我正在使用google-start-project的代码进入我的一个gaelyk应用程序。这是OAuth 2.0授权过程的groovy-ed代码。与twitter不同,每当应用程序请求授权时,用户必须允许应用程序继续,我认为这很奇怪。我犯了一些错误?
// Check for an error returned by OAuth
if ( params.error ) {
response.setContentType("text/plain");
out.println("There was a problem during authentication: " + error);
log.severe("There was a problem during authentication: " + error);
return;
}
// When we're redirected back from the OAuth 2.0 grant page, a code will be supplied in a GET parameter named 'code'
if ( !params.code ) {
// Now that we have the OAuth 2.0 code, we must exchange it for a token to make API requests.
// Build the authorization URL
AuthorizationRequestUrl authorizeUrl = new GoogleAuthorizationRequestUrl(
CLIENT_ID,
REDIRECT_URI,
SCOPES
);
authorizeUrl.redirectUri = REDIRECT_URI;
authorizeUrl.scope = SCOPES;
String authorizationUrl = authorizeUrl.build();
log.info("Redirecting browser for OAuth 2.0 authorization to " + authorizationUrl);
response.sendRedirect(authorizationUrl);
return;
} else {
log.info("Exchanging OAuth code for access token using server side call");
AccessTokenResponse accessTokenResponse = new GoogleAccessTokenRequest.GoogleAuthorizationCodeGrant(
new NetHttpTransport(),
new GsonFactory(),
CLIENT_ID,
CLIENT_SECRET,
params.code,
REDIRECT_URI
).execute();
log.info("Storing authentication token into the session");
request.session.accessToken = accessTokenResponse.accessToken
request.session.refreshToken = accessTokenResponse.refreshToken
//The authentication is all done! Redirect back to the samples index so you can play with them.
response.sendRedirect("/");
}
答案 0 :(得分:0)
不,你做得对。我认为Google+不支持身份验证 - 仅授权。 OAuth的想法是什么 - 授权用户,而不是对用户进行身份验证。对于身份验证,您可以使用OpenID。
Btw,启动项目有点复杂,不支持maven,并且在谷歌添加新的API方法时没有及时更新。因此我创建了this project,您可以检查它是否适合您。