Providing a “Sign-in with Google” functionality using Scala

Continuing our series on providing authentication via third party OAuth/Open ID providers, in this post we look at Google. We have already covered sign in with Facebook and Sign in with Twitter in the past.

We walk through a step by step scenario to make it work for a Lift based application. Most of the steps would be the same for Play as well.

1) Register your app with Google – App must be registered through the APIs Console. The result of this registration process is a set of values that are known to both Google and your application (e.g. client_id, client_secret, JavaScript origins, redirect_uri, etc.).

2) Next step is to form the authentication URL which would be hit on google. The URL would be of the form

Here, you would be getting the client ID and the redirect URL from the Google APP that you have registered. In some cases, you might want to add more than one redirect URL with the Google app registration. This is particularly useful for scenarios which involve local testing and you might have to give a local URL like http://localhost:8080/google/callback

In our case we send details to the authentication URL from our scala code

As you would see, when we call /google/authenticate, we end up calling method signUpRedirect. In this method, we make a call to the google authentication URL with the details like, clientID, callbackURL (where do we want google to send back the access token), scope array (list of URLs that we would like to access when we are granted access).

3) We define the dispatcher in Lift’s Boot.scala so that it can understand the incoming request for /google/authenticate.

4) Once we get to the google URL for authentication, google provides a challenge to the user for his credentials and then redirects the request to the callbackURL that we have specified. Assume that the callback URL in our case is /google/callback

5) Now we need to handle the Google response at this URL /google/callback. The response is available to us as a fragment in the following format

6) In order to access the fragment we need Javascript to handle it, retrieve the access_token and pass it to the server. We use the following html the location /google/callback.
For Lift, we include the following in Sitemap.scala

The javascript for accessing the access_token is

7) As you would notice, we are sending back details to the server on the URL /google/catchtoken If you look back at the dispatch rules, the dispatch for
/google/catchtoken would call the processCallBack method.

8) The processCallBack method does the following

Using the GoogleAccessProtectedResource (which is marked deprecated in draft 10, please suggest alternate) we pass on the details to verify the token and get the userinfo object.

8) Once we have the userInfo object, we can extract details from it and validate if this user already exists in the system and just needs to be logged in or does the user need to be created and logged in

9) This would complete the login with Google and the user can access functionality of your webapp.

The gist of the code can be accessed here.

Knoldus is a niche Scala and Enterprise Java consulting company based in New Delhi, India. For any query please contact us at info@knoldus.com or provide your details here

Written by 

Vikas is the CEO and Co-Founder of Knoldus Inc. Knoldus does niche Reactive and Big Data product development on Scala, Spark, and Functional Java. Knoldus has a strong focus on software craftsmanship which ensures high-quality software development. It partners with the best in the industry like Lightbend (Scala Ecosystem), Databricks (Spark Ecosystem), Confluent (Kafka) and Datastax (Cassandra). Vikas has been working in the cutting edge tech industry for 20+ years. He was an ardent fan of Java with multiple high load enterprise systems to boast of till he met Scala. His current passions include utilizing the power of Scala, Akka and Play to make Reactive and Big Data systems for niche startups and enterprises who would like to change the way software is developed. To know more, send a mail to hello@knoldus.com or visit www.knoldus.com

4 thoughts on “Providing a “Sign-in with Google” functionality using Scala

  1. Regards

    Congratulations on your post, this very interesting
    I want to do some tests with your code
    But I have some questions, I hope you can help me
    In my file, LiftProject.scala, I have the following:

    override def libraryDependencies = Set (
         …………
         …………
         …………
         “com.google.api.client”% “google-api-client”% “1.4.1-beta”
       ) + + Super.libraryDependencies

    but I’m missing the following libraries:

    import
    com.google.api.client.googleapis.auth.oauth2.GoogleBrowserClientRequestUrl
    import com.google.api.services.oauth2.Oauth2
    import com.google.api.client.googleapis.auth.oauth2.draft10.GoogleAccessProtectedResource
    import com.google.api.services.oauth2.model.Userinfo

    Can you tell me the repository, to get the packages that I need, please?

    1. Hi Santo, this is the only library that we ended up having as a dependency
      “com.google.apis” % “google-api-services-oauth2” % “v2-rev9-1.7.2-beta”,

      and the resolver was

      resolvers += “Google Api client” at “http://mavenrepo.google-api-java-client.googlecode.com/hg/”

  2. Regards

    Congratulations for your post, this very interesting
    I want to do some tests with your code
    But I have some questions, I hope you can help me
    In my file, LiftProject.scala, I have the following:
    override def libraryDependencies = Set (
         …………
         …………
         …………
         “com.google.api.client”% “google-api-client”% “1.4.1-beta”
       ) + + Super.libraryDependencies

    but I’m missing the following libraries:

    import
    com.google.api.client.googleapis.auth.oauth2.GoogleBrowserClientRequestUrl
    import com.google.api.services.oauth2.Oauth2
    import com.google.api.client.googleapis.auth.oauth2.draft10.GoogleAccessProtectedResource
    import com.google.api.services.oauth2.model.Userinfo

    Can you tell me the repository, to get the packages that I need, please?

  3. Sternberg told me earlier this month that this is meant to be another effort to use Google+ sign-in “to give users a better experience around the web.

Leave a Reply

%d bloggers like this: