1

I'm building a login module where you can login with all kinds of social network accounts. The initial step is LinkedIn and Google.

The LinkedIn part is working fine, but the Google part isn't. I think the problem is with my code BEFORE the authentication, because the return url has openid parameters, instead of OAuth parameters. This is the code before the redirect:

HttpSession session = request.getSession();
SocialAuthConfig config = SocialAuthConfig.getDefault();
    try {
        config.load("/oauth_consumer.properties");
    } catch (Exception ex) {
        System.out.println(ex);
    }

    //Create an instance of SocialAuthManager and set config
    SocialAuthManager manager = new SocialAuthManager();
    try {
        manager.setSocialAuthConfig(config);
    } catch (Exception ex) {
        System.out.println(ex);
    }

    //URL of YOUR application which will be called after authentication
    String successUrl = "http://localhost:8080/ProjectName/completelogin.do";
    String url = "";
    try {
        url = manager.getAuthenticationUrl(type, successUrl).toString();
    } catch (Exception ex) {
        System.out.println(ex);
    }

    // Store in session
    session.setAttribute("authManager", manager);

    response.sendRedirect(url);

And this is my oauth_consumer.properties part for google

www.google.com.consumer_key = 81XXXXXX466.apps.googleusercontent.com
www.google.com.consumer_secret = WN0oXXXXXXXHoCeSocQK
www.google.com.custom_permissions=https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/userinfo.email

Can I force Google to use OAuth authentication in stead of OpenID authentication? I've logged onto google with another framework using OAuth and it worked like a charm. Only now, since I want to use several social sites, I don't want to keep reinventing the wheel and just use socialauth...

Kara
  • 6,115
  • 16
  • 50
  • 57
Pieter-Jan
  • 1,675
  • 2
  • 19
  • 25

2 Answers2

0

Google OpenId authentication endpoint is https://accounts.google.com/o/openid2/auth, and OAuth2 endpoint is /o/oauth2/auth. You need to redirect the end user to the OAuth2 endpoint to tell (or 'force') Google to use OAuth2.

Jin Liu
  • 2,203
  • 15
  • 13
  • Yes, I know this. The problem is that SocialAuth has a Google Implementation which uses a hybrid strategy. It should redirect to the oauth2 url, but it doesn't. I have a working login for both Google and LinkedIn, but I can't get it to work using SocialAuth library. Even the linkedin uses OAuth1 and I want OAuth2. – Pieter-Jan Mar 29 '13 at 09:07
  • On a side note, do you perhaps know the correct URL and parameters for the authorization server because what I tried didn't work. I use the google api client now to exchange the code for an access token but I'd like to call the url myself. – Pieter-Jan Mar 29 '13 at 12:00
  • According to Google OAuth2 Login doc https://developers.google.com/accounts/docs/OAuth2Login#formingtheurl, the OAuth2 auth URL should be https://accounts.google.com/o/oauth2/auth? with parameter response_type, client_id, redirect_uri, scope and state. Or you can dump the URL generated by the google api client (e.g. by debugging). – Jin Liu Apr 01 '13 at 21:32
  • Well that's the URL that works for me. But it returns code, and then I need to exchange that code for a token. But i'll try and get the URL from the api client :) thx – Pieter-Jan Apr 02 '13 at 08:52
0

By https://github.com/3pillarlabs/socialauth/wiki/Sample-Properties

You can set OAuth endpoint (RequestToken URL, Authorization URL and AccessToken URL) if required or need to pass extra parameter

  • www.google.com.request_token_url
  • www.google.com.authentication_url
  • www.google.com.access_token_url
Maxim Sharai
  • 604
  • 3
  • 11