Google OAuth 2.0 ServerAuthModule is a ServerAuthModule (SAM), JSR-196 (JASPIC) Spec, implementation of Google OAuth 2.0: com.idmworks.security.google.GoogleOAuthServerAuthModule
. It optionally supports the LoginModule Bridge Profile.
Copy google-oauth-2_0-sam-0.1.x.jar
into the class path of the application server. See Installation for application server specific instructions.
Before you can authenticate with Google OAuth, you will need to create a Client ID for your web application at Client ID API Console.
Next, the GoogleOAuthServerAuthModule needs added to the application server. See Configuration for application server specific instructions.
The following attributes can be used to configure com.idmworks.security.google.GoogleOAuthServerAuthModule
.
oauth.clientid
must be set to a "Client ID
" from Client ID API Console.
oauth.clientsecret
must be set to the "Client Secret
" from Client ID API Console of the "Client ID
" specified in oauth.clientid
.
default: https://accounts.google.com/o/oauth2/auth
oauth.endpoint
is the URI that will be connect to for the OAuth authentication (Google).
default: /j_oauth_callback
oauth.callback_uri
is the URI that Google will redirect to after the user responds to the request. This should correspond to "Redirect URIs
" value defined in the Client ID API Console.
default: "com.idmworks.security.google.GoogleOAuthServerAuthModule"
With LoginModule Bridge Profile, javax.security.auth.login.LoginContext
is where you define the name of the LoginContext to use.
default: "false"
GoogleOAuthServerAuthModule
is configured by default to support the LoginModule Bridge Profile. If you set ignore_missing_login_context
to true (in the case when you don't want to use any LoginModules), there will be no error when a LoginContext isn't found.
default: "false"
If add_domain_as_group
is true
, then the domain of the email address of the authenticated user will be added as a group. IE: "idmworks.com" will be a principal added as a group for the user "phillip.green@idmworks.com".
default: ""
default_groups
is a comma (",") separated list of groups that will be given to the principal upon successful authentication.
The configured GoogleOAuthServerAuthModule
needs specified in the application server specific configuration for each application. See Usage for application server specific instructions.
See Common Problems.