecret
to use. - For the
"HMAC-SHA1"
signature method, use com.google.api.client.auth.oauth.OAuthHmacSigner. - For the
"RSA-SHA1"
signature method, use com.google.api.client.auth.oauth.OAuthRsaSigner.
After the set up has been completed, the typical application flow is:
- Request a temporary credentials token from the Authorization server using com.google.api.client.auth.oauth.OAuthGetTemporaryToken. A callback URL should be specified for web applications, but does not need to be specified for installed applications.
- Direct the end user to an authorization web page to allow the end user to authorize the temporary token using using com.google.api.client.auth.oauth.OAuthAuthorizeTemporaryTokenUrl.
- After the user has granted the authorization:
- For web applications, the user's browser will be redirected to the callback URL which may be parsed using com.google.api.client.auth.oauth.OAuthCallbackUrl.
- For installed applications, see the authorization server's documentation for figuring out the verification code.
- Request to exchange the temporary token for a long-lived access token from the Authorization server using com.google.api.client.auth.oauth.OAuthGetAccessToken. This access token must be stored.
- Use the stored access token to authorize HTTP requests to protected resources by setting the com.google.api.client.auth.oauth.OAuthParameters#token and using com.google.api.client.auth.oauth.OAuthParameters as the com.google.api.client.http.HttpRequestInitializer.
com.google.api.client.auth.oauth2
Implementation of the OAuth 2.0 Authorization Framework.
Before using this library, you will typically need to register your application with the authorization server to receive a client ID and client secret. See Client Registration.
These are the typical steps of the web server flow based on an authorization code, as specified in Authorization Code Grant:
- Redirect the end user in the browser to the authorization page using com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl to grant your application access to the end user's protected data.
- Process the authorization response using com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl to parse the authorization code.
- Request an access token and possibly a refresh token using com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest.
- Access protected resources using com.google.api.client.auth.oauth2.Credential. Expired access tokens will automatically be refreshed using the refresh token (if applicable).
These are the typical steps of the the browser-based client flow specified in Implicit Grant:
- Redirect the end user in the browser to the authorization page using com.google.api.client.auth.oauth2.BrowserClientRequestUrl to grant your browser application access to the end user's protected data.
- Use a JavaScript application to process the access token found in the URL fragment at the redirect URI registered with the authorization server.
com.google.api.client.auth.openidconnect
com.google.api.client.extensions.appengine.auth
com.google.api.client.util.Beta
These servlets will allow an App Engine user to quickly get started with the auth object
interface from the main client. They will utilize the App Engine Datastore and Credentials to
manage credentials on behalf of users.
Warning: starting with version 1.7, usage of this for OAuth 2.0 is deprecated. Instead use com.google.api.client.extensions.appengine.auth.oauth2.
com.google.api.client.extensions.appengine.auth.oauth2
OAuth 2.0 utilities that help simplify the authorization flow on Google App Engine.
com.google.api.client.extensions.appengine.auth.oauth2.jakarta
OAuth 2.0 utilities that help simplify the authorization flow on Google App Engine. This package
uses the jakarta.servlet
namespace.
com.google.api.client.extensions.auth.helpers
com.google.api.client.util.Beta
Auth object framework that will provide an interface to create easy to use, object-oriented
methods to obtain and manage auth credentials.
Warning: starting with version 1.7, usage of this for OAuth 2.0 is deprecated. Instead use
com.google.api.client.auth.oauth2
.
com.google.api.client.extensions.auth.helpers.oauth
com.google.api.client.util.Beta
Implementation of auth objects to obtain and manage OAuth 1 credentials using the web server
flow.
com.google.api.client.extensions.java6.auth.oauth2
OAuth 2.0 utilities that help simplify the authorization flow on Java 6.
com.google.api.client.extensions.jetty.auth.oauth2
OAuth 2.0 utilities that simplify the authorization flow using an HTTP server.
com.google.api.client.extensions.servlet.auth
com.google.api.client.util.Beta
Servlets that can be completed by users to create and complete a web server auth flow to obtain a
credential.
Warning: starting with version 1.7, usage of this for OAuth 2.0 is deprecated. Instead use com.google.api.client.extensions.servlet.auth.oauth2.
com.google.api.client.extensions.servlet.auth.oauth2
OAuth 2.0 utilities that help simplify the authorization flow in HTTP servlets.
com.google.api.client.extensions.servlet.auth.oauth2.jakarta
OAuth 2.0 utilities that help simplify the authorization flow in HTTP servlets in the
jakarta.servlet
namespace.