Add OAuth support to your Vaadin applications by embedding a button that does the work for you. This addon uses the terrific Scribe library under the covers, which supports all major OAuth services out-of-the-box.
The API for this add-on aims to make configuration as simple as possible without hiding any functionality to allow fine-tuning for unsupported OAuth services. The button provided by this add-on opens a popup window which handles the OAuth authentication.
Since the OAuth dialog is opened in a separate window, the application should enable server push. Otherwise the actual application UI will not be updated when the OAuth window has been closed.
You can download this addon directly from the Vaadin Directory here: https://vaadin.com/directory#!addon/oauth2-popup-add-on. You can also use Vaadin's Maven repository to add it to your project. See the add-on page for more information.
Note that if you add the JARs to your project manually you will also need the ScribeJava dependency as well:
<dependency>
<groupId>com.github.scribejava</groupId>
<artifactId>scribejava-apis</artifactId>
<version>2.7.3</version>
</dependency>
This project was forked from @ahn's initial implementation and is available as a separate add-on in the Vaadin Directory (http://vaadin.com/addon/oauth-popup-add-on). Major differences between the two projects include:
- Use of the latest Scribe library to support all major OAuth 1.0a and 2.0 services out-of-the-box.
- Add extensive Javadoc documentation.
- Add flexibility allowing fine-grained control of OAuth parameters.
- Create an OAuth Popup button for any OAuth API supported by Scribe without subclassing.
To use OAuth, you must first create an application for the service in question. Give the applications key and secret to the constructor of OAuthPopupButton (or of its subclass such as TwitterButton). For example, Twitter applications can be created here.
import com.github.scribejava.core.model.OAuth1AccessToken;
import com.github.scribejava.core.model.OAuth2AccessToken;
...
OAuthPopupButton twitter = new OAuthPopupButton(
com.github.scribejava.apis.TwitterApi.instance(), "my-key", "my-secret");
twitter.addOAuthListener(new OAuthListener() {
@Override
public void authSuccessful(Token token, boolean isOAuth20) {
// Do something useful with the OAuth token, like persist it
if (token instanceof OAuth2AccessToken) {
((OAuth2AccessToken) token).getAccessToken();
((OAuth2AccessToken) token).getRefreshToken();
((OAuth2AccessToken) token).getExpiresIn();
} else {
((OAuth1AccessToken) token).getToken();
((OAuth1AccessToken) token).getTokenSecret();
}
}
@Override
public void authDenied(String reason) {
Notification.show("Failed to authenticate!", Notification.Type.ERROR_MESSAGE);
}
});
layout.addComponent(twitter);You can also control each aspect of the OAuth authorization flow by using an OAuthConfig object:
OAuthPopupConfig config = OAuthPopupConfig.getStandardOAuth20Config("my-key", "my-secret");
config.setGrantType("authorization_code");
config.setScope("https://www.googleapis.com/auth/plus.login");
config.setCallbackUrl("urn:ietf:wg:oauth:2.0:oob");
OAuthPopupButton google = new OAuthPopupButton(GoogleApi20.instance(), config);
...By default, the OAuth window is opened in a new tab in most browsers. You can control that by setting the features that are redirected to the BrowserWindowOpener of the button.
button.setPopupWindowFeatures("resizable,width=400,height=300");If you like to use some component other than button to open the popup window,
you can extend any component with an OAuthPopupOpener.
Contributions are appreciated as well. Process for contributing is the following:
- Fork this project
- Create an issue to this project about the contribution (bug or feature) if there is no such issue about it already. Try to keep the scope minimal.
- Develop and test the fix or functionality
- Refer to the fixed issue in commit
- Send a pull request for the original project
- Comment on the original issue that you have implemented a fix for it
To get, compile and run the project:
git clone https://github.com/bdunn44/vaadin-oauthpopup.git
cd vaadin-oauthpopup
gradlew :oauthpopup-demo:vaadinRun
To see the demo, navigate to http://localhost:8080/
Add-on is distributed under Apache License 2.0. For license terms, see LICENSE.txt.