my dog learned polymorphism*
The moose likes Other Java Products and Servers and the fly likes questions regarding Google oauth for java desktop app Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Other Java Products and Servers
Bookmark "questions regarding Google oauth for java desktop app" Watch "questions regarding Google oauth for java desktop app" New topic
Author

questions regarding Google oauth for java desktop app

Yahya Elyasse
Ranch Hand

Joined: Jul 07, 2005
Posts: 510

hello,
i'm writing a java desktop app (namely an oppeoffice plugin). one of the requirements it to authenticate the user with Google using oauth.

i found two options:
1- using http://code.google.com/apis/accounts/docs/OAuth.html . for this method i need to use an embedded tomcat Lite server and also an embedded java Browser (SWT Browser).
2-the second option is to use ClientLogin for Installed Applications ( http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html)

my question : which login method you advise me to use? the first one is complicated requiring an embedded browser and server but seems powerful . the second method is simple but probably my users will feel their login is not secure because i'll be asking them to input their google username and password even-though i'll not store them.
can you advise me which option to use for my desktop application, and mention the pros and cons of both authentication methods mentioned above?

my second question is : will it be safe if i encrypt the google "access_token" and store it in user hard disk? will this pose any security risks?

thanks.
Sandy Marar
Greenhorn

Joined: Dec 22, 2011
Posts: 16
The best method will be to use OAuth2.0 for installed applications.
Yahya Elyasse
Ranch Hand

Joined: Jul 07, 2005
Posts: 510

Sandy Marar wrote:The best method will be to use OAuth2.0 for installed applications.

is OAuth2.0 any different from OAuth 1? where is the documentation for OAuth2.0 desktop client support?

thanks
Sandy Marar
Greenhorn

Joined: Dec 22, 2011
Posts: 16
OAuth 2.0 is considered to be a bit more easier to implement.I am also discovering the usefulness of OAuth 2.0 as I write this.The documentation can be found in the following link

http://code.google.com/apis/youtube/2.0/developers_guide_protocol_oauth2.html
Yahya Elyasse
Ranch Hand

Joined: Jul 07, 2005
Posts: 510

Sandy Marar wrote:OAuth 2.0 is considered to be a bit more easier to implement.I am also discovering the usefulness of OAuth 2.0 as I write this.The documentation can be found in the following link

http://code.google.com/apis/youtube/2.0/developers_guide_protocol_oauth2.html

thank you this seems interesting. i'll try reading this new OAuth2.0 documentation.
Sandy Marar
Greenhorn

Joined: Dec 22, 2011
Posts: 16
Your welcome!...Its always a better option as it is considered to be more secure.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: questions regarding Google oauth for java desktop app
 
Similar Threads
google oauth from swing
listen to events from a servlet in an embedded tomcat
Client-server design - XML, Proprietary or REST
OpenId + OAuth hybrid protocol Implementation for google using java
Waiting for page loading and get title of the page