Mozilla will be shutting down Persona in November 2016. It’s a shame as it was a nice simple way to add authorization to web projects. I used it on my Snippets Web App. The integration was very simple, low impact, and worked well.
So What’s to do Now?
The app that used Persona was for my personal consumption, and intentionally kept simple. I use it daily, and test a lot of new code practices and kits in it but It’s not something I want to put a lot of effort into. I need authorization, and want it basically secured, but I’m not going to spin up my own OAuth implementation or the like. Since I used my gmail account with Persona I decided to look into Googles authentication offerings.
Resistance is Futile
So once I decided to assimilate into the Borg Collective (aka Google), I started looking for examples. There is plenty out there on how to used Google to authenticate your app, but largely it has one of two issues, it’s geared towards Android, or out of date. I just needed to know:
- How to get my RESTful server to verify the Google response
- How to log the session out
As it turned out each of these steps was, increasingly in order, more difficult to figure out.
This was fairly straight forward. Following Google Sign-In for Websites documentation basically verbatim worked. The info on setting up your Client Id was out off date, the developer console layout has changed, but it wasn’t too hard to figure out how to follow the old instructions on the new UI.
Verifying The Token on the Server Side
This was incrementally harder. The backend auth documentation was basically functional but it doesn’t explain how to create the transport or JSON factory needed. Figuring out what jars I needed on the server side, and boiling it down to working code was a bit of a pain. In the end I needed the following two dependencies:
And with those in place and a bit of prep the code pretty much worked.
Logging the Session Out
This was by far the hardest to work out. Particularly because I offer a logout button on every page of the app, as opposed to a unified login/logout page. Google’s notes here just plain did not work. The auth2 instance was not defined for me. This Stack Overflow post tuned out to be the key to the solution!
In the End…
I got it all working. No where near as easily as Persona. If you want to see my implementation take a look at my index.html, index.js and GoogleIdTokenUtil.java in my snippets project.