Google 2 legged oauth

Reference:

* 2 legged oauth basic concepts (Chinese) http://djb4ke.iteye.com/blog/664958

* Google 2 legged oauth for Google Apps domain: http://code.google.com/intl/zh-TW/apis/accounts/docs/OAuth.html#GoogleAppsOAuth

* Example of Google 2 legged oauth using Google client library: http://code.google.com/intl/zh-TW/apis/gdata/docs/auth/oauth.html#2LeggedOAuth

Two legs means that the participants of oauth are two: social network server and app server.

2-legged oauth protocol is the interaction between two backend servers. Compared with 3-legged, the role of user is missing and does not need to pass through the User-Agent (gadget, browser, etc ).

Because user authentication is not required, user authentication is not required. This requires that the user has allowed the app server to access the private data stored in the Social site in advance.

2-legged and 3-legged

Oauth generally refers to 3-legged oauth. From the oauth protocol, we can see that the entire oauth process requires the user's role and the user needs to log on (Identity Authentication) and allow the app to access data (authorized operation ). Therefore, 3 legged oauth is the standard version of oauth and has been deployed by Yahoo Google AOL and other applications. 3-legged requires the user's participation, starting from oauth consmer and redirecting to oauth provider, perform logon and authorization. If the authorization passes, the user is returned to oauth.
Consumer. Therefore, these column operations are called "dance ". This smart dance makes the app and data of the entire network interact, but the cost is some column operations that make the user dizzy, user experience is very poor ==# (Think about it. A user who does not understand the oauth process jumps back and forth between two sites and should read many authorization warnings similar to legal terms, and how confusing operations are)

After reading the above reference documents and basic concepts, the following step by step builds the simplest environment and example of Google 2 legged oauth

Step 1: Apply for a Google Apps for education at http://www.google.com/#/intl/en/edu/get_apps.html, I applied for a URL is https://www.google.com/a/chtl.hkbu.edu.hk

Step 2: log on to Google Apps applied for by Step 1 as admin, access "advance tools> Manage oauth domain key", select "two-legged oauth Access Control" option, and then click "Save changes"
Button

Step 3: To execute Step 4 code, I create a user "student1@chtl.hkbu.edu.hk" in chtl.hkbu.edu.hk Google app"

Step 4: Create following class

Package example_tomson.twoleggedoauth; import java.net. URL; import sample. oauth. twoleggedoauthuserinputhelper; import sample. oauth. userinputhelper; import sample. oauth. userinputvariables; import COM. google. gdata. client. googleservice; import COM. google. gdata. client. authn. oauth. googleoauthhelper; import COM. google. gdata. client. authn. oauth. googleoauthparameters; import COM. google. gdata. client. authn. oauth. oaut Hhmacsha1signer; import COM. google. gdata. client. authn. oauth. oauthsigner; import COM. google. gdata. data. baseentry; import COM. google. gdata. data. basefeed; import COM. google. gdata. data. feed;/*** demonstrate Google 2 legged oauth. ** Before using Google 2 legged oauth, you need to apply for a Google Apps for education/Business */public class twoleggedoauthexample {public static void main (string [] ARGs) in the http://www.google.com/apps/intl/en/edu/get_apps.html) throws exception {// from chtl.hkbu.edu.hk Google Apps domain https://www.google.com/a/chtl.hkbu.edu.hkString oauthconsumerkey = "chtl.hkbu.edu.hk"; string oauthconsumersecret = "XXX"; string scope = "htT P: // www.google.com/calendar/feeds/ "; string strcalendarfeedurl =" http://www.google.com/calendar/feeds/default/allcalendars/full "; // This value will be added to the feed URL with the value of "xoauth_requestor_id" Param. // It is used to set the which user you are loading the data. // For example, to access chtl.hkbu.edu.hk Google Apps domain user "student1@chtl.hkbu.edu.hk" string xoauthrequestorid = "student1@chtl.hkbu.edu.hk ";//!!! Append the "xoauth_requestor_id" parameter to the feed URL. This // parameter indicates which user you are loading the data for. strcalendarfeedurl + = "? Xoauth_requestor_id = "+ xoauthrequestorid; //////////////////////////////////////// /// // Step 1: set up the oauth objects /////////////////////////////////// //////////////////////////////////////// /// you first need to initialize a few oauth-related objects. // googleoauthparameters holds all the parameters related to oauth. // oauthsigner is responsible for signing t He oauth base string. googleoauthparameters oauthparameters = new googleoauthparameters (); oauthparameters. setoauthconsumerkey (oauthconsumerkey); oauthparameters. setoauthconsumersecret (oauthconsumersecret); // set the scope for this special service. oauthparameters. setscope (scope); // initialize the oauth signer. 2-legged oauth must use HMAC-SHA1! Oauthsigner signer = new oauthhmacsha1signer (); // create a new googleoauthhelperobject which is used for all oauth-related interaction. googleoauthhelper oauthhelper = new googleoauthhelper (signer ); //////////////////////////////////////// /// // Step 2: make a request to Google /////////////////////////////////// //////////////////////////////////////// /URL feedurl = N Ew url (strcalendarfeedurl); system. out. println ("sending request to" + feedurl. tostring (); system. out. println (); string googleservicename = "Cl ";//!! Note that the value of the 2nd parameter googleservice = new googleservice (googleservicename, "2-legged-oauth-sample-app"); // set the oauth credentials which were obtained from the steps above. googleservice. setoauthcredentials (oauthparameters, signer); // make the request to googlebasefeed resultfeed = googleservice. getfeed (feedurl, feed. class); system. out. println ("response data:"); system. out. println ("========================================== ==================== "); system. out. println ("| title:" + resultfeed. gettitle (). getplaintext (); If (resultfeed. getentries (). size () = 0) {system. out. println ("| \ TNO entries found. ");} else {for (INT I = 0; I <resultfeed. getentries (). size (); I ++) {baseentry entry = (baseentry) resultfeed. getentries (). get (I); system. out. println ("| \ t" + (I + 1) + ":" + entry. gettitle (). getplaintext () ;}} system. out. println ("========================================== ==================== ");}}

Step 5: Run it, you will get calendar list of student1@chtl.hkbu.edu.hk