GWT + OpenID - experiences?
99 views
Skip to first unread message
markww
Jun 22, 2009, 1:45:26 AM6/22/09
to Google Web Toolkit
Hi,
I spent some time figuring out if OpenID would work well with my GWT
app, not sure if anyone else has tried. If I understand correctly,
when a user gets to my app, I need to ask them to sign in with an
OpenID provider (google, yahoo, facebook, etc).
This is a bit problematic because the providers will either require a
redirect to their own sign-in page, or a popup asking for user login
information. Does anyone else find that to be user-unfriendly?
On the plus side, it only has to be done once, I can save a session
cookie afterwards so I don't have to keep prompting them with every
visit to my site - but this is how a do-it-yourself login would work
anyway.
Anyone have experience with OpenID + GWT? There's a write up of one
possible way to integrate it here:
http://chaoticjava.com/posts/using-openid-within-gwt/
but the redirects / popups are making me lean towards not doing it,
even though it would be nice to save my users from yet another
username/password combo.
Thanks
I spent some time figuring out if OpenID would work well with my GWT
app, not sure if anyone else has tried. If I understand correctly,
when a user gets to my app, I need to ask them to sign in with an
OpenID provider (google, yahoo, facebook, etc).
This is a bit problematic because the providers will either require a
redirect to their own sign-in page, or a popup asking for user login
information. Does anyone else find that to be user-unfriendly?
On the plus side, it only has to be done once, I can save a session
cookie afterwards so I don't have to keep prompting them with every
visit to my site - but this is how a do-it-yourself login would work
anyway.
Anyone have experience with OpenID + GWT? There's a write up of one
possible way to integrate it here:
http://chaoticjava.com/posts/using-openid-within-gwt/
but the redirects / popups are making me lean towards not doing it,
even though it would be nice to save my users from yet another
username/password combo.
Thanks
Jeff Chimene
Jun 22, 2009, 11:59:44 AM6/22/09
to Google-We...@googlegroups.com
I notice that slash is now supporting openid. This may be a mod supplied
by slashdot, or it may be in the baseline. You might see how they do it.
I'd be interested in this as well.
If I don't hear from you, I'll look into it as well, to see how it's
done in JS and Perl.
Cheers,
jec
enefem
Jun 22, 2009, 8:33:19 AM6/22/09
to Google Web Toolkit
Hi there,
So how you are like to have the OpenID integration on your site?
AFAIK, all OpenID-enabled sites are working like that.
--
Nanda Firdausi
http://satukubik.com
So how you are like to have the OpenID integration on your site?
AFAIK, all OpenID-enabled sites are working like that.
--
Nanda Firdausi
http://satukubik.com
gscholt
Jun 22, 2009, 3:59:25 PM6/22/09
to Google Web Toolkit
On Jun 22, 7:45 am, markww <mar...@gmail.com> wrote:
I know that Gerrit Code Review supports OpenID logins.
- http://code.google.com/p/gerrit/
- https://review.source.android.com
Without looking at the code, there seems to be a nice popup with a
page-reload.
The reload isn't that bad imo, most data should be cached already
which is the bulk of the waiting time.
Gert
Mark
Jun 22, 2009, 10:13:23 PM6/22/09
to Google Web Toolkit
Hi,
Yeah I did a lot of testing the past few days with OpenID. Seems like
it could work fine, just depends on how your user base will react to
it. For my userbase, I'm a bit worried that they might be confused and
or terrified if I redirect them to their gmail page / popup asking for
their gmail credentials.
The bigger problem for me is that I am using GWT to make the web-app
portion of a larger app, which can also be accessed from iPhone/
Android/BB thick-clients. In those cases, I cannot use OpenID, and
would hate to support more than one login system. For example, my web
clients would use OpenID, Android/iPhone/BB clients would sign up
using an old-style new username/password system. Maintaining that
would be kind of annoying I think.
Thanks
On Jun 22, 3:59 pm, gscholt <gsch...@gmail.com> wrote:
> On Jun 22, 7:45 am, markww <mar...@gmail.com> wrote:
>
>
>
>
>
> > Hi,
>
> > I spent some time figuring out ifOpenIDwould work well with my GWT
Yeah I did a lot of testing the past few days with OpenID. Seems like
it could work fine, just depends on how your user base will react to
it. For my userbase, I'm a bit worried that they might be confused and
or terrified if I redirect them to their gmail page / popup asking for
their gmail credentials.
The bigger problem for me is that I am using GWT to make the web-app
portion of a larger app, which can also be accessed from iPhone/
Android/BB thick-clients. In those cases, I cannot use OpenID, and
would hate to support more than one login system. For example, my web
clients would use OpenID, Android/iPhone/BB clients would sign up
using an old-style new username/password system. Maintaining that
would be kind of annoying I think.
Thanks
On Jun 22, 3:59 pm, gscholt <gsch...@gmail.com> wrote:
> On Jun 22, 7:45 am, markww <mar...@gmail.com> wrote:
>
>
>
>
>
> > Hi,
>
> > app, not sure if anyone else has tried. If I understand correctly,
> > when a user gets to my app, I need to ask them to sign in with an
> >OpenIDprovider (google, yahoo, facebook, etc).
> > when a user gets to my app, I need to ask them to sign in with an
>
> > This is a bit problematic because the providers will either require a
> > redirect to their own sign-in page, or a popup asking for user login
> > information. Does anyone else find that to be user-unfriendly?
>
> > On the plus side, it only has to be done once, I can save a session
> > cookie afterwards so I don't have to keep prompting them with every
> > visit to my site - but this is how a do-it-yourself login would work
> > anyway.
>
> > Anyone have experience withOpenID+ GWT? There's a write up of one
> > This is a bit problematic because the providers will either require a
> > redirect to their own sign-in page, or a popup asking for user login
> > information. Does anyone else find that to be user-unfriendly?
>
> > On the plus side, it only has to be done once, I can save a session
> > cookie afterwards so I don't have to keep prompting them with every
> > visit to my site - but this is how a do-it-yourself login would work
> > anyway.
>
> > possible way to integrate it here:
>
> > http://chaoticjava.com/posts/using-openid-within-gwt/
>
> > but the redirects / popups are making me lean towards not doing it,
> > even though it would be nice to save my users from yet another
> > username/password combo.
>
> > Thanks
>
> Hi,
>
> I know that Gerrit Code Review supportsOpenIDlogins.
> -http://code.google.com/p/gerrit/
> -https://review.source.android.com
>
> > http://chaoticjava.com/posts/using-openid-within-gwt/
>
> > but the redirects / popups are making me lean towards not doing it,
> > even though it would be nice to save my users from yet another
> > username/password combo.
>
> > Thanks
>
> Hi,
>
> I know that Gerrit Code Review supportsOpenIDlogins.
> -http://code.google.com/p/gerrit/
gscholt
Jun 23, 2009, 3:26:36 AM6/23/09
to Google Web Toolkit
On Jun 23, 4:13 am, Mark <mar...@gmail.com> wrote:
> The bigger problem for me is that I am using GWT to make the web-app
> portion of a larger app, which can also be accessed from iPhone/
> Android/BB thick-clients. In those cases, I cannot use OpenID, and
> would hate to support more than one login system. For example, my web
> clients would use OpenID, Android/iPhone/BB clients would sign up
> using an old-style new username/password system. Maintaining that
> would be kind of annoying I think.
Well, asking users to log in to the same system using different
> The bigger problem for me is that I am using GWT to make the web-app
> portion of a larger app, which can also be accessed from iPhone/
> Android/BB thick-clients. In those cases, I cannot use OpenID, and
> would hate to support more than one login system. For example, my web
> clients would use OpenID, Android/iPhone/BB clients would sign up
> using an old-style new username/password system. Maintaining that
> would be kind of annoying I think.
accounts seems wrong indeed :)
Not knowing much about openID, why couldn't you implement it in a fat
client if you so desired?
Gert
Mark
Jun 23, 2009, 10:36:29 AM6/23/09
to Google Web Toolkit
>> why couldn't you implement it [OpenID] in a fat client if you so desired
Not saying I'm an expert with OpenID, but basically OpenID requires on
the ability for the user to be redirected to an OpenID provider site
for authentication. Example: I go to www.mysite.com, and instead of a
login form, I just see:
"Login using your google, yahoo, myspace or xyz account"
I click on one of the above buttons. Now (depending on the provider) I
will get redirected to their website to enter my authentication info.
So if I'm a gmail user, I'd get redirected to a google login page.
After entering my info, I get redirected again back to www.mysite.com.
Google returns some user token info identifying me now.
On a thick-client, the redirection isn't possible, I mean I could ask
for the user's authentication info directly, but I doubt many people
would trust doing that! The OpenID kind of relies on being able to
redirect the user and seeing in the address bar that they're
authenticating with their real provider, not some phishing site.
Thanks
On Jun 23, 3:26 am, gscholt <gsch...@gmail.com> wrote:
> On Jun 23, 4:13 am, Mark <mar...@gmail.com> wrote:
>
> > The bigger problem for me is that I am using GWT to make the web-app
> > portion of a larger app, which can also be accessed from iPhone/
> > Android/BB thick-clients. In those cases, I cannot useOpenID, and
Not saying I'm an expert with OpenID, but basically OpenID requires on
the ability for the user to be redirected to an OpenID provider site
for authentication. Example: I go to www.mysite.com, and instead of a
login form, I just see:
"Login using your google, yahoo, myspace or xyz account"
I click on one of the above buttons. Now (depending on the provider) I
will get redirected to their website to enter my authentication info.
So if I'm a gmail user, I'd get redirected to a google login page.
After entering my info, I get redirected again back to www.mysite.com.
Google returns some user token info identifying me now.
On a thick-client, the redirection isn't possible, I mean I could ask
for the user's authentication info directly, but I doubt many people
would trust doing that! The OpenID kind of relies on being able to
redirect the user and seeing in the address bar that they're
authenticating with their real provider, not some phishing site.
Thanks
On Jun 23, 3:26 am, gscholt <gsch...@gmail.com> wrote:
> On Jun 23, 4:13 am, Mark <mar...@gmail.com> wrote:
>
> > The bigger problem for me is that I am using GWT to make the web-app
> > portion of a larger app, which can also be accessed from iPhone/
> > would hate to support more than one login system. For example, my web
> > clients would useOpenID, Android/iPhone/BB clients would sign up
> > using an old-style new username/password system. Maintaining that
> > would be kind of annoying I think.
>
> Well, asking users to log in to the same system using different
> accounts seems wrong indeed :)
> Not knowing much aboutopenID, why couldn't you implement it in a fat
> > would be kind of annoying I think.
>
> Well, asking users to log in to the same system using different
> accounts seems wrong indeed :)
Gabriel Guerrero
Jun 23, 2009, 8:19:43 PM6/23/09
to Google Web Toolkit
There is no problem to implement openId in gwt, we did in our project,
(we support normal login and openId) what we do is at the login page
the login submit button opens a open id web site in a new window when
the user finish the login in the new window open id provider calls
back a user page in our new window that uses a js close the new window
and call a js in the original window that reloads that page, the
server checks the login and forwards to the proper gwt page, for
relogin process is similar but because the gwt app is already loaded
we have a gwt dialog similar to the login page that again opens the
openid provider login page in a new window (so state of the app is not
lost), the gwt app has a jsni method to reload the user this method is
called by the new window when the login is successful
Cheers
Gabriel
On Jun 23, 3:36 pm, Mark <mar...@gmail.com> wrote:
> >> why couldn't you implement it [OpenID] in a fat client if you so desired
>
> Not saying I'm an expert with OpenID, but basically OpenID requires on
> the ability for the user to be redirected to an OpenID provider site
> for authentication. Example: I go towww.mysite.com, and instead of a
(we support normal login and openId) what we do is at the login page
the login submit button opens a open id web site in a new window when
the user finish the login in the new window open id provider calls
back a user page in our new window that uses a js close the new window
and call a js in the original window that reloads that page, the
server checks the login and forwards to the proper gwt page, for
relogin process is similar but because the gwt app is already loaded
we have a gwt dialog similar to the login page that again opens the
openid provider login page in a new window (so state of the app is not
lost), the gwt app has a jsni method to reload the user this method is
called by the new window when the login is successful
Cheers
Gabriel
On Jun 23, 3:36 pm, Mark <mar...@gmail.com> wrote:
> >> why couldn't you implement it [OpenID] in a fat client if you so desired
>
> Not saying I'm an expert with OpenID, but basically OpenID requires on
> the ability for the user to be redirected to an OpenID provider site
gscholt
Jun 24, 2009, 2:53:28 AM6/24/09
to Google Web Toolkit
Then it seems possible, though perhaps hairy to make it work with a
fat client app.
Since login verfication is still done serverside, the fat client just
launches some form of browser (say, embed a WebView in android) to let
the user log in, and verifies successful login at the server using
whatever communication protocol the fatC-S uses. Iirc, you can hook
javascript functions into an android WebView, so you'll even get the
callback when the user logs in.
No clue how flexible other mobile-OSes are, but if they don't support
easy access to browsers, and if the OpenId login pages depend on
javascript it can get quite hairy.
Gert
On Jun 24, 2:19 am, Gabriel Guerrero <gabrieldavidguerr...@gmail.com>
wrote:
fat client app.
Since login verfication is still done serverside, the fat client just
launches some form of browser (say, embed a WebView in android) to let
the user log in, and verifies successful login at the server using
whatever communication protocol the fatC-S uses. Iirc, you can hook
javascript functions into an android WebView, so you'll even get the
callback when the user logs in.
No clue how flexible other mobile-OSes are, but if they don't support
easy access to browsers, and if the OpenId login pages depend on
javascript it can get quite hairy.
Gert
On Jun 24, 2:19 am, Gabriel Guerrero <gabrieldavidguerr...@gmail.com>
wrote:
asianCoolz
Jul 2, 2009, 9:46:28 AM7/2/09
to Google Web Toolkit
in the gwt client code, when seCookie and doGet to call the servlet,
may i know what values you set for
"app-openid-auth";
"app-openid-name";
"app-openid-identifier"
"app-openid-uniqueid";
? any client example how to use this servlet?
may i know what values you set for
"app-openid-auth";
"app-openid-name";
"app-openid-identifier"
"app-openid-uniqueid";
? any client example how to use this servlet?
Thomas Matthijs
Jul 3, 2009, 2:54:56 AM7/3/09
to Google-We...@googlegroups.com
I haven't really read the whole thread, but maybe check out the following:
http://code.google.com/p/dyuproject/
http://dyuproject.appspot.com/popup_login.html
Looks like it should be useable with gwt.
asianCoolz
Jul 3, 2009, 12:43:31 PM7/3/09
to Google Web Toolkit
but seem to me the dyuproject community is still new compared to
openid4j
i know how to use the servlet already. i able to login using yahoo
openid and myopenid.com , but cannot for google i enter url like below
http://localhost:8888/openid?app-openid-auth=true&app-openid-name=us...@gmail.com
and get exception 0xa00: Authentication cannot continue: no discovery
information provided. anyone else get this error?
openid4j
i know how to use the servlet already. i able to login using yahoo
openid and myopenid.com , but cannot for google i enter url like below
http://localhost:8888/openid?app-openid-auth=true&app-openid-name=us...@gmail.com
and get exception 0xa00: Authentication cannot continue: no discovery
information provided. anyone else get this error?
Reply all
Reply to author
Forward
0 new messages