Continuing our series on providing authentication via third party OAuth/Open ID providers, in this post we look at Google. We have already covered sign in with Facebook and Sign in with Twitter in the past.
We walk through a step by step scenario to make it work for a Lift based application. Most of the steps would be the same for Play as well.
1) Register your app with Google – App must be registered through the APIs Console. The result of this registration process is a set of values that are known to both Google and your application (e.g. client_id, client_secret, JavaScript origins, redirect_uri, etc.).
2) Next step is to form the authentication URL which would be hit on google. The URL would be of the form
Here, you would be getting the client ID and the redirect URL from the Google APP that you have registered. In some cases, you might want to add more than one redirect URL with the Google app registration. This is particularly useful for scenarios which involve local testing and you might have to give a local URL like http://localhost:8080/google/callback
In our case we send details to the authentication URL from our scala code
As you would see, when we call /google/authenticate, we end up calling method signUpRedirect. In this method, we make a call to the google authentication URL with the details like, clientID, callbackURL (where do we want google to send back the access token), scope array (list of URLs that we would like to access when we are granted access).
3) We define the dispatcher in Lift’s Boot.scala so that it can understand the incoming request for /google/authenticate.
4) Once we get to the google URL for authentication, google provides a challenge to the user for his credentials and then redirects the request to the callbackURL that we have specified. Assume that the callback URL in our case is /google/callback
5) Now we need to handle the Google response at this URL /google/callback. The response is available to us as a fragment in the following format
6) In order to access the fragment we need Javascript to handle it, retrieve the access_token and pass it to the server. We use the following html the location /google/callback.
For Lift, we include the following in Sitemap.scala
The javascript for accessing the access_token is
7) As you would notice, we are sending back details to the server on the URL /google/catchtoken If you look back at the dispatch rules, the dispatch for
/google/catchtoken would call the processCallBack method.
8) The processCallBack method does the following
Using the GoogleAccessProtectedResource (which is marked deprecated in draft 10, please suggest alternate) we pass on the details to verify the token and get the userinfo object.
8) Once we have the userInfo object, we can extract details from it and validate if this user already exists in the system and just needs to be logged in or does the user need to be created and logged in
9) This would complete the login with Google and the user can access functionality of your webapp.
The gist of the code can be accessed here.
Knoldus is a niche Scala and Enterprise Java consulting company based in New Delhi, India. For any query please contact us at info@knoldus.com or provide your details here
Regards
Congratulations on your post, this very interesting
I want to do some tests with your code
But I have some questions, I hope you can help me
In my file, LiftProject.scala, I have the following:
override def libraryDependencies = Set (
…………
…………
…………
“com.google.api.client”% “google-api-client”% “1.4.1-beta”
) + + Super.libraryDependencies
but I’m missing the following libraries:
import
com.google.api.client.googleapis.auth.oauth2.GoogleBrowserClientRequestUrl
import com.google.api.services.oauth2.Oauth2
import com.google.api.client.googleapis.auth.oauth2.draft10.GoogleAccessProtectedResource
import com.google.api.services.oauth2.model.Userinfo
Can you tell me the repository, to get the packages that I need, please?
Hi Santo, this is the only library that we ended up having as a dependency
“com.google.apis” % “google-api-services-oauth2” % “v2-rev9-1.7.2-beta”,
and the resolver was
resolvers += “Google Api client” at “http://mavenrepo.google-api-java-client.googlecode.com/hg/”
Regards
Congratulations for your post, this very interesting
I want to do some tests with your code
But I have some questions, I hope you can help me
In my file, LiftProject.scala, I have the following:
override def libraryDependencies = Set (
…………
…………
…………
“com.google.api.client”% “google-api-client”% “1.4.1-beta”
) + + Super.libraryDependencies
but I’m missing the following libraries:
import
com.google.api.client.googleapis.auth.oauth2.GoogleBrowserClientRequestUrl
import com.google.api.services.oauth2.Oauth2
import com.google.api.client.googleapis.auth.oauth2.draft10.GoogleAccessProtectedResource
import com.google.api.services.oauth2.model.Userinfo
Can you tell me the repository, to get the packages that I need, please?
Sternberg told me earlier this month that this is meant to be another effort to use Google+ sign-in “to give users a better experience around the web.