Library to integrate Google's OAuth/OpenID hybrid in Java Web App?

Question

I\'m building a Java web app that needs access to a user\'s Google Calendar data - therefore I thought the OAuth/OpenID hybrid is the best way to go.

What\'s the bes

Answer 1

I don't know any integrated library but I do it with an OpenID library (openid4java), an OAuth library (net.oauth Java implementation [Edit: or Scribe]) and my bare hands as follows:

My OAuth consumer key is like www.example.com so I use http://*.example.com as OpenID realm.

I add following parameters (to redirect url or form) when redirecting user to Google OpenID endpoint:

openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0
openid.ext2.consumer=<my oauth consumer key>
openid.ext2.scope=<oauth scope to be authorized>

In return in addition to plain OpenID response I receive:

openid.ext2.request_token=<request-token>

I exchange received request-token with access-token and access-secret which are what is needed to make OAuth-authorized calls. That's all!

Note that in plain OAuth along with request-token you have to use a request-secret and verifier but here you don't need them.

To have a better view you may read Google OAuth, Google OpenID and OpenID OAuth Extension.

Edit: Here (comment 8) is the OAuth extension for openid4java that does above for you.

Answer 2

It does not support OpenID but, Scribe is a very good OAuth Java library that supports Google.