I'm building a Java web app that needs access to a user's Google Calendar data - therefore I thought the OAuth/OpenID hybrid is the best way to go.
What's the best library to handle the job - and reduce the amount of code on my end?
I tried openid4java & Spring Security OpenID (both don't support hybrid) as well as dyuproject (couldn't get it integrated).
PS: GAE is not an option
Any ideas?
I don't know any integrated library but I do it with an OpenID library (openid4java), an OAuth library (net.oauth Java implementation [Edit: or Scribe]) and my bare hands as follows:
My OAuth consumer key is like www.example.com so I use http://*.example.com as OpenID realm.
I add following parameters (to redirect url or form) when redirecting user to Google OpenID endpoint:
openid.ns.ext2=http://specs.openid.net/extensions/oauth/1.0
openid.ext2.consumer=<my oauth consumer key>
openid.ext2.scope=<oauth scope to be authorized>
In return in addition to plain OpenID response I receive:
openid.ext2.request_token=<request-token>
I exchange received request-token with access-token and access-secret which are what is needed to make OAuth-authorized calls. That's all!
Note that in plain OAuth along with request-token you have to use a request-secret and verifier but here you don't need them.
To have a better view you may read Google OAuth, Google OpenID and OpenID OAuth Extension.
Edit: Here (comment 8) is the OAuth extension for openid4java that does above for you.
It does not support OpenID but, Scribe is a very good OAuth Java library that supports Google.
