I am trying to implement the Google OpenID + OAuth Hybrid Protocol to identify my users and access their Google calendar data.
An example query looks like this:
https://www.google.com/accounts/o8/id ?openid.ns=http://specs.openid.net/auth/2.0 &openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select &openid.identity=http://specs.openid.net/auth/2.0/identifier_select &openid.return_to=http://www.example.com/checkauth &openid.realm=http://www.example.com &openid.assoc_handle=ABSmpf6DNMw &openid.mode=checkid_setup &openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0 &openid.oauth.consumer=www.example.com &openid.oauth.scope=http://docs.google.com/feeds/+http://spreadsheets.google.com/feeds/
I am using openid4java. I tried to follow this post: library-to-integrate-googles-oauth-openid-hybrid-in-java-web-app
But I had problems when testing my application on a local hosting.
As you can see in the above sample request, there are three attributes that should be equal:
openid.realm openid.oauth.consumer openid.return_to
I registered some domain with google and got a consumer key and secret. But when I want to develop and debug my application on localhost (i.e. openid.return_to = http: // localhost: 8080 / and openid.realm = http: //*.mydomain.com and openid.oauth.consumer = www.mydomain .com) and provide my key and secret, openid4java RealmVerifier rejects such an authentication request.
I even tried to provide completely valid parameters (my registered domain instead of localhost) - it seemed to function, but the redirection was gone (I do not want / cannot deploy the application in this domain due to missing technologies.).
Could you advise how to develop such an application on a local host? Is there any trick how to test such an application?
Thanks for any help!
Martin Vejmelka
source share