Google 2 legged oauth

参考文档：

* 2 legged oauth基本概念(中文) http://djb4ke.iteye.com/blog/664958

* google 2 legged oauth for google apps domain: http://code.google.com/intl/zh-TW/apis/accounts/docs/OAuth.html#GoogleAppsOAuth

* 使用google client library来进行google 2 legged oauth的例子: http://code.google.com/intl/zh-TW/apis/gdata/docs/auth/oauth.html#2LeggedOAuth

Two legs的意思是OAuth的参与者为两个：Social Network Server和App server.

2-legged OAuth协议是两个服务器backend的交互，与3-legged相比，缺少了user这个角色，不需要经过user-agent(Gadget，浏览器等)。

因为不需要user，所以自然不需要用户认证。这就要求用户事先已经允许App Server访问存放于Social Site的私人数据。

2-legged 与 3-legged的区别及联系

OAuth一般是指3-legged OAuth，这点从OAuth协议就能看出，整个OAuth的过程需要用户的这个角色，用户需要登录（身份认证）和允许APP访问数据（授权操作）。因此3 legged OAuth是OAuth的标准版本，并已被Yahoo Google Aol等部署应用，3-legged需要用户的参与，从OAuth consmer开始，重定向到OAuth provider，去做登录及授权，如果授权通过，用户又被弹回OAuth consumer，因此用户这一些列操作被戏称为“dance”。而这支非常灵动的舞蹈，让整个网络的app和数据互动起来了，但是代价却是让用户头晕的一些列操作，用户体验是非常差的= =#（可以想想，一个并不了解OAuth流程的用户，对于两个site间来回跳并且要阅读很多类似法律条款的授权警告，以及操作，是多么的困惑）

阅读完上面的参考文档和基本概念后，下面step by step搭建一个google 2 legged oauth的最简单的环境和例子

Step 1: 申请一个google apps for education at http://www.google.com/apps/intl/en/edu/get_apps.html，我之前申请了一个，URL is https://www.google.com/a/chtl.hkbu.edu.hk

Step 2: 以admin登录step 1申请的google apps, access "Advance Tools > Manage OAuth domain key"，选上"Two-legged OAuth access control" option, and then click "save changes" button

Step 3: 为了执行step 4的code，我在chtl.hkbu.edu.hk google app里create a user "student1@chtl.hkbu.edu.hk"

Step 4: create following class

package example_tomson.twoleggedoauth;import java.net.URL;import sample.oauth.TwoLeggedOAuthUserInputHelper;import sample.oauth.UserInputHelper;import sample.oauth.UserInputVariables;import com.google.gdata.client.GoogleService;import com.google.gdata.client.authn.oauth.GoogleOAuthHelper;import com.google.gdata.client.authn.oauth.GoogleOAuthParameters;import com.google.gdata.client.authn.oauth.OAuthHmacSha1Signer;import com.google.gdata.client.authn.oauth.OAuthSigner;import com.google.gdata.data.BaseEntry;import com.google.gdata.data.BaseFeed;import com.google.gdata.data.Feed;/** * 演示google 2 legged oauth。 *  * 在使用google 2 legged oauth之前，需要要在http://www.google.com/apps/intl/en/edu/get_apps.html  * 申请一个google apps for education/business */public class TwoLeggedOauthExample {public static void main(String[] args) throws Exception {//来自chtl.hkbu.edu.hk google apps domain https://www.google.com/a/chtl.hkbu.edu.hkString oauthConsumerKey="chtl.hkbu.edu.hk";String oauthConsumerSecret="xxx";String scope = "http://www.google.com/calendar/feeds/";String strCalendarFeedUrl="http://www.google.com/calendar/feeds/default/allcalendars/full";//该值会以"xoauth_requestor_id" param的值添加到feed url里//它用来设置which user you are loading the data for.//例如，to access chtl.hkbu.edu.hk google apps domain的user "student1@chtl.hkbu.edu.hk"String xoauthRequestorId="student1@chtl.hkbu.edu.hk"; // !!!Append the "xoauth_requestor_id" parameter to the feed url. This// parameter indicates which user you are loading the data for.strCalendarFeedUrl += "?xoauth_requestor_id=" + xoauthRequestorId;// //////////////////////////////////////////////////////////////////////////// STEP 1: Set up the OAuth objects// //////////////////////////////////////////////////////////////////////////// You first need to initialize a few OAuth-related objects.// GoogleOAuthParameters holds all the parameters related to OAuth.// OAuthSigner is responsible for signing the OAuth base string.GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters();oauthParameters.setOAuthConsumerKey(oauthConsumerKey);oauthParameters.setOAuthConsumerSecret(oauthConsumerSecret);// Set the scope for this particular service.oauthParameters.setScope(scope);// Initialize the OAuth Signer. 2-Legged OAuth must use HMAC-SHA1!OAuthSigner signer = new OAuthHmacSha1Signer();// create a new GoogleOAuthHelperObject which is used for all OAuth-related interaction.GoogleOAuthHelper oauthHelper = new GoogleOAuthHelper(signer);// //////////////////////////////////////////////////////////////////////////// STEP 2: Make a request to Google// //////////////////////////////////////////////////////////////////////////URL feedUrl = new URL(strCalendarFeedUrl);System.out.println("Sending request to " + feedUrl.toString());System.out.println();String googleServiceName = "cl";//!!注意第2个参数的值GoogleService googleService = new GoogleService(googleServiceName, "2-legged-oauth-sample-app");// Set the OAuth credentials which were obtained from the steps above.googleService.setOAuthCredentials(oauthParameters, signer);// Make the request to GoogleBaseFeed resultFeed = googleService.getFeed(feedUrl, Feed.class);System.out.println("Response Data:");System.out.println("=====================================================");System.out.println("| TITLE: " + resultFeed.getTitle().getPlainText());if (resultFeed.getEntries().size() == 0) {System.out.println("|\tNo entries found.");} else {for (int i = 0; i < resultFeed.getEntries().size(); i++) {BaseEntry entry = (BaseEntry) resultFeed.getEntries().get(i);System.out.println("|\t" + (i + 1) + ": "+ entry.getTitle().getPlainText());}}System.out.println("=====================================================");}}

step 5: run it, you will get calendar list of student1@chtl.hkbu.edu.hk