google / identity-toolkit-java-client Goto Github PK
View Code? Open in Web Editor NEWGoogle Identity Toolkit client library for Java
License: Apache License 2.0
Google Identity Toolkit client library for Java
License: Apache License 2.0
This is Java client library for Google Identity Toolkit services. Sample usage ===================== /* * initialize Gitkit client instance */ GitkitClient gitkitClient = GitkitClient.newBuilder() .setGoogleClientId("your-oauth2-web-client-id-at-Google") .setServiceAccountEmail("your-service-account-email-at-Google-developer-console") .setKeyStream(new FileInputStream("path-to-your-service-account-private-file")) .setWidgetUrl("/gitkit.jsp") .setCookieName("gtoken") .build(); // Verifies a GitkitToken GitkitUser gitkitUser = gitkitClient.validateTokenInRequest(request); // Download all accounts from Google Identity Toolkit Iterator<GitkitUser> userIterator = gitkitClient.getAllUsers(); while (userIterator.hasNext()) { // individual user info is returned in userIterator.next() }
Given a Gitkit token, I'd like to have a verified version of JSON object instead of just the GitkitUser. To do so I suggest to provide a getter for JsonTokenHelper. Please confirm this change is acceptable.
Thanks!
The initRsaSHA256Signer method on RpcHelper hides exceptions important information when doing things like
log.warning("can not initialize service account signer: " + e);
a better way to do it would be
log.warning("can not initialize service account signer: " + e, e);
Reference code:
private RsaSHA256Signer initRsaSHA256Signer(String serviceAccountEmail, InputStream keyStream) {
try {
if (serviceAccountEmail != null && keyStream != null) {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(keyStream, "notasecret".toCharArray());
return new RsaSHA256Signer(
serviceAccountEmail,
null,
(RSAPrivateKey) keyStore.getKey("privatekey", "notasecret".toCharArray()));
}
} catch (KeyStoreException e) {
log.warning("can not initialize service account signer: " + e);
} catch (CertificateException e) {
log.warning("can not initialize service account signer: " + e);
} catch (UnrecoverableKeyException e) {
log.warning("can not initialize service account signer: " + e);
} catch (NoSuchAlgorithmException e) {
log.warning("can not initialize service account signer: " + e);
} catch (IOException e) {
log.warning("can not initialize service account signer: " + e);
} catch (InvalidKeyException e) {
log.warning("can not initialize service account signer: " + e);
}
log.warning("service account is set to null due to: email = " + serviceAccountEmail
+ "keystream = " + keyStream);
return null;
}
Hi,
To handle sign out, I understand the token cookie has to be deleted, however to do this one has to know its name. Since GitkitClient is initialized with the cookie name it would be convenient if it would be possible to access it without having to parse the original configuration input.
i.e. provide gitkitClient.getCookieName()
After signout it makes sense to redirect the user to the original signin/widget url as a confirmation of his signout. Again it would be useful to get the widget Url directly from GitkitClient
i.e. provide gitkitClient.getWidgetUrl()
thank you and best regards - Robert
Hi
'Password-users' have their email not verified and we need to know this in our signin flow. However, GitkitUser does not expose the JSON value of "verified".
GitkitClient provides a validateTokenToJson which we can use to get to the information but for this we have to get the token value first and getting the token we have to read the cookie again.
JsonObject jsonToken = gitkitClient.validateTokenToJson(getCookieAGAIN());
It would be great to:
best regards - Robert
I am trying to get an email verification link for a particular email registered user via System.out.println(gitkitClient.getEmailVerificationLink(gitkitUser.getEmail()));
. However, I am getting this exception: com.google.identitytoolkit.GitkitServerException: org.json.JSONException: JSONObject["access_token"] not found.
May I know what have I done wrong.
Thanks in advance.
Has only private constructors, which are unaccessible outside the library.
Hi,
According to current documentation (https://developers.google.com/identity/toolkit/web/reference/relyingparty/uploadAccount), GKit supports "rounds", "memoryCost" parameter for uploadAccount method.
Unfortunately, current version of identity-toolkit-java-client doesn't support these parameters.
Could you please add them.
Best,
Andrei
GitkitClient should allow to be configured with proxy parameters, if not it is not usable when you are behind a proxy.
Maybe by just doing a "proxy" version of the HttpSender should be enough...
I would love to see an example of gitkit usage with some kind of container authentication. I've tried to get it working using the docs and quickstart application but have been unsuccessful thus far. Is there such a thing available? Thanks.
Hi,
jsontoken uses httpcore 4.0.1
[INFO] +- com.googlecode.jsontoken:jsontoken:jar:1.1:compile
[INFO] | +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] | - org.apache.httpcomponents:httpcore:jar:4.0.1:compile
which is tough when I need this:
[INFO] | +- org.apache.httpcomponents:httpclient:jar:4.3.6:compile
[INFO] | | - org.apache.httpcomponents:httpcore:jar:4.3.3:compile
any chance that jsontoken gets brought up to speed, or dropped as a dependency in favour of another library?
It appears that whenever the user enters a gmail address, it automatically connects them with Google Plus as the identity provider.
This brings up 2 issues:
Am I missing something?
If not, Can you fix this limitation?
Thanks
This library used to work fine with previous App Engine SDKs, but I'm getting the following errors with the current version:
java.nio.file.Files is not supported by Google App Engine's Java runtime environment
java.nio.file.Paths is not supported by Google App Engine's Java runtime environment
Is there any workaround for this issue? The only place these objects have been used in the library is one line in the public static GitkitClient createFromJson()
method. Is this method expendable?
Hi,
I noticed that 'password-users' do not have a verified email. In the forum I saw a suggestion to implement it by getting a oobCode and validating the email ourselves. So I managed to do this, but I had to 'clone' RpcHelper class to make the following requests:
String oobCode=rpcHelper.getOobCode(params).getString("oobCode");
<<
rpcHelper.invokeGoogle2LegOauthApi("setAccountInfo", params));
<<
Thus my suggestion:
Since there are a number of git-API calls not supported currently it would be extremely useful to get
Thank you and best regards - Robert
Calling this method gets the following exception:
com.google.identitytoolkit.GitkitClientException: Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.
at com.google.identitytoolkit.RpcHelper.checkGitkitException(RpcHelper.java:346)
at com.google.identitytoolkit.RpcHelper.invokeGitkitApi(RpcHelper.java:272)
at com.google.identitytoolkit.RpcHelper.getAccountInfo(RpcHelper.java:118)
at com.google.identitytoolkit.GitkitClient.getUserByToken(GitkitClient.java:180)
The method should call invokeGoogle2LegOauthApi("getAccountInfo", params)
instead to send an access token.
The project uses both gson and json, although gson can probably do everything that json can. Is there any reason why both are needed, and if not, can json be removed so to reduce dependencies?
Hi
Using the uploadUsers method of a GitkitClient object I was able to upload two users with the same email address and different localId.
How is this allowed ?
It seems to me like a bug. Can you please fix ?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.