com.google.api.client.auth.oauth.package.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of google-api-client Show documentation
Show all versions of google-api-client Show documentation
Google API Client Library for Java. Supports Java 5 (or higher) desktop (SE)
and web (EE), Android, and Google App Engine.
OAuth 1.0 authorization as specified in
RFC 5849: The OAuth 1.0
Protocol
(see detailed package specification).
There are a few features not supported by this implementation:
- {@code PLAINTEXT} signature algorithm
- {@code "application/x-www-form-urlencoded"} HTTP request body
- {@code "oauth_*"} parameters specified in the HTTP request URL
(instead assumes they are specified in the {@code Authorization} header)
Before using this library, you may need to set up your application as
follows:
- For web applications, you may need to first register your application
with the authorization server. It may provide two pieces of information you
need:
- OAuth Consumer Key: use this as the {@code consumerKey} on every
OAuth request, for example in {@link
com.google.api.client.auth.oauth.AbstractOAuthGetToken#consumerKey}.
- OAuth Consumer Secret: use this as the {@link
com.google.api.client.auth.oauth.OAuthHmacSigner#clientSharedSecret} when
using the {@code "HMAC-SHA1"} signature method.
- For an installed application, an unregistered web application, or a
web application running on localhost, you must use the {@code "HMAC-SHA1"}
signature method. The documentation for the authorization server will need to
provide you with the {@code consumerKey} and {@code clientSharedSecret} to
use.
- For the {@code "HMAC-SHA1"} signature method, use {@link
com.google.api.client.auth.oauth.OAuthHmacSigner}.
- For the {@code "RSA-SHA1"} signature method, use {@link
com.google.api.client.auth.oauth.OAuthRsaSigner}.
After the set up has been completed, the typical application flow is:
- Request a temporary credentials token from the Authorization server
using {@link com.google.api.client.auth.oauth.OAuthGetTemporaryToken}. A
callback URL should be specified for web applications, but does not need to be
specified for installed applications.
- Direct the end user to an authorization web page to allow the end
user to authorize the temporary token using using {@link
com.google.api.client.auth.oauth.OAuthAuthorizeTemporaryTokenUrl}.
- After the user has granted the authorization:
- For web applications, the user's browser will be redirected to the
callback URL which may be parsed using {@link
com.google.api.client.auth.oauth.OAuthCallbackUrl}.
- For installed applications, see the authorization server's
documentation for figuring out the verification code.
- Request to exchange the temporary token for a long-lived access token
from the Authorization server using {@link
com.google.api.client.auth.oauth.OAuthGetAccessToken}. This access token must
be stored.
- Use the stored access token to authorize HTTP requests to protected
resources by setting the {@link
com.google.api.client.auth.oauth.OAuthParameters#token} and invoking
{@link
com.google.api.client.auth.oauth.OAuthParameters#signRequestsUsingAuthorizationHeader}.
This package depends on the {@link com.google.api.client.auth}, {@link
com.google.api.client.escape}, {@link com.google.api.client.http}, and {@link
com.google.api.client.util} packages.
Warning: this package is experimental, and its content may be
changed in incompatible ways or possibly entirely removed in a future version of
the library
@since 1.0
© 2015 - 2024 Weber Informatics LLC | Privacy Policy