Library to integrate Google's OAuth/OpenID hybrid in Java Web App?

Question

I'm building a Java web app that needs access to a user's Google Calendar data - therefore I thought the OAuth/OpenID hybrid is the best way to go.

What's the best library to handle the job - and reduce the amount of code on my end?

I tried openid4java & Spring Security OpenID (both don't support hybrid) as well as dyuproject (couldn't get it integrated).

PS: GAE is not an option

Any ideas?

Answer 1

I don't know any integrated library but I do it with an OpenID library (openid4java), an OAuth library (net.oauth Java implementation [Edit: or Scribe]) and my bare hands as follows:

My OAuth consumer key is like www.example.com so I use http://*.example.com as OpenID realm.

I add following parameters (to redirect url or form) when redirecting user to Google OpenID endpoint:

openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0
openid.ext2.consumer=<my oauth consumer key>
openid.ext2.scope=<oauth scope to be authorized>

In return in addition to plain OpenID response I receive:

openid.ext2.request_token=<request-token>

I exchange received request-token with access-token and access-secret which are what is needed to make OAuth-authorized calls. That's all!

Note that in plain OAuth along with request-token you have to use a request-secret and verifier but here you don't need them.

To have a better view you may read Google OAuth, Google OpenID and OpenID OAuth Extension.

Edit: Here (comment 8) is the OAuth extension for openid4java that does above for you.