GWT & Google OpenID login
211 views
Skip to first unread message
dhoffer
Dec 9, 2012, 10:36:28 PM12/9/12
to google-we...@googlegroups.com
I'd like to add OpenID login to my GWT application, I don't think I need OAuth support as I just need to authenticate the user. I'm looking for any examples/suggestions on the best way to do this for a GWT app. Also I just need to authenticate with Google, not any other provider, not sure how that may affect the implementation. I understand Google supports a popup login approach instead of a redirect, I think that might be desirable as well.
-Dave
Pedro Lamarão
Dec 10, 2012, 11:05:56 AM12/10/12
to google-we...@googlegroups.com
Em segunda-feira, 10 de dezembro de 2012 01h36min28s UTC-2, dhoffer escreveu:
I'd like to add OpenID login to my GWT application, I don't think I need OAuth support as I just need to authenticate the user. I'm looking for any examples/suggestions on the best way to do this for a GWT app. Also I just need to authenticate with Google, not any other provider, not sure how that may affect the implementation. I understand Google supports a popup login approach instead of a redirect, I think that might be desirable as well.
We use openid4java [1] to implement the relying party as an HttpServlet and a dynamic host page [2] to check authentication status before loading the module. It works very well.
[1] http://code.google.com/p/openid4java/
[2] https://developers.google.com/web-toolkit/articles/dynamic_host_page
David Hoffer
Dec 10, 2012, 11:19:23 AM12/10/12
to Google Web Toolkit
That sounds about perfect. Any chance you have some sample code you
could forward? Especially how you implement the openid4java front
end?
Thanks,
-Dave
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-web-toolkit/-/pVAJoFtP5_cJ.
>
> To post to this group, send email to google-we...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-web-tool...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
could forward? Especially how you implement the openid4java front
end?
Thanks,
-Dave
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-web-toolkit/-/pVAJoFtP5_cJ.
>
> To post to this group, send email to google-we...@googlegroups.com.
> To unsubscribe from this group, send email to
> google-web-tool...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/google-web-toolkit?hl=en.
Pedro Lamarão
Dec 11, 2012, 9:47:45 AM12/11/12
to google-we...@googlegroups.com
Em segunda-feira, 10 de dezembro de 2012 14h19min23s UTC-2, dhoffer escreveu:
That sounds about perfect. Any chance you have some sample code you
could forward? Especially how you implement the openid4java front
end?
You will find a very interesting discussion about the "login page" here:
https://sites.google.com/site/oauthgoog/UXFedLogin/summary
--
P.
David Hoffer
Dec 11, 2012, 10:01:41 AM12/11/12
to Google Web Toolkit
What technology do you use to implement that OpenId 'login page'? Is
it possible/practical to use GWT for this? As I understand it this
OpenId login sort of bootstraps your app, i.e. they don't get to your
GWT app until they have successfully completed this login. And then
how do you block access to your GWT app without a successful login
here, do you use some sort of web.xml security constraint?
Thanks,
-Dave
it possible/practical to use GWT for this? As I understand it this
OpenId login sort of bootstraps your app, i.e. they don't get to your
GWT app until they have successfully completed this login. And then
how do you block access to your GWT app without a successful login
here, do you use some sort of web.xml security constraint?
Thanks,
-Dave
> --
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/google-web-toolkit/-/DUU6Qa314wAJ.
> You received this message because you are subscribed to the Google Groups
> "Google Web Toolkit" group.
> To view this discussion on the web visit
Pedro Lamarão
Dec 12, 2012, 3:04:14 PM12/12/12
to google-we...@googlegroups.com
Em terça-feira, 11 de dezembro de 2012 13h01min41s UTC-2, dhoffer escreveu:
What technology do you use to implement that OpenId 'login page'? Is
it possible/practical to use GWT for this? As I understand it this
OpenId login sort of bootstraps your app, i.e. they don't get to your
GWT app until they have successfully completed this login. And then
how do you block access to your GWT app without a successful login
here, do you use some sort of web.xml security constraint?
Authentication is application state, i.e. the application maintains an authentication state object of some kind. When the application "starts" this state may be anonymous or something else. Based on this state it will decide which flows it enters or authorizes etc.
It should then be possible to transition from anonymous to something else by activating the login process. When this process completes, it must change the application's authentication state and voilà. This state can survive User-Agent reloads if stored in the HttpSession. The process itself has an example in openid4java's documentation, the relying party example. It should be straightforward to make a servlet out of that.
The login page itself is just a piece of UI you can paint on the screen however you like. Activating authentication must cause an HTTP request to the relying party servlet so the openid process starts. Some people like to put that in a separate "popup" window.
--
P.
Reply all
Reply to author
Forward
0 new messages