I want OpenID on GAE/J. I don't want yet another +100kB JAR. Am I lost?

views:

197

answers:

+6 Q:

I want OpenID on GAE/J. I don't want yet another +100kB JAR. Am I lost?

Usually people ask for 'best library', but I assume OpenID authentication is only a couple of requests in/out...? And I'm on GAE where more JARs means slower cold-start. For example openid4java-0.9.5.jar has 190kB. That seems like an insanely high cost for some URL reading and text parsing.

Am I missing something? Is it more complicated then what is needed when requesting access_token and user info from Facebook?

Is there some well explained howto? (This looks good but seems to be useful only for Google Accounts.)
Or is the authentication that complicated (or identity providers that non-compatible) that I should just accept +190kB and add them to my JARs? (Or maybe wait with OpenID for now.)

Check out link text where I explain how I'm using Spring Security's OpenID-implementation. More .jars indeed, but a lot less OpenID-coding!

2010-06-22 21:45:19

What a wall of text! This looks way better: userService.createLoginURL("/loginHandler", null, federatedIdentity, null); userService.getCurrentUser(); No three-page manual, no additional JARs, tested with Google end-point and MyOpenId.com, works fine. (I'd gladly assist if you needed.) Thanks anyways, cheers!

Jaroslav Záruba 2010-06-23 02:41:20

I think it's always better to use a good library than to write thing by oneself. Is 100 kB a big amount for a server-side code? If you really want to reduce the size of your final code, better use a good obfuscator, for example ProGuard can shorten method names and remove unnecessary code.

But remember that premature optimization is the root of all evil - such stripping JARs may have big sense for applets or other code that users have to download, but IMO has little sense for server-side applications.

iirekm 2010-10-12 14:02:08

Thanks, but I don't think it is reasonable to use library for something that can be done in 5 lines of code. But it is very common thing to see...

Jaroslav Záruba 2010-10-13 11:41:07

+1 A:

Use the Federated login characteristics provided by the Google App Engine. Federated Login refers to any service that allows users to create a single ID or account and use it to authenticate with various services. OpenID is the only Federated Login supported by the Google App Engine Users service.

You can find more information about the Authentication Options here: http://code.google.com/appengine/docs/java/users/overview.html#Authentication_Options

And I would recommend to read the "User Experience summary for Federated Login" also: http://sites.google.com/site/oauthgoog/UXFedLogin/summary

ramayac 2010-10-17 16:37:21

Thanks, I already got the answer, see above. (It has not been marked because it was given in a comment.)

Jaroslav Záruba 2010-10-18 11:43:49

+1 for the default Open Id (though experimental) support in GAE

Nevertheless, I've used RPX (now janrain) : http://www.janrain.com/products/engage eariler. Nicely fits into your requirement - no jars, least amount of code and support for all login openid / social interfaces. All you need a publicly accessible call back URL.

Check it out!

madhurtanwani 2010-10-21 11:18:50

ansaurus

tags:

views:

answers:

I want OpenID on GAE/J. I don't want yet another +100kB JAR. Am I lost?

related questions