private void handleLogin(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    HttpSession session = req.getSession();
    String sendMeTo = req.getParameter("sendMeTo");
    if (sendMeTo != null) {
      session.setAttribute("sendMeTo", sendMeTo);
    }
    String redir = Configuration.mooseheadLocation() + "/oauth2callback";
    session.setAttribute("redir", redir);
    String sessionid = session.getId();
    // redirect to google for authorization
    StringBuilder oauthUrl =
        new StringBuilder()
            .append("https://accounts.google.com/o/oauth2/auth")
            .append("?client_id=")
            .append(
                Configuration.googleClientId()) // the client id from the api console registration
            .append("&response_type=code")
            .append("&scope=openid%20email") // scope is the api permissions we are requesting
            .append("&redirect_uri=")
            .append(redir) // the servlet that google redirects to after authorization
            .append("&state=" + sessionid)
            .append("&access_type=online")
            .append(
                "&approval_prompt=auto") // here we are asking to access to user's data while they
                                         // are not signed in
        ;

    resp.sendRedirect(oauthUrl.toString());
  }
  private void handleAuthorization(HttpServletRequest req, HttpServletResponse resp)
      throws IOException {
    PrintWriter writer = resp.getWriter();
    if (req.getParameter("error") != null) {
      writer.append(req.getParameter("error"));
      return;
    }

    String code = req.getParameter("code");

    String redir = (String) req.getSession().getAttribute("redir");
    req.getSession().setAttribute("redir", null);

    if (code == null || redir == null) {
      resp.sendRedirect("/");
      return;
    }

    StringBuilder postParameters = new StringBuilder();
    postParameters.append(para("code", code)).append("&");
    postParameters.append(para("client_id", Configuration.googleClientId())).append("&");
    postParameters.append(para("client_secret", Configuration.googleClientSecret())).append("&");
    postParameters.append(para("redirect_uri", redir)).append("&");
    postParameters.append(para("grant_type", "authorization_code"));
    URL url = new URL("https://accounts.google.com/o/oauth2/token");
    URLConnection urlConnection = url.openConnection();

    ((HttpURLConnection) urlConnection).setRequestMethod("POST");
    urlConnection.setDoInput(true);
    urlConnection.setDoOutput(true);
    urlConnection.setUseCaches(false);
    urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    urlConnection.setRequestProperty("Content-Length", "" + postParameters.toString().length());

    // Create I/O streams
    DataOutputStream outStream = new DataOutputStream(urlConnection.getOutputStream());
    // Send request
    outStream.writeBytes(postParameters.toString());
    outStream.flush();
    outStream.close();

    String googleJson = toString(urlConnection.getInputStream());

    JsonObject jsonObject = (JsonObject) JsonParser.parse(googleJson);
    String accessToken = jsonObject.requiredString("access_token");

    // get some info about the user with the access token
    String getStr =
        "https://www.googleapis.com/oauth2/v1/userinfo?" + para("access_token", accessToken);
    URLConnection inconn = new URL(getStr).openConnection();
    String gsstr;
    try (InputStream is = inconn.getInputStream()) {
      gsstr = toString(is);
    }

    updateUserLogin(req, gsstr);
    redirToLandingPage(req, resp);
  }