DEVHIDE
Login Or Sign up

What is the relationship between AbstractAuthorizationCodeServlet and AbstractAuthorizationCodeCallbackServlet?

298 Views Asked by At

I'm trying to understand this example project which uses Google's OAuth library to let users login with their Google account.

Specifically, I'm trying to understand the relationship between Oauth2AuthorizationCodeServlet.java and Oauth2CallbackServlet.java. I know that Google's OAuth 2.0 library uses them to kick off the authorization flow and to handle the result after the user logs in, and I've read through the documentation for both abstract classes, but I'm wondering why both classes need to repeat the same logic?

  • Both classes define getUserId() functions which return the same value.
  • Both classes define initializeFlow() functions which return the same value.
  • Both classes define getRedirectUri() functions which return the same value.

The code works fine, and I can see that the functions are called in this order:

  1. Oauth2AuthorizationCodeServlet#getUserId()
  2. Oauth2AuthorizationCodeServlet#initializeFlow()
  3. Oauth2AuthorizationCodeServlet#getRedirectUri()
  4. Oauth2CallbackServlet#initializeFlow()
  5. Oauth2CallbackServlet#getRedirectUrl()
  6. Oauth2CallbackServlet#getUserId()
  7. Oauth2CallbackServlet#onSuccess()

But I'm wondering why the repeated functions in Oauth2CallbackServlet are necessary.

Why can't Google's OAuth 2.0 library use the values returned by the first class? Would it ever make sense for the corresponding functions to return different values? For example, would it ever make sense for their getRedirectUrl() functions to return different URLs?

java google-cloud-platform oauth-2.0 google-oauth google-oauth-java-client
Original Q&A
1

There are 1 best solutions below

0
On

Here is simplified diagram of google oauth login flow.

enter image description here

No 1. here represents Oauth2AuthorizationCodeServlet

No 2. here represents Oauth2CallbackServlet

Those are two different servlets, responsible for separate parts of login flow. 1 - redirects user to google login form with some url params like redirect url. 2 - handles callback after user finished with login, this servlet can access user info from google, perform actions on user behalf in google etc.

To answer your questions:

Why can't Google's OAuth 2.0 library use the values returned by the first class?

Those are two separate servlets - it would be incorrect to perform communication between two separate servlets.

Would it ever make sense for the corresponding functions to return different values? For example, would it ever make sense for their getRedirectUrl() functions to return different URLs?

In common scenario i don't think it makes sense to return different values from those servlets, but maybe some exotic scenario exists, where you have to support multiple google login callback urls for different use cases.

Related Questions in JAVA

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in OAUTH-2.0

Related Questions in GOOGLE-OAUTH

Related Questions in GOOGLE-OAUTH-JAVA-CLIENT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.