List of usage examples for com.google.api.client.googleapis.auth.oauth2 GoogleIdToken getPayload
@Override
public Payload getPayload()
From source file:function.IdTokenVerifierAndParser.java
public static GoogleIdToken.Payload getPayload(String tokenString) throws Exception { JacksonFactory jacksonFactory = new JacksonFactory(); GoogleIdTokenVerifier googleIdTokenVerifier = new GoogleIdTokenVerifier(new NetHttpTransport(), jacksonFactory);// www.j a va2s .com GoogleIdToken token = GoogleIdToken.parse(jacksonFactory, tokenString); if (googleIdTokenVerifier.verify(token)) { GoogleIdToken.Payload payload = token.getPayload(); if (!GOOGLE_CLIENT_ID.equals(payload.getAudience())) { throw new IllegalArgumentException("Audience mismatch"); } else if (!GOOGLE_CLIENT_ID.equals(payload.getAuthorizedParty())) { throw new IllegalArgumentException("Client ID mismatch"); } return payload; } else { throw new IllegalArgumentException("id token cannot be verified"); } }
From source file:io.mapping.api.billsplit.resources.ConnectGoogleResource.java
License:Apache License
@POST @Path("google") @Produces(MediaType.APPLICATION_JSON)//from www. jav a2 s. co m public GoogleTokenResponse connectGoogle(@Context HttpServletRequest request, @Context HttpServletResponse response, @QueryParam("state") final String state) throws IOException { // Check to see if they're already connected String token = mOAuth2Helper.getToken(request); if (token != null) { return mOAuth2Helper.parseGoogleToken(token); } // Allow forcing state if (state != null) { mOAuth2Helper.setState(request, state); } // Ensure the state parameter matches up if (!mOAuth2Helper.checkState(request, response)) { throw new InvalidOAuthStateException(500); } // Get the authorization code ByteArrayOutputStream resultStream = new ByteArrayOutputStream(); getContent(request.getInputStream(), resultStream); String code = new String(resultStream.toByteArray(), "UTF-8"); if (code == null) { throw new NullOAuthCodeException(500); } // Upgrade the authorization code into an access token and refresh token GoogleTokenResponse tokenResponse; try { tokenResponse = new GoogleAuthorizationCodeTokenRequest(mHttpTransport, mJacksonFactory, mGoogleClientSecrets.getWeb().getClientId(), mGoogleClientSecrets.getWeb().getClientSecret(), code, GOOGLE_REDIRECT_URI).execute(); } catch (TokenResponseException ex) { throw new Builder(500).message(ex.getMessage()).build(); } // Parse out the Google+ ID GoogleIdToken idToken = tokenResponse.parseIdToken(); String userId = idToken.getPayload().getSubject(); // Verify the token boolean verified = false; try { verified = new GoogleIdTokenVerifier.Builder(mHttpTransport, mJacksonFactory).build().verify(idToken); } catch (GeneralSecurityException e) { throw new Builder(500).message(e.getMessage()).build(); } if (!verified) { throw new Builder(500).message(Messages.TOKEN_VERIFICATION_FAILED).build(); } // Create a credential representation of the token data GoogleCredential credential = mOAuth2Helper.getGoogleCredential(tokenResponse); // Check token validity mOAuth2Helper.checkGoogleTokenValidity(credential, userId); // Store the token for next time mOAuth2Helper.setToken(request, mJacksonFactory.toString(tokenResponse)); return tokenResponse; }
From source file:io.sgr.social.signin.google.GoogleSignInService.java
License:Apache License
private static GoogleAccount parseGoogleAccountFromIdToken(String clientId, String idTokenString) { Preconditions.notEmptyString(clientId, "OAuth client ID should be provided."); Preconditions.notEmptyString(idTokenString, "IdToken should be provided."); GoogleIdTokenVerifier oldVerifier = new GoogleIdTokenVerifier.Builder(getDefaultHttpTransport(), getDefaultJsonFactory()).setAudience(Collections.singletonList(clientId)) // For Android Play Services older than 8.3 and web client .setIssuer("accounts.google.com").build(); GoogleIdTokenVerifier newVerifier = new GoogleIdTokenVerifier.Builder(getDefaultHttpTransport(), getDefaultJsonFactory()).setAudience(Collections.singletonList(clientId)) // For Android Play Services newer than 8.3 .setIssuer("https://accounts.google.com").build(); GoogleIdToken idToken; try {/*w w w . j av a 2 s . c o m*/ idToken = oldVerifier.verify(idTokenString); if (idToken == null) { idToken = newVerifier.verify(idTokenString); } } catch (Exception e) { LOGGER.error(e.getMessage(), e); return null; } if (idToken == null) { LOGGER.warn(String.format("Invalid or expired Google ID token: %s", idTokenString)); return null; } Payload payload = idToken.getPayload(); for (Entry<String, Object> entry : payload.entrySet()) { LOGGER.trace(String.format("%s=%s", entry.getKey(), entry.getValue())); } return idTokenPayloadToGoogleAccount(payload); }
From source file:lockServer.UserConnection.java
@Override public void run() { try (Scanner scanner = new Scanner(mSocket.getInputStream()); PrintWriter writer = new PrintWriter(mSocket.getOutputStream(), true)) { if (scanner.hasNextLine()) { String data = scanner.nextLine(); System.out.println("Received from app: " + data); writer.println("Received"); HttpTransport transport = new NetHttpTransport(); JsonFactory json = new JacksonFactory(); GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, json) .setAudience(Arrays.asList(SERVER_CLIENT_ID)).build(); GoogleIdToken idToken = verifier.verify(data); if (idToken != null) { Payload payload = idToken.getPayload(); System.out.println("User ID: " + payload.getSubject()); System.out.println("User email: " + (String) payload.get("email")); }/*w w w . ja v a 2 s .c o m*/ } } catch (IOException ex) { System.out.println("User Socket IO Error: " + ex.getMessage()); } catch (GeneralSecurityException ex) { System.out.println("User Socket General Security Error: " + ex.getMessage()); } }
From source file:me.lazerka.gae.jersey.oauth2.google.TokenVerifierGoogleSignature.java
License:Apache License
@Override public GoogleUserPrincipal verify(String token) throws IOException, GeneralSecurityException { GoogleIdToken idToken; try {//from w w w. java 2 s . co m idToken = GoogleIdToken.parse(verifier.getJsonFactory(), token); } catch (IllegalArgumentException e) { throw new InvalidKeyException("Cannot parse token as JWS"); } if (!verifier.verify(idToken)) { String email = idToken.getPayload().getEmail(); // Give meaningful message for the most common case. DateTime now = nowProvider.get(); if (!idToken.verifyTime(now.getMillis(), verifier.getAcceptableTimeSkewSeconds())) { throw new InvalidKeyException("Token expired for allegedly " + email); } throw new InvalidKeyException("Invalid token for allegedly " + email); } Payload payload = idToken.getPayload(); return new GoogleUserPrincipal(payload.getSubject(), payload.getEmail()); }
From source file:nu.t4.beans.APLManager.java
public GoogleIdToken.Payload googleAuth(String idTokenString) { //Varibler fr verifiering HttpTransport httpTransport;// w w w . ja v a2 s . c om JsonFactory jsonFactory; GoogleIdTokenVerifier verifier; try { jsonFactory = JacksonFactory.getDefaultInstance(); httpTransport = GoogleNetHttpTransport.newTrustedTransport(); verifier = new GoogleIdTokenVerifier.Builder(httpTransport, jsonFactory) .setAudience(Arrays.asList(CLIENT_ID)).build(); } catch (Exception e) { return null; } GoogleIdToken idToken; try { idToken = verifier.verify(idTokenString); } catch (Exception ex) { return null; } //idToken blir null ifall den r felaktig if (idToken != null) { //Ta ut datan vi behver frn det verifierade idTokenet return idToken.getPayload(); //if (payload.getHostedDomain().equals(APPS_DOMAIN_NAME)) { /* } else { return Response.status(Response.Status.FORBIDDEN).build(); }*/ } else { return null; } }
From source file:org.ctoolkit.services.endpoints.FirebaseJwtAuthenticator.java
License:Open Source License
@Override public User authenticate(HttpServletRequest request) { String token = GoogleAuth.getAuthToken(request); if (!GoogleAuth.isJwt(token)) { logger.warn("Not a JWT token."); return null; }/*from w ww . j ava 2 s . c o m*/ GoogleIdToken idToken; try { idToken = getVerifier().verify(token); if (idToken == null) { return null; } } catch (Exception e) { logger.warn(e.getMessage()); return null; } String userId = idToken.getPayload().getSubject(); String email = idToken.getPayload().getEmail(); String audience = (String) idToken.getPayload().getAudience(); User user; if (email == null) { return null; } else { VerifiedUser.Builder builder = new VerifiedUser.Builder(); builder.email(email).userId(userId).audience(audience).token(token); user = new VerifiedUser(builder); request.setAttribute(VerifiedUser.class.getName(), user); } logger.info("Firebase authenticated user: " + user); return user; }
From source file:org.curioswitch.common.server.framework.auth.googleid.GoogleIdAuthorizer.java
License:Open Source License
@Override public CompletionStage<Boolean> authorize(ServiceRequestContext ctx, OAuth2Token data) { final GoogleIdToken token; try {//w ww . ja v a 2s .c o m token = GoogleIdToken.parse(JacksonFactory.getDefaultInstance(), data.accessToken()); } catch (IOException e) { logger.info("Could not parse id token {}", data.accessToken()); return completedFuture(false); } return verifier.verify(token).thenApply(result -> { if (!result) { logger.info("Invalid signature."); return false; } if (!commonNamesProvider.get().contains(token.getPayload().getEmail())) { logger.info("Rejecting client: {}", token.getPayload().getEmail()); return false; } return true; }); }
From source file:org.curioswitch.curiostack.gcloud.core.auth.GoogleIdTokenVerifier.java
License:Open Source License
public CompletableFuture<Boolean> verify(GoogleIdToken token) { Instant currentTime = clock.instant(); if (currentTime.isAfter( Instant.ofEpochSecond(token.getPayload().getExpirationTimeSeconds()).plus(ALLOWED_TIME_SKEW))) { return completedFuture(false); }// ww w. java 2s . c om if (currentTime.isBefore( Instant.ofEpochMilli(token.getPayload().getIssuedAtTimeSeconds()).minus(ALLOWED_TIME_SKEW))) { return completedFuture(false); } return publicKeysManager.getKeys().thenApply(keys -> { for (PublicKey key : keys) { try { if (token.verifySignature(key)) { return true; } } catch (GeneralSecurityException e) { throw new IllegalArgumentException("Could not verify signature.", e); } } return false; }); }
From source file:org.geocachingtools.geoui.OAuthServlet.java
License:Open Source License
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> * methods.// ww w .j av a 2 s. c om * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { // Set up the HTTP transport and JSON factory HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport(); JsonFactory jsonFactory = JacksonFactory.getDefaultInstance(); GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory) .setAudience(Collections.singletonList(CLIENT_ID)).build(); // (Receive idTokenString by HTTPS POST) GoogleIdToken idToken = verifier.verify(request.getParameter("idtoken")); if (idToken != null) { Payload payload = idToken.getPayload(); // Print user identifier String userId = payload.getSubject(); System.out.println("User ID: " + userId); // Get profile information from payload String email = payload.getEmail(); boolean emailVerified = payload.getEmailVerified(); String name = (String) payload.get("name"); String pictureUrl = (String) payload.get("picture"); String locale = (String) payload.get("locale"); String familyName = (String) payload.get("family_name"); String givenName = (String) payload.get("given_name"); System.out.println(email); // Use or store profile information // ... } else { System.out.println("Invalid ID token."); } } catch (GeneralSecurityException ex) { Logger.getLogger(OAuthServlet.class.getName()).log(Level.SEVERE, null, ex); } }