适用于YouTube的使用openid4java的OpenID+OAuth

Question

我的应用程序允许用户从谷歌或雅虎使用OpenID登录。还有一个允许用户上传到YouTube的功能。一些用户通过YouTube上下文到达，目的是创建一些东西并上传到YouTube。这些用户需要授权我的应用程序通过OpenID访问他们谷歌帐户上的地址，并通过OAuth访问他们的YouTube帐户。我希望这是一个单一的授权点击用户实现。

我在这里看到过这样的事情：http://www.youtube.com/create/Xtranormal。从这个应用程序发送到谷歌OpenID端点的请求是：

https://accounts.google.com/o/openid2/auth?
openid.ns=http://specs.openid.net/auth/2.0&
openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&
openid.identity=http://specs.openid.net/auth/2.0/identifier_select&
openid.return_to=http://www.xtranormal.com/social/openid/complete/?next%3Dhttp%253A%252F%252Fyoutube.xtranormal.com%252Fytmm%252Fauth_popup_done%252F%26janrain_nonce%3D2011-08-29T16%253A35%253A53ZW0VqRw&
openid.assoc_handle=AOQobUcMlV0Hmk431QROK27UegIYqYffiPeCuZ8gsB2x5ULYP0FXuoDZ&
openid.ax.mode=fetch_request&
openid.ax.required=ext0,ext1,ext2&
openid.ax.type.ext0=http://axschema.org/namePerson/first&
openid.ax.type.ext1=http://axschema.org/namePerson/last&
openid.ax.type.ext2=http://axschema.org/contact/email&
openid.mode=checkid_setup&
openid.ns.ax=http://openid.net/srv/ax/1.0&
openid.ns.oauth=http://specs.openid.net/extensions/oauth/1.0&
openid.ns.sreg=http://openid.net/extensions/sreg/1.1&
openid.oauth.consumer=www.xtranormal.com&
openid.oauth.scope=http://gdata.youtube.com/&
openid.realm=http://www.xtranormal.com/&
openid.sreg.optional=postcode,country,nickname,email,fullname 

该应用程序上的所有其他OpenID支持(运行良好)都是用OpenID4Java编写的。我曾尝试通过在This answer中实现提示来创建类似的请求，然而，我无论如何也不能让谷歌弹出窗口要求我提供YouTube，它只要求提供电子邮件地址。

我通过添加此消息扩展名来添加答案中的参数：

public class OAuthHybridRequest implements MessageExtension{
    public static String SCOPE_YOUTUBE = "http://gdata.youtube.com/";
    ParameterList parameters;
    public OAuthHybridRequest(String scope){
        parameters = new ParameterList();
        parameters.set(new Parameter("consumer", DeploymentProperties.getDeploymentProperty("OAUTH_CONSUMER_KEY")));
        parameters.set(new Parameter("scope", scope));
    }   
    public ParameterList getParameters() {
        return parameters;
    }
    public String getTypeUri() {
        return "http://specs.openid.net/extensions/oauth/1.0";
    }
    ...
}

这使得我的请求看起来像这样：

https://accounts.google.com/o/openid2/auth?
openid.ns=http://specs.openid.net/auth/2.0&
openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&
openid.identity=http://specs.openid.net/auth/2.0/identifier_select&
openid.return_to=http://martin.test.example.no/socialdelegation/hybrid/youtube/sso/auth?is_callback%3Dtrue%26requestedURL%3D%252Fmovieeditor%252Fscripts%252Fpopupcloser.jsp&
openid.realm=http://martin.test.example.no&
openid.assoc_handle=AOQobUcMkuyp1pVZjpF-b8dVqTfB6Y6IyOZxihsk-XD1DOq0xv06lrlPgaJEF-ITUCdJiXPi&
openid.mode=checkid_setup&
openid.ns.ext1=http://specs.openid.net/extensions/oauth/1.0&
openid.ext1.consumer=test.example.no&
openid.ext1.scope=http://gdata.youtube.com&
openid.ns.sreg=http://openid.net/sreg/1.0&
openid.sreg.required=fullname,nickname,email&
openid.ns.ext3=http://openid.net/srv/ax/1.0&
openid.ext3.mode=fetch_request&
openid.ext3.type.email=http://axschema.org/contact/email&
openid.ext3.type.firstName=http://axschema.org/namePerson/first&
openid.ext3.type.lastName=http://axschema.org/namePerson/last&
openid.ext3.type.userName=http://axschema.org/namePerson/friendly&
openid.ext3.type.gender=http://axschema.org/person/gender&
openid.ext3.type.fullName=http://axschema.org/namePerson&
openid.ext3.required=email,firstName,lastName,userName,gender,fullName

这里我漏掉了什么？

Answer 1

下载oauth ext for openid4java压缩文件from here (comment 8)并向项目中添加类。然后：

// enable oauth ext for openid4java (do once)
Message.addExtensionFactory(OAuthMessage.class);

// add oauth extension to open-id request
AuthRequest authReq = ...;
OAuthRequest oauthRequest = OAuthRequest.createOAuthRequest();
oauthRequest.setScopes("oauth scope");
oauthRequest.setConsumer("oauth consumer key");
authReq.addExtension(oauthRequest);

// extract oauth request token from open-id response
AuthSuccess authSuccess = ...;
if (authSuccess.hasExtension(OAuthMessage.OPENID_NS_OAUTH)) {
    OAuthResponse oauthRes = (OAuthResponse) authSuccess
        .getExtension(OAuthMessage.OPENID_NS_OAUTH);
    // use this request token (without secret and verifier) and your oauth lib
    // to get oauth access token
    String oauthRequestToken = oauthRes.getRequestToken();
}