tags:

views:

202

answers:

2
+1  Q: 

Oauth callback problem

I am using OAuth with google data api. We have a portal only for authorized users. So when users are logged in and if they are accessing calendar page, they will be asked if they want to sync their calendars with google calendar. If yes, they will be redirected for authentication. Once user has granted access, google appends OAuth_Token to the callback URL. the callback URL was that of the page of calendar in portal. This url has its query string options encrypted. But when the redirection happens , it takes back to login page of url.

url is like http://aaa.xyz.com/(encrypted part of query string) and after oauth_token is authorized, this url becomes

http://aaa.xyz.com/(encrypted part of query string)&oauth_token. So the user sees the login page after redirection instead of original page. How should I handle this in code.

+1  A: 

When a user logs in to your site, make sure that the user session "state" is stored in the session, so that when the redirection from Google OAuth returns back to the page, you check if the user "state" is found in the session. If it is, return to last page user visited, else goto login.

That's what I have done when I implemented SSO for a banking site.

The Elite Gentleman  2010-04-02 00:30:26
I guess this is a good option when you work with servlets, unfortunately I am not working with servlets.
yogsma  2010-04-05 14:10:09
What Framework are you using?
The Elite Gentleman  2010-04-05 14:12:11
I am working on custom hibernate kind of framework.
yogsma  2010-04-05 15:18:15
+1  A: 

You can always use Out of Band OAuth, passing oauth_callback='oob'.

That will make no redirects to your page but show the verifier so the user can copy/paste it in your app.

This is more cumbersome for your users, but if the access tokens expire long enough, it won't be that bad.

Pablo Fernandez  2010-04-02 17:36:13
how do you use this with google data api where you need to set the score?
yogsma  2010-04-05 15:24:16
I mean scope* (typo)
yogsma  2010-04-05 15:46:12
scope is a different oauth parameter AFAIK
Pablo Fernandez  2010-04-05 17:06:24

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java