Good article.
However in step "6. Authenticate the user", I fail to see how the
authenticity of the JWT is verified. Is that just omitted to simplify
the example?
Also in step "5. Obtain user information from the ID token", I assume
that this code extracts the Bearer JWT from the OAuth reponse?
|
String idToken= oAuthResponse.getParam(||"id_token"||);
|Is the content of idToken the same exact value that would be presented
in the Authorization header of the subsequent request?
On 5/17/14 3:43 PM, larry mccay wrote:
Here is a good article on using Oltu in JAX-RS to authenticate a google
user and acquire user profile information:
http://carminedimascio.com/2014/02/google-oauth2-and-jax-rs/
Note the use of JWT as well.
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
