feat: Add Java User Authorization App sample (#349)

Author: gtondello

java/user-auth-app/.gcloudignore

@@ -0,0 +1,17 @@
+# This file specifies files that are *not* uploaded to Google Cloud
+# using gcloud. It follows the same syntax as .gitignore, with the addition of
+# "#!include" directives (which insert the entries of the given .gitignore-style
+# file at that point).
+#
+# For more information, run:
+#   $ gcloud topic gcloudignore
+#
+.gcloudignore
+README.md
+# If you would like to upload your .git directory, .gitignore file or files
+# from your .gitignore file, remove the corresponding line
+# below:
+.git
+.gitignore
+# Target directory for maven builds
+target/

java/user-auth-app/.gitignore

@@ -0,0 +1,2 @@
+**/client_secrets.json
+target/

java/user-auth-app/README.md

@@ -0,0 +1,141 @@
+# Google Chat User Authorization App
+
+This sample demonstrates how to create a Google Chat app that requests
+authorization from the user to make calls to Chat API on their behalf. The first
+time the user interacts with the app, it requests offline OAuth tokens for the
+user and saves them to a Firestore database. If the user interacts with the app
+again, the saved tokens are used so the app can call Chat API on behalf of the
+user without asking for authorization again. Once saved, the OAuth tokens could
+even be used to call Chat API without the user being present.
+
+This app is built using Java 17 and
+[Spring Boot](https://spring.io/projects/spring-boot) on Google App Engine
+(Standard Environment) and leverages Google's OAuth2 for authorization and
+Firestore for data storage.
+
+**Key Features:**
+
+* **User Authorization:** Securely requests user consent to call Chat API with
+  their credentials.
+* **Chat API Integration:** Calls Chat API to post messages on behalf of the
+  user.
+* **Google Chat Integration:**  Responds to DMs or @mentions in Google Chat. If
+  necessary, request configuration to start an OAuth authorization flow.
+* **App Engine Deployment:**  Provides step-by-step instructions for deploying
+  to App Engine.
+* **Cloud Firestore:** Stores user tokens in a Firestore database.
+
+## Prerequisites
+
+* **JDK 17:**  [Download](https://openjdk.org/projects/jdk/17/)
+* **Google Cloud SDK:**  [Install](https://cloud.google.com/sdk/docs/install)
+* **Google Cloud Project:**  [Create](https://console.cloud.google.com/projectcreate)
+
+##  Deployment Steps
+
+1. **Set up your development environment:**
+
+   * Follow the steps in
+     [Setting Up Your Development Environment](https://cloud.google.com/appengine/docs/standard/setting-up-environment?tab=java)
+     to install Java and the Google Cloud SDK.
+
+   * Follow the steps in
+     [Using Maven and the App Engine Plugin](https://cloud.google.com/appengine/docs/standard/java-gen2/using-maven)
+     to install Maven.
+
+1. **Enable APIs:**
+
+   * Enable the Cloud Firestore and Google Chat APIs using the
+     [console](https://console.cloud.google.com/apis/enableflow?apiid=firestore.googleapis.com,chat.googleapis.com)
+     or gcloud:
+
+     ```bash
+     gcloud services enable firestore.googleapis.com chat.googleapis.com
+     ```
+
+1. **Initiate Deployment to App Engine:**
+
+   * Go to [App Engine](https://console.cloud.google.com/appengine) and
+     initialize an application.
+
+   * Deploy the User Authorization app to App Engine:
+
+     ```bash
+     mvn clean package appengine:deploy -Dapp.deploy.projectId=YOUR_PROJECT_ID
+     ```
+
+     Replace `YOUR_PROJECT_ID` with your Google Cloud Project ID.
+
+1. **Create and Use OAuth Client ID:**
+
+   * Get the app hostname:
+
+     ```bash
+     gcloud app describe | grep defaultHostname
+     ```
+
+   * In your Google Cloud project, go to
+     [APIs & Services > Credentials](https://console.cloud.google.com/apis/credentials).
+   * Click `Create Credentials > OAuth client ID`.
+   * Select `Web application` as the application type.
+   * Add `<hostname from the previous step>/oauth2` to `Authorized redirect URIs`.
+   * Download the JSON file, rename it to `client_secrets.json`, and copy it to
+     the `src/main/resources/` subdirectory in your project directory.
+   * Redeploy the app with the file `client_secrets.json`:
+
+     ```bash
+     mvn clean package appengine:deploy -Dapp.deploy.projectId=YOUR_PROJECT_ID
+     ```
+
+     Replace `YOUR_PROJECT_ID` with your Google Cloud Project ID.
+
+1. **Create a Firestore Database:**
+
+   *  Create a Firestore database in native mode named `auth-data` using the
+      [console](https://console.cloud.google.com/firestore) or gcloud:
+
+      ```bash
+      gcloud firestore databases create \
+      --database=auth-data \
+      --location=REGION \
+      --type=firestore-native
+      ```
+
+      Replace `REGION` with a
+      [Firestore location](https://cloud.google.com/firestore/docs/locations#types)
+      such as `nam5` or `eur3`.
+
+## Create the Google Chat app
+
+* Go to
+  [Google Chat API](https://console.cloud.google.com/apis/api/chat.googleapis.com/hangouts-chat)
+  and click `Configuration`.
+* In **App name**, enter `User Auth App`.
+* In **Avatar URL**, enter `https://developers.google.com/chat/images/quickstart-app-avatar.png`.
+* In **Description**, enter `Quickstart app`.
+* Under Functionality, select **Receive 1:1 messages** and
+  **Join spaces and group conversations**.
+* Under **Connection settings**, select **HTTP endpoint URL** and enter your App
+  Engine app's URL (obtained in the previous deployment steps) without the
+  trailing `/`.
+* In **Authentication Audience**, select **HTTP endpoint URL**.
+* Under **Visibility**, select **Make this Google Chat app available to specific
+  people and groups in your domain** and enter your email address.
+* Click **Save**.
+
+The Chat app is ready to receive and respond to messages on Chat.
+
+## Interact with the App
+
+* Add the app to a Google Chat space.
+* @mention the app.
+* Follow the authorization link to grant the app access to your account.
+* Once authorization is complete, the app will post a message to the space using
+  your credentials.
+* If you @mention the app again, it will post a new message to the space with
+  your credentials using the saved tokens, without asking for authorization again.
+
+## Related Topics
+
+* [Authenticate and authorize as a Google Chat user](https://developers.google.com/workspace/chat/authenticate-authorize-chat-user)
+* [Receive and respond to user interactions](https://developers.google.com/workspace/chat/receive-respond-interactions)

java/user-auth-app/pom.xml

@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Copyright 2025 Google LLC
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <name>user-auth-app</name>
+
+  <groupId>com.google.chat</groupId>
+  <artifactId>user-auth-app</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <properties>
+    <maven.compiler.target>17</maven.compiler.target>
+    <maven.compiler.source>17</maven.compiler.source>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+      <version>3.2.3</version>
+      <exclusions>
+        <!-- Exclude the Tomcat dependency -->
+        <exclusion>
+          <groupId>org.springframework.boot</groupId>
+          <artifactId>spring-boot-starter-tomcat</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-jetty</artifactId>
+      <version>3.2.3</version>
+    </dependency>
+    <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-databind</artifactId>
+      <version>2.17.2</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>33.4.0-jre</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java</artifactId>
+      <version>4.29.2</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-firestore</artifactId>
+      <version>3.30.2</version>
+    </dependency>
+
+    <!-- Google OAuth2 Client Library -->
+    <dependency>
+      <groupId>com.google.auth</groupId>
+      <artifactId>google-auth-library-credentials</artifactId>
+      <version>1.30.1</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.auth</groupId>
+      <artifactId>google-auth-library-oauth2-http</artifactId>
+      <version>1.30.1</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.oauth-client</groupId>
+      <artifactId>google-oauth-client-jetty</artifactId>
+      <version>1.37.0</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api-client</groupId>
+      <artifactId>google-api-client</artifactId>
+      <version>2.7.1</version>
+    </dependency>
+
+    <!-- Google Cloud Chat library -->
+    <!-- Used for instantiating Google Chat API protos -->
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-cloud-chat-v1</artifactId>
+      <version>0.19.0</version>
+    </dependency>
+    <!-- Used for creating Chat Service Client for making Google Chat API calls -->
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-chat</artifactId>
+      <version>0.19.0</version>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api</groupId>
+      <artifactId>gax-bom</artifactId>
+      <version>2.59.0</version>
+      <type>pom</type>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <version>3.2.3</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>repackage</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+
+      <plugin>
+        <groupId>com.google.cloud.tools</groupId>
+        <artifactId>appengine-maven-plugin</artifactId>
+        <version>2.7.0</version>
+        <configuration>
+          <version>GCLOUD_CONFIG</version>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+</project>

java/user-auth-app/src/main/appengine/app.yaml

@@ -0,0 +1,20 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+runtime: java17
+instance_class: F1
+
+# Explicitly set the memory limit and maximum heap size for the Spring Boot app
+env_variables:
+  JAVA_TOOL_OPTIONS: "-XX:MaxRAM=256m -XX:ActiveProcessorCount=2 -Xmx32m"