Continuing our series on providing authentication via third party OAuth/Open ID providers, in this post we look at Google. We have already covered sign in with Facebook and Sign in with Twitter in the past.
We walk through a step by step scenario to make it work for a Lift based application. Most of the steps would be the same for Play as well.
2) Next step is to form the authentication URL which would be hit on google. The URL would be of the form
Here, you would be getting the client ID and the redirect URL from the Google APP that you have registered. In some cases, you might want to add more than one redirect URL with the Google app registration. This is particularly useful for scenarios which involve local testing and you might have to give a local URL like http://localhost:8080/google/callback
In our case we send details to the authentication URL from our scala code
As you would see, when we call /google/authenticate, we end up calling method signUpRedirect. In this method, we make a call to the google authentication URL with the details like, clientID, callbackURL (where do we want google to send back the access token), scope array (list of URLs that we would like to access when we are granted access).
3) We define the dispatcher in Lift’s Boot.scala so that it can understand the incoming request for /google/authenticate.
4) Once we get to the google URL for authentication, google provides a challenge to the user for his credentials and then redirects the request to the callbackURL that we have specified. Assume that the callback URL in our case is /google/callback
5) Now we need to handle the Google response at this URL /google/callback. The response is available to us as a fragment in the following format
For Lift, we include the following in Sitemap.scala
7) As you would notice, we are sending back details to the server on the URL /google/catchtoken If you look back at the dispatch rules, the dispatch for
/google/catchtoken would call the processCallBack method.
8) The processCallBack method does the following
Using the GoogleAccessProtectedResource (which is marked deprecated in draft 10, please suggest alternate) we pass on the details to verify the token and get the userinfo object.
8) Once we have the userInfo object, we can extract details from it and validate if this user already exists in the system and just needs to be logged in or does the user need to be created and logged in
9) This would complete the login with Google and the user can access functionality of your webapp.
The gist of the code can be accessed here.