1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
5 <title>libgsignon-glib Reference Manual: gSSO usage examples</title>
6 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
7 <link rel="home" href="index.html" title="libgsignon-glib Reference Manual">
8 <link rel="up" href="libgsignon-glib-overview.html" title="Part I. gSSO Overview">
9 <link rel="prev" href="gsso-intro.html" title="gSSO introduction">
10 <link rel="next" href="libgsignon-glib-objects.html" title="Part II. libgsignon-glib Objects">
11 <meta name="generator" content="GTK-Doc V1.20 (XML mode)">
12 <link rel="stylesheet" href="style.css" type="text/css">
14 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
15 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="10"><tr valign="middle">
16 <td width="100%" align="left" class="shortcuts"></td>
17 <td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
18 <td><a accesskey="u" href="libgsignon-glib-overview.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
19 <td><a accesskey="p" href="gsso-intro.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
20 <td><a accesskey="n" href="libgsignon-glib-objects.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
22 <div class="refentry">
23 <a name="gsso-examples"></a><div class="titlepage"></div>
24 <div class="refsect1">
25 <a name="intro"></a><h2>Introduction</h2>
27 libgsignond-glib comes with an example application <span class="application">gsso-example</span>
28 that demonstrates the most common use cases: listing available authentication methods and
29 their mechanisms, creating and removing identities and performing authentication
33 Before running the example application, make sure that gSSO daemon and
34 gSSO UI (that is appropriate for your system) are installed and configured
38 The source code for the example application is available at
39 <a class="ulink" href="http://code.google.com/p/accounts-sso/source/browse/examples/gsso-example.c?repo=libgsignon-glib&name=master" target="_top">
40 http://code.google.com/p/accounts-sso/source/browse/examples/gsso-example.c?repo=libgsignon-glib&name=master</a>
43 The full list of available <span class="application">gsso-example</span> options can be
44 obtained with <strong class="userinput"><code>gsso-example --help-all</code></strong>
47 <div class="refsect1">
48 <a name="id-1.2.3.3"></a><h2>Authentication methods and mechanisms</h2>
50 The list of available authentication methods can be obtained with
51 <strong class="userinput"><code>--query-methods</code></strong>:
53 <div class="literallayout"><p><code class="computeroutput"><br>
54 <strong class="userinput"><code>> gsso-example --query-methods</code></strong>:<br>
55 Available authentication methods:<br>
63 For each of the available authentication methods it's possible to query
64 available authentication mechanisms with
65 <strong class="userinput"><code>gsso-example --query-mechanisms=method</code></strong>:
67 <div class="literallayout"><p><code class="computeroutput"><br>
68 <strong class="userinput"><code>> gsso-example --query-mechanisms=oauth</code></strong><br>
69 Available authentication mechanisms for method oauth:<br>
76 <div class="refsect1">
77 <a name="id-1.2.3.4"></a><h2>Identity management</h2>
79 The list of stored identities that the gsso-example application is allowed
80 to use can be obtained with <strong class="userinput"><code>gsso-example --query-identities</code></strong>:
82 <div class="literallayout"><p><code class="computeroutput"><br>
83 <strong class="userinput"><code>> gsso-example --query-identities</code></strong><br>
84 Available identities:<br>
85 id=27 caption='My test identity' ACL: (*:*)<br>
86 id=28 caption='Another test identity' ACL: (/usr/bin/gsso-example:)<br>
91 To create an identity, use <strong class="userinput"><code>--create-identity</code></strong> option
92 with identity caption (user-readable name) and <strong class="userinput"><code>--identity-method</code></strong>
93 with the authentication method that the identity will be using.
95 <div class="literallayout"><p><code class="computeroutput"><br>
96 <strong class="userinput"><code>> gsso-example --create-identity="My test identity" --identity-method=password</code></strong><br>
97 Identity stored with id 28 <br>
102 Depending on the identity method, you may also need to add a list of comma-separated
103 realms that are allowed to be used with an identity. For example, the oauth method
104 requires a list of domains that the OAuth authentication plugin is allowed to contact:
106 <div class="literallayout"><p><code class="computeroutput"><br>
107 <strong class="userinput"><code>> gsso-example --create-identity="Test Google identity" --identity-method=oauth --identity-realms=google.com</code></strong><br>
108 Identity stored with id 29 <br>
113 To remove an identity, use <strong class="userinput"><code>--remove-identity</code></strong> option
116 <div class="literallayout"><p><code class="computeroutput"><br>
117 <strong class="userinput"><code>> gsso-example --remove-identity=28</code></strong><br>
123 To add security context to identity's Access Control List, use <strong class="userinput"><code>--add-context</code></strong> option
126 <div class="literallayout"><p><code class="computeroutput"><br>
127 <strong class="userinput"><code>> gsso-example --add-context=28 --system-context=* --application-context=*</code></strong><br>
128 Identity stored with id 28<br>
133 To remove security context from identity's Access Control List, use <strong class="userinput"><code>--remove-context=</code></strong> option
136 <div class="literallayout"><p><code class="computeroutput"><br>
137 <strong class="userinput"><code>> gsso-example --remove-context=28 --system-context=* --application-context=*</code></strong><br>
138 Identity stored with id 28<br>
143 <div class="refsect1">
144 <a name="id-1.2.3.5"></a><h2>Using 'password' authentication method</h2>
146 'password' authentication simply returns to the application the username
147 and the password associated with an identity. If they haven't been stored
148 in gSSO secret database, they're asked from the user through gSSO UI.
151 To use the method, first create an identity with authentication method
152 set to 'password' (as shown above), note its identitiy id and then run:
154 <div class="literallayout"><p><code class="computeroutput"><br>
155 <strong class="userinput"><code>> gsso-example --get-password=27</code></strong><br>
157 Got response: {'UserName': <'megauser'>, 'Secret': <'megapassword'>}<br>
162 <div class="refsect1">
163 <a name="id-1.2.3.6"></a><h2>Using 'oauth' authentication method</h2>
165 'oauth' authentication method is used to obtain an OAuth1 or OAuth2
166 authentication token from a remote service over HTTP. An application
167 needs to supply a few service-specific parameters when initiating the
168 authentication. gSSO example application supports obtaining an oauth
169 token from Google service (google-specific parameters are hardcoded
170 into the app source code).
173 Obtaining an OAuth token may also include authorization of the application
174 by the user, which is done through user interaction with the service webpages
175 that are shown by gSSO UI. From the application point of view this authorization
176 happens completely transparently behind the scenes.
179 Before trying the example, if you're behind a proxy, and are using
180 the Gtk-based gSSO UI, make sure that your GNOME proxy settings are
181 correctly configured, either via GNOME UI, or via command line:
183 <div class="literallayout"><p><code class="computeroutput"><br>
184 <strong class="userinput"><code>> gsettings list-recursively org.gnome.system.proxy</code></strong><br>
187 To set the proxy, use:
189 <div class="literallayout"><p><code class="computeroutput"><br>
190 <strong class="userinput"><code>> gsettings set org.gnome.system.proxy mode 'manual'<br>
191 > gsettings set org.gnome.system.proxy.http port 8080<br>
192 > gsettings set org.gnome.system.proxy.http host 'myproxy.domain.lan'</code></strong><br>
195 To disable the proxy, use
197 <div class="literallayout"><p><code class="computeroutput"><br>
198 <strong class="userinput"><code>> gsettings set org.gnome.system.proxy mode 'none'</code></strong><br>
201 See all available configurations keys here:
202 <a class="ulink" href="http://developer.gnome.org/ProxyConfiguration/" target="_top">
203 http://developer.gnome.org/ProxyConfiguration/</a>
206 You would also need a client identifier and key from Google. Instructions
207 about how to get them are available at
208 <a class="ulink" href="https://developers.google.com/console/help/#generatingoauth2" target="_top">https://developers.google.com/console/help/#generatingoauth2</a>
211 Once the above are settled, create an identity with 'oauth' method
212 (as shown above) and issue:
214 <div class="literallayout"><p><code class="computeroutput"><br>
215 <strong class="userinput"><code>> gsso-example --get-google-token=12 --client-id=xxxxxxx.apps.googleusercontent.com --client-secret=yyyyyyyyyyyyy</code></strong><br>
217 Got response: {'Scope': <'email'>, 'AccessToken': <'tokenvalue'>, <br>
218 'TokenParameters': <@a{sv} {}>, 'TokenType': <'Bearer'>, <br>
219 'RefreshToken': <'refreshtokenvalue'>, 'Duration': <int64 3600>, <br>
220 'Timestamp': <int64 1377707888>} <br>
228 Generated by GTK-Doc V1.20</div>