No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Latest commit 3f4589b Feb 18, 2016

readme.md

Overview

Build Status

Google OAuth 2.0 ServerAuthModule is a ServerAuthModule (SAM), JSR-196 (JASPIC) Spec, implementation of Google OAuth 2.0: com.idmworks.security.google.GoogleOAuthServerAuthModule. It optionally supports the LoginModule Bridge Profile.

Installation

Copy google-oauth-2_0-sam-0.1.x.jar into the class path of the application server. See Installation for application server specific instructions.

Configuration

Before you can authenticate with Google OAuth, you will need to create a Client ID for your web application at Client ID API Console.

Next, the GoogleOAuthServerAuthModule needs added to the application server. See Configuration for application server specific instructions.

GoogleOAuthServerAuthModule

The following attributes can be used to configure com.idmworks.security.google.GoogleOAuthServerAuthModule.

oauth.clientid (REQUIRED)

oauth.clientid must be set to a "Client ID" from Client ID API Console.

oauth.clientsecret (REQUIRED)

oauth.clientsecret must be set to the "Client Secret" from Client ID API Console of the "Client ID" specified in oauth.clientid.

oauth.endpoint (optional)

default: https://accounts.google.com/o/oauth2/auth

oauth.endpoint is the URI that will be connect to for the OAuth authentication (Google).

oauth.callback_uri (optional)

default: /j_oauth_callback

oauth.callback_uri is the URI that Google will redirect to after the user responds to the request. This should correspond to "Redirect URIs" value defined in the Client ID API Console.

javax.security.auth.login.LoginContext (optional)

default: "com.idmworks.security.google.GoogleOAuthServerAuthModule"

With LoginModule Bridge Profile, javax.security.auth.login.LoginContext is where you define the name of the LoginContext to use.

ignore_missing_login_context (optional)

default: "false"

GoogleOAuthServerAuthModule is configured by default to support the LoginModule Bridge Profile. If you set ignore_missing_login_context to true (in the case when you don't want to use any LoginModules), there will be no error when a LoginContext isn't found.

add_domain_as_group (optional)

default: "false"

If add_domain_as_group is true, then the domain of the email address of the authenticated user will be added as a group. IE: "idmworks.com" will be a principal added as a group for the user "phillip.green@idmworks.com".

default_groups (optional)

default: ""

default_groups is a comma (",") separated list of groups that will be given to the principal upon successful authentication.

Usage

The configured GoogleOAuthServerAuthModule needs specified in the application server specific configuration for each application. See Usage for application server specific instructions.

Common Problems

See Common Problems.

References