Open Sesame is a proof-of-concept application demonstrating how to use Huygens Federated authentication and Google authentication in a Dropwizard app.
Clone from github
:
$ git clone git@github.com:HuygensING/open-sesame.git
Use the gradle wrapper ./gradlew
to build:
$ ./gradlew build
For the Google authentication part to work you will have to obtain a
Client ID
and Client Secrets
using the Google Dashboard [1]:
Visit Google API Console, then:
- Select the
Credentials
setting from the sidebar on the left. - Select
Create credentials
for anOAuth client ID
. - Select
Web application
as the Application type. - Leave Authorized JavaScript origins empty.
- Under Authorized redirect URIs, enter the proper URL where Google
will redirect the browser after authentication is complete, passing
auth token and state:
- For local testing, use
http://localhost:8080/api/google/oauth2
if your server will be running on the defaultlocalhost
, port8080
. - Multiple URLs are allowed in the dashboard and changes in the dashboard are effective immediately
- Ultimately (in production) this URL must match what you setup in nl.knaw.huc.di.sesame.resources.GoogleLogin (q.v.)
- For local testing, use
- Select the
Copy
config-template.yaml
to, e.g.,config.yaml
, then editconfig.yaml
to setup:your Google
Client ID
andClient Secret
:google: clientId: your-client-id-here.apps.googleusercontent.com clientSecret: your-client-secret-here
your
Huygens Security Server
secret (supplied by Concern Infrastructure):federatedAuthentication: credentials: Huygens security-server-key-here url: security-server-url-here
Now, you should be good to go:
$ java -jar ./build/libs/open-sesame-full.jar server config.yaml
and visit http://localhost:8080/argos/index.html
Some stuff is currently still hardwired, which can easily be migrated to configuration time bindings:
- HOCR files' location is hardwired in
nl.knaw.huc.di.sesame.SesameApplication#registerResources
- uploaded files are dumped in
/tmp
as dictated bynl.knaw.huc.di.sesame.resources.argos.Argos#putText
If you wish to dive straight into using authorization, nl.knaw.huc.di.sesame.auth.DefaultAuthorizer and nl.knaw.huc.di.sesame.resources.argos.Argos form a good starting point.
[1] | For background and more info see: "Obtain OAuth 2.0 credentials from the Google API Console" in Using OAuth 2.0 to Access Google APIs |