Google Client Login Handling AuthToken

Question

I have a non-gae, gwt application and it have a module that allows users to create documents online via google docs api.

To do that, i first ask user to enter the name and type of the document, than create a new document via google docs api with the given parameters and onSucces part of that servlet returns edit link which is used in client side to open a new page to edit the created document.

Problem that, eachtime i try to open that editLink user have to enter login informations. To solve this i try to use Google Client Login but i am totally lost i think.

First i have username and password of user and can directly use them, after searching i tried some examples which usually returns a token like this and that. Now what should i do with token? How can it be used to complete login process or should totally find another way to do login? All those oauth1,oauth2 and etc. documentations confused me a little bit.

here are my steps;

Server side;

    LinkedHashMap<String, String> hashMap = new LinkedHashMap<String, String>();

    // Login
    DocumentList docList = new DocumentList("document");
    docList.login(ServletUtil.googleDocsLoginInfo().get("username"), ServletUtil.googleDocsLoginInfo().get("password"));

    //Create document with a unique suffix
    String docName= parameterName+ "-Created-" + new Date();
    docList.createNew(docName, dosyaTur);

    // Find the created document and store editLink
    DocumentListFeed feed = docList.getDocsListFeed("all");

    for (final DocumentListEntry entry : feed.getEntries()) {

        if (entry.getTitle().getPlainText().equals(docName)) {

            hashMap.put("editlink", entry.getDocumentLink().getHref());

        }

    }

    return hashMap;

And Client side;

    @Override
    public void onSuccess(LinkedHashMap<String, String> result) {


        String editLink = result.get("editlink");

        Window.open(editLink,"newwindow","locationno");

    }

Thanks for your helps.

Answer 1

If I may suggest using OAuth instead of Client Login, which is outdated and less secure. The functionality is basically the same (for OAuth 2.0 there are more ways to handle the login).

I know, trying to understand how to access the api via OAuth is very confusing, so I try to break it down a little:

If you use OAuth 2.0 you may want to use a library like this one or you can try out my own (although I wrote it for Android, this could work with other Java Apps including Web Apps)

This is what happens when a user logs in the first time with your app:

1. > Your App sends an authorization request containing some information about your app - for example your app needs to be registered with google and therefore has a special application key
2. < The Server sends you a url, open it in a new browser window and let the user login. There he will be asked to allow your app to access his account (or some parts of it) - when he confirms he will be prompted an Authorization Code which he needs to copy
3. > The user gets back to your app, where you will ask him for the authorization code. After he gave it, your app connects again with the server and sends the code as some kind of authorization grant of the user.
4. < The Server answers with a access token
5. All you need to do is use this access token (also called a bearer token) in all your requests to the server hidden in the header message.

I am sorry I can't give you a more precise answer right now, since I never used GWT. All I can say is, try using OAuth2, it is actually very simple (after you learn what all this confusing things like authorization flow, bearer token etc are) and really comfortable for your user, once the he has done the first login.