September 2013
PermaLink Adding Google/Facebook/LinkedIn OAuth Support to DropWizard09/15/2013
DropWizard is a nice lightweight ops-friendly (provides health metrics) one-fat-jar (not a WAR file because it embeds jetty so it doesn't require a Java app server) Java REST web service framework that provides Basic authentication and OAuth (same server) authentication for your web services, but it doesn't provide 3rd-party OAuth authentication (e.g., logging in via your Facebook or Google+ ID).  OAuth authentication requires that you write your own OAuthProvider which isn't documented very well in the manual (where it says "Because OAuth2 is not finalized, this implementation may change in the future"), though there is one limited functionality sample of doing it.

As an alternative, there is a DropWizard example that supports OpenID, but OpenID isn't as flexible as the OAuth APIs.  OpenID primarily provides login/authentication.  OAuth on the other hand, also provides authorization for more rich APIs (e.g., Facebook's Opengraph and Google G+, where you can access a users contacts, albums, post to feed, etc. which is just as important as authentication in applications today), and can provide login/authentication if you add the email scope to your OAuth request (unless you're using Twitter for your authentication in which case you can't get the user's email address so it can't be used as an authentication source effectively).  To confuse matters more, Google also support OpenID, but if you're planning to use your backend for Android authentication, you'll have to use OAuth; you don't want to be migrating users after choosing OpenID by mistake like Player.FM did.



(5)

Start Pages
RSS News Feed RSS Comments Feed CoComment Integrated
The BlogRoll
Calendar
March 2024
Su
Mo
Tu
We
Th
Fr
Sa
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Search
Contact Me
About Ken
Full-stack developer (consultant) working with .Net, Java, Android, Javascript (jQuery, Meteor.js, AngularJS), Lotus Domino