I'm using the org.jboss.seam.security.openid.OpenId class to login user's to my seam webapp. Currently I'm saving the validatedId (openid.getValidatedId()) into the database, and asking the user to provide their own email address and first and last name after logging in. I'm using Google, Yahoo, AOL, and MyOpenID for the openId Providers.
Is there any way to retrieve the email address and or first/last name of the user without having them enter this in manually?
I had a quick glance at the OpenId class in Seam 2.2.0.GA and it already contains some tentative code for retrieving the user email address.
The code already ask for an email address when the user logs in.
protected String authRequest(String userSuppliedString, String returnToUrl)
throws IOException
{
...
// Attribute Exchange example: fetching the 'email' attribute
FetchRequest fetch = FetchRequest.createFetchRequest();
fetch.addAttribute("email",
"http://schema.openid.net/contact/email", // type URI
true); // required
And there's commented code for extracting that email from the response.
public String verifyResponse(HttpServletRequest httpReq)
{
...
// AuthSuccess authSuccess =
// (AuthSuccess) verification.getAuthResponse();
// if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
// FetchResponse fetchResp = (FetchResponse) authSuccess
// .getExtension(AxMessage.OPENID_NS_AX);
//
// List emails = fetchResp.getAttributeValues("email");
// String email = (String) emails.get(0);
// }
In any case you can probably use that code as a starting point.
Edit:
I managed to write a small demo based on the Seam OpenID sample. I unfortunately had to copy/paste the code from the Seam OpenId component since the existing bits of attribute-exchange code were incomplete and there's no obvious way to extend it.
I don't know if copy/pasting LGPL code is acceptable in your project. In any case Seam's OpenID component is only a thin wrapper around the openid4java library and could be rewritten easily.
Google, Yahoo, AOL, and MyOpenID
I attempted to fetch the email address and personal name of users signing-in from the four providers you mentioned. Here are the result of my little experiment.
From Google I obtain:
Gmail email address
First name
Last name
From AOL:
Email (default to AOL email but the user can type-in another)
From Yahoo:
Yahoo email address
Full Name (all in one string)
From myOpenID:
Email (if the user has filed one in his profile)
Full name (if the user has filed one in his profile)
I had to include both the http://schema.openid.net/contact/email and http://axschema.org namspaces in the request to get a response from all the providers.
Related
I'm using Java and Spring Boot to implement a Microservice ecosystem.
I have 3 logical boundaries:
Medicines (Resource Server)
Appointments (Resource Server)
Identity Federation (Authorization Server)
User's login information (username, password, roles, etc..) goes into the Identity Federation Microservice.
User's personal information (first name, last name, address, contact mediums, gender, etc..) goes into the Appointments Microservice.
Now, imagine a situation where at my Appointments Resource Server I have the following resource exposed:
GET /doctors/{id} - returns the personal information about the Doctor with the passed id
And at my Identity Federation Authorization Server I have the following:
POST /oauth/token - a resource that returns a token.
Now, imagine that I POST to /oauth/token at my Authorization Server and I got authenticated and receive a token.
Ok, now, I can use this token to do transactions with the Resource Servers.
If I send a GET to /doctor/1, my token gets parsed and I can read all of its claims. Roles, User Id, Username, etc..
The Doctor with id = 1 should not be able to see the personal information of other Doctor (eg.: Doctor with id = 4).
So, when the request arrives at /doctors/1, I need to check if the id on the token is the same that is being requested.
In Spring, would be something like this:
#GetMapping("/doctors/{id}")
#PreAuthorize("#id == authentication.doctorId")
public ResponseEntity<Object> handleGetDoctorsInformations(#PathVariable("id") Long id) {
// logic and return
}
But to be able to do that, I need to synchronize the ids on both Microservices (Appointments Resource Server and Identity Federation Authorization Server).
I can't use a Natural Key because I have three types of users (Doctor is just one of them) that can log-in, and the Natural Keys are different for both.
So, the id needs to be generated in somewhere.
I'm not sure which is the best way to it.
What our team have discussed:
Basically:
The front-end POST to Authorization Server with a whole Doctor JSON payload (with personal information AND login information).
The Authorization Server creates an account generating its unique id.
The Authorization Server increment the JSON payload with the generated id and then publishes the JSON to the Queue.
The Resource Server listens to the Queue, get the JSON and create the Doctor at his side, storing the Doctor personal Information.
Is this a bad way to do it?
In this specific case, you don't need to implement a queue with additional complexity just to verify special permission (here, read other doctors data) of a particular doctor. Instead, you can generate JWT token and embed specific privilege like 'READ_DOCTORS_INFO' on the payload of toke. Then your resource server which manages doctors information can verify provided token and allow specific user depending on the permissions embedded on JWT token.
I have the following use case in my app:
When a specific event happens in the app all interested users should be notified by email. Then if a user replies to the email, his reply should be shown in the event page in the app.
My initial idea was to create a temp mail alias of the main notification email every time when an event happens and send the notification email with that alias set in the Reply-To header. Then if someone replies to that mail by using the alias (let's say csa123423#mydomain.com) I can figure out which event this reply refers to.
It turned out that Spring's JavaMailSender doesn't provide a way to use aliases, so I tried with Gmail API. As far as I understood creating a Gmail alias means actually setting an already existing email in your domain as an alias for another already existing email in that domain. So the Java code to achieve this using Directory API and Gmail API would look like this:
User newUser = new User();
UserName userName = new UserName();
userName.setGivenName("xsd");
userName.setFamilyName("ewrewr");
newUser.setPrimaryEmail("bbb34262bb45#mydomain.com");
newUser.setPassword("12345");
newUser.setName(userName);
User result = directoryService.users().insert(newUser).execute();
SendAs sendAs = new SendAs().setSendAsEmail("bbb34262bb45#mydomain.com").setReplyToAddress("bbb34262bb45#mydomain.com").setDisplayName("My name").setTreatAsAlias(true);
SendAs sendAsResult = gmailService.users().settings().sendAs().create(user, sendAs).execute();
MimeMessage emailContent = createEmail("mymail#gmail.com", "bbb34262bb45#mydomain.com", "Test from app", "Test body");
Message message = createMessageWithEmail(emailContent);
message = gmailService.users().messages().send(user, message).execute();
But as far as I know there are some limits on the number of accounts you can create per domain/account and also Google would charge more for this.
Is there another easier way to create aliases in Gmail? Or is there another approach to achieve the desired functionality (linking mail replies to application content) without using mail aliases?
Try leveraging '+' functionality given by Gmail for creating temporary aliases.
The basic idea is if my email id is xyz#gmail.com, I can send/receive an email with xyz+1#gmail.com or xyz+anything_here#gmail.com and it will work like a charm.
You can utilize this by keeping the alias/unique-id after the '+' in the Gmail id and then parse this alias easily in your application.
I making one application that can send different email, but the email address depends of the user. I'm using mailjet to do this, after reading the doc, it's seem that i have to add every email for have the right to send email from this address, but this address are not generate by me (they are gmail, toto, etc)
I already use the Java API of mailjet to add user, and this part is working fine
But my problem is when the validation email arrive, and the person follow the link, mailjet ask to login, but he do not know what to do, because normally is my own account, i only what to add their email address to have the right to send email with them.
So the question, is how i can add email address (from gmail, yahoo...) and activate the user, without the login part.
Thanks for having choosen Mailjet to power your email!
I believe the right setup for you would be to use the Sender header. It will allow you to send email from a unique (or multiple, depending of your setup) pre-validated sender email addresses while setting the From email header to the email you want to send the email from.
In your recipients Inbox, it will display as foobar#gmail.com via notifications#mycompany.com, indicating clearly to the recipient that you're sending on behalf of foobar#gmail.com. This way, you won't be forced to validate each email address, just ones you'll
This is a very common setup for resellers and platforms sending a lot of personalised email.
In order to achieve this, please contact our [support team](https://app.mailjet.com/support] with a reference to our discussion here so they know what we're talking about. They'll guide you to the implementation it.
Hope it helps,
Best.
Im creating an application to login in Google+ and get friends emails.
Im authenticating succesfully and get token back , but when i fetch friends list , the user class of any single friends has emails=null...
here is the code (After already signed in and get authenticator class):
// Generated libraries for Google APIs
using Google.Apis.Authentication.OAuth2;
using Google.Apis.Authentication.OAuth2.DotNetOpenAuth;
using Google.Apis.Services;
using Google.Apis.Util;
using Google.Apis.Plus.v1;
using Google.Apis.Plus.v1.Data;
// For OAuth2
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2;
//....code for authentication skipped ....
//...callback from json (authentication success)
PlusService ps = new PlusService(new BaseClientService.Initializer()
{
Authenticator = authenticator
});
PeopleFeed peopleFeed = ps.People.List("me", PeopleResource.CollectionEnum.Visible).Fetch();
//After that when i inspect peopleFeed[0].Emails <--- this is null..
any help?
The Google+ API only returns public information. So even if you are permitted to see a person's email address, it does not necessarily mean that the information is public and that it will be returned.
Furthermore, the documentation at https://developers.google.com/+/api/latest/people/list only guarantees that the list of people returned will contain the person's
id
displayName
image
url
and that to get other information about the person, you will need to do a people.get against that ID. But, again, note that you may still not get their email if that information isn't public.
You could also use the Contacts v3 API to get friend's email addresses. You can cross map this to Google+ contacts by looking at the gContact:website element for the contact that comes back in the XML response:
<gContact:website href='http://www.google.com/profiles/1234567890' rel='profile'/>
In that element's href attribute, 1234567890 is the person identifier that would match the id field of the relevant person resource from people.list of the Google+ API.
Note that the profile link is not guaranteed to come back for a contact entry. This occurs when the contact has not been linked to a Google+ profile.
My first guess would be that it's a rights management issue. I remember when I asked for my Google API key, I had to mention what information I want to get.
Could you check your API key settings in the Google Developer network and see if you need to enable it there?
I have got accesstoken using oauth2.0. I am able to get the person name, gender, etc but I am not able to get the email address of the user.
Could any one please paste some sample code or any suggestions on how to get the email address from the google plus API?
You can retrieve a user's email address if they specifically authorize your application to see their email address.
Set your scopes to:
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/userinfo.email
The JavaScript calls look like this:
gapi.client.load('oauth2', 'v2', function() {
gapi.client.oauth2.userinfo.get().execute(function(resp) {
// Shows user email
console.log(resp.email);
})
});
gapi.client.load('plus', 'v1', function() {
gapi.client.plus.people.get( {'userId' : 'me'} ).execute(function(resp) {
// Shows other profile information
console.log(resp);
})
});
More information https://developers.google.com/+.
Note that you do not need scopes for plus.me or userinfo.profile.
Exposing E-mail addresses of people who have not set it to be visible to 'Public' would obviously be a privacy issue, so that's not possible.
Exposing E-mail addresses of people who have set their E-mail address visibility to 'Public' is possible, but not yet there. It is currently an open issue
Edit: The issue is resolved now, so you can follow the steps in the other answer to get it.