![How to create domain for OAuth:
To create OAuth Domain :
grails s2-init-oauth [domain-class-package] [oauthid-class-name]
that creates:
● The domain class
● The controller class [package path]SpringSecurityOAuthController
● The view springSecurityOAuth/askToLinkOrCreateAccount.gsp
Finally, add
static hasMany = [oAuthIDs: OAuthID]
to you user domain class.](https://image.slidesharecdn.com/googleauthentication-180424113010/85/Google-authentication-12-320.jpg)
Google authentication
- 1. Google Authentication By Anubhav Goyal
- 2. Content ● About google authentication ● Two-Factor Authentication ● Plugin ● Time Based OTP ● How to Integrate ● Integrate with Spring Security ● Demo ● References
- 3. Google Authentication Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users of mobile applications by Google. The service implements algorithms specified in RFC 6238 and RFC 4226, respectively. Authenticator provides a six- to eight-digit one-time password which users must provide in addition to their username and password to log into Google services or other sites
- 4. Two Factor Authentication Two-factor authentication (2FA) -- also known as two-step verification or multifactor authentication -- is widely used to add a layer of security to your online accounts. The most common form of two-factor authentication when logging into an account is the process of entering your password and then receiving a code via text on your phone that you then need to enter. An extra layer of security that is known as "multi factor authentication"
- 5. The authentication factors of a multi-factor/two-factor authentication scheme may include: 1. some physical object in the possession of the user, such as a USB stick with a secret token, a bank card, a key, etc. 2. some secret known to the user, such as a password, PIN, TAN, etc. 3. some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc
- 6. Plugin: For Gradle : compile 'com.warrenstrange:googleauth:1.1.2' For Maven : <dependency> <groupId>com.warrenstrange</groupId> <artifactId>googleauth</artifactId> <version>1.1.2</version> </dependency> The required libraries will be automatically pulled into your project: ● Apache Commons Codec. ● Apache HTTP client.
- 7. Time Based OTP A time-based one-time password (TOTP) is a temporary passcode, generated by an algorithm, for use in authenticating access to computer systems. The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique. Time-based one-time passwords are commonly used for two-factor authentication and have seen growing adoption by cloud application providers.
- 8. Integration with Google Auth The following code creates a new set of credentials for a user. No user name is provided to the API and it is a responsibility of the caller to save it for later use during the authorisation phase. GoogleAuthenticator gAuth = new GoogleAuthenticator(); final GoogleAuthenticatorKey key = gAuth.createCredentials(); The user should be given the value of the shared secret, returned by key.getKey(), this will return secret key ,which can be used next time for TOTP varification.
- 9. The following code checks the validity of the specified password against the provided Base32- encoded secretKey: GoogleAuthenticator gAuth = new GoogleAuthenticator(); boolean isCodeValid = gAuth.authorize(secretKey, totp);
- 10. Integrate With Spring Security Plugin: compile ':spring-security-oauth-google:0.3.1' grails install-plugin spring-security-oauth
- 11. Configure with spring security oauth { debug = true providers { google { api = org.scribe.builder.api.GoogleApi key = 'oauth_google_key' secret = 'oauth_google_secret' successUri = '/oauth/google/success' failureUri = '/oauth/google/error' callback = "${baseURL}/oauth/google/callback" scope = 'https://www.googleapis.com/auth/userinfo.email' } } }
- 12. How to create domain for OAuth: To create OAuth Domain : grails s2-init-oauth [domain-class-package] [oauthid-class-name] that creates: ● The domain class ● The controller class [package path]SpringSecurityOAuthController ● The view springSecurityOAuth/askToLinkOrCreateAccount.gsp Finally, add static hasMany = [oAuthIDs: OAuthID] to you user domain class.
- 13. Demo You can find demo on : https://github.com/NexThoughts/Google-Authenticator
- 14. References ● https://github.com/wstrange/GoogleAuth ● https://github.com/j256/two-factor-auth ● https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_algorithm ● https://searchsecurity.techtarget.com/definition/Google-Authenticator ● https://en.wikipedia.org/wiki/Google_Authenticator ● https://stackoverflow.com/questions/27964389/grails-using-google- authentication-with-the-spring-security-plugin?rq=1 ● http://www.baeldung.com/spring-security-two-factor-authentication-with-soft- token ● https://github.com/cazacugmihai/grails-spring-security-oauth
- 15. THANK YOU