From cde46f3b9534cc479d02b3d3da8db1a1345103f9 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 28 May 2015 16:25:38 -0400 Subject: [PATCH] Updated Sample Static Configuration for using Google Authentication (markdown) --- ...uration-for-using-Google-Authentication.md | 41 +++++++------------ 1 file changed, 14 insertions(+), 27 deletions(-) diff --git a/Sample-Static-Configuration-for-using-Google-Authentication.md b/Sample-Static-Configuration-for-using-Google-Authentication.md index ead4513..d159cd5 100644 --- a/Sample-Static-Configuration-for-using-Google-Authentication.md +++ b/Sample-Static-Configuration-for-using-Google-Authentication.md @@ -1,8 +1,6 @@ **Note that these instructions work only with the 1.2 development branch at this time.** -Google has a couple non-standard behaviors that had to be addresses as a special case, thus you can't really use all the types of server configurations, and will be limited to Hybrid or Static where Google is setup in a particular way. - -You have to have the Google+ API enabled in order for this to work. +Google does not allow dynamic client registration, but is otherwise compliant with the OpenID Connect protocol. You have to have the Google+ API enabled in your Google Developer Console order for this to work. There you create The following example is based on making the sample simple-web-app to work with a Static configuration that uses Google Authentication, one can extrapolate from this to get a Hybrid configuration working. The updates shown here were done to the `src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml` file (see [client configuration](Client-configuration)). @@ -12,49 +10,38 @@ The following example is based on making the sample simple-web-app to work with - + ``` -1. Setup your issuer to be "Google". Not the effect of this on the simple client is that it will basically ignore anything you type on the entry box during Login. +1. Setup your issuer to be `https://accounts.google.com`. This example uses the static issuer service; note the effect of this on the simple client is that it will basically ignore anything you type on the entry box during Login. To use multiple issuers, use a different issuer service and have a selector page where one of the options is `https://accounts.google.com`. + ``` xml - + ``` -1. Configure the Google Server entry to use the OAuth2.0/OIDC endpoints Google uses. This is where the non-standard behaviors are addressed. The "issuer" is not prefixed with "https://" and thus a static configuration is needed, and Google processing does not ignore the "nonce" parameter, which required the addition of the "nonceEnabled" property. +1. Google's server configuration can be discovered dynamically from the issuer. + ``` xml - -     -        -           -              -                 -                 -                 -                 -                 -                 -              -           -        -     - + ``` -1. Finally, you must configure your client to work with Google requirements. Replace anything called "my-*" with your actual values, obtained from your Google API via the Google Developers Console. +1. Finally, you must statically configure your client to work with Google requirements. Replace anything called "my-*" with your actual values, obtained from your Google API via the Google Developers Console. + ``` xml - + + openid @@ -62,7 +49,6 @@ The following example is based on making the sample simple-web-app to work with profile - https://my-redirect-uri-setup-in-google/ @@ -73,4 +59,5 @@ The following example is based on making the sample simple-web-app to work with - ``` \ No newline at end of file + ``` +