I have an application that authenticates users via Google Oauth. When I click Signup button, a signup screen would pop up as shown in the figure below.
The problem is that I want users to signup emails with domain name of my organization. Specifically, the username suffix should be #my_organization.com instead of #gmail.com as displayed in the figure. I have tried to modify the Oauth Consent Screen but there seems to be no option to configure this.
as you mentioned the "Sign in with Google" is for login purposes through OAuth protocol when the accounts already exists in an organization, I am afraid this is not intended to delegate user creation since this is a task only domain administrators are allowed within an organization.
The most you can achieve from OAuth is to force the sign in with an specific domain; you can do this by modifying the "hd" parameter in the authentication request you are sending using the Google's OAuth 2.0 API. Here you can check on this topic: click here
As mentioned above, if you are looking to create user accounts with a specific domain you need to be an administrator in a Google Workspace account.
I hope this information helps!
You can only use oAuth with registered Google accounts.
With Google Workspace you can use a domain in your Gmail, see.
But if that's not possible and you want a quick way to authenticate, maybe Auth0 or similar tools can help.
Related
I am confused with how social oauth works? Lets say i have implemented social oauth login in my project.
user A signed up in my website with Google Oauth. I somehow put that SIGN UP WITH GOOGLE button in my sign up page and then user will click it and will be directed to a link where google will ask to authorize my app or not. If the user A allows, then at first time what information does the google server send to my server. It will send something so that i could save it in my server to know that a user A has been signed up and could give the userA a id to link it to other tables of my database which is in my server (nothing to do with google server). So real question is what will google(or any other service provider like facebook, twitter etc) send me when a new user signed up and when a existing user signed in again. what will happen if a user (already signed up) try to sign up again? or didn't authorize the website again when logging in?
If you want more detailed question, please comment and I will elaborate.
Ok first off lets use a different term than social login. Lets call it third party login and heres why.
Your application has its own login system users can create their accounts on your system by say adding an email address and creating a login name and a password. Now you want to add third party login that being, Facebook, google and twitter login. These are actually third party logins.
What you will actually be doing is linking the users third party social media accounts with your login system. The term often used for this is called account linking.
Lets say user A has created an account in your system already now A has a Facebook account so they would like to link their Facebook account with your login system. So you create a Facebook login button Facebook will return to you an id this often being the id of the user on facebooks system. So when the user logs in using Facebook you get the Facebook id back that you can store on the users account in your system.
Things get a little more confusing if user B wants to login to your system using Google and B does not already have an account in your system
when they login then you will probably get the users id and i think you get their email address back as well so you can use the email address from google so you can create them a actual account on your system and directly link the google login to it automatically.
Its been a while since i have done it but i believe that you get the user id and the email returned to you from third party providers you may want to check thought if memory serves they are not all the same and you may have to make a request to get the email address after you get the id back.
Social login is still not normalized. You have to work them out one by one unless you leverage something that do it for you like the trusstee.io solution.
It appears to be simple to use and is described here https://medium.com/me/stats/post/ef5d5a5a3943.
We build a product that integrates with DocuSign's API. When the customer connects our product to DocuSign, we surface an OAuth2 login flow to authenticate the integration.
This has been working for most customers, but we've found that when a customer has multiple docusign accounts to choose from, the OAuth2 flow gets stuck and never redirects back to our service.
Flow:
User signs in to DocuSign using their email address
They click "allow" on the permission prompt
Docusign prompts them with the screenshot below (I excluded the email addresses to pick from below the explanation for privacy reasons):
When they select one of the email addresses, the page does not do anything. Are we doing something wrong on our end? Or is this a bug in DocuSign's authentication flow?
That's not the expected behavior. I've reached out to you via LinkedIn with my contact information and would love to take a look at what's going on from the back end.
I'm building an app that shows users people they might be interested in talking to. If a user says he's interested in a person I show them, I want my app to create this person as a contact in my user's SalesforceIQ.
How do I do this? I see from the API documentation https://api.salesforceiq.com/#/ruby#documentation_contacts_create-a-contact that I can create a contact if I know my user's username and password, but of course I don't want my users to give me this information. Is there some way for the user to OAuth or whatnot by clicking a button that authorizes me to add things to their SalesforceIQ?
The SalesforceIQ API uses HTTP Basic authentication and does not currently support OAuth according to their documentation.
For a SalesforceIQ user to grant API access to your app to create contacts and for other privileges, the SalesforceIQ admin creates an API Key and API Secret for your app which is then used for the HTTP Basic authentication username and password. This way no user needs to provide your app with their credentials. This is configured in the SalesforceIQ admin UI under Settings > Integrations > Create New Custom Integration.
For the admin to provide these credentials to your app, you can have a UI where the SalesforceIQ admin enters this for your app to store and use with the API for their account.
This is described in the following places, briefly in the API Reference and in detail in a Help Desk article with screenshots of what the SalesforceIQ admin needs to do:
API Reference: Requesting Access
API Reference: Security and Authentication
Help Article: Set up API access
I have a Google Marketplace app that is currently using OpenID for federated login.
When an admin installs the application to the domain users are able to login via a site.com/login/domain.com link.
Currently when a user uses this link they are being asked to consent once again for "Know who you are on Google" scope. I understand that this is something to do with my OpenID realm not matching. The problem is I cannot find where to edit that realm in the new console. My research shows that OpenID has been abandoned for OAuth2 authentication. Please correct me if I am wrong.
Is there a good example anywhere that shows how to authenticate a user that an admin has already granted scopes for on the domain so that they do not get asked to consent again? I've looked up and seen documentation to make a call to https://accounts.google.com/o/oauth2/auth but I'm unaware of how to actually skip the user consent since the admin already authorized the scopes domain-wide.
Using C# but I'm open to any example as I'm sure I can figure out how to get it back into C#.
If you read this post on the google groups, then it seems it is intentionally :
This is an intentional change to more precisely communicate to users
the set of permissions that is being granted. Through knowledge of the
user's email address it is possible, via indirect means, to locate the
user's profile address. In the interest of more accurate disclosure,
thus, we are prompting users to approve such disclosure.
The new tokens issued include permissions to obtain public profile
information, in accordance with the modified text. You can use
https://developers.google.com/accounts/docs/OAuth2Login#userinfocall
to obtain the subset of user's profile information that is publicly
linked from the user's profile. The user's profile Id, which is always
public in that endpoint, is also a more reliable identifier for the
user (as email addresses can be changed on accounts). We recommend
that you store the user's profile id to ensure that email changes
don't cause account confusion.
anyone knows if it is possible to do registration via twitter just like facebook register (http://developers.facebook.com/docs/plugins/registration/)?
it is not login via twitter. i need to store some basic information from the twitter user, eg, name and email, and then request user to choose their own username and password for my site.
Thanks!
Twitter doesn't have this functionality at all , they have #anywhere for integration for some Twitter features on your website. That's the closest there is to this. What you can do is register an account with the information you gather from an authenticating user, but the development of this would be up to you. There are no boxed up solutions right now from Twitter. There may be something third party but I'm not aware of any.
It's also "against the rules"
You may not use Twitter Content or other data collected from end users
of your Client to create or maintain a separate status update or
social network database or service.
https://dev.twitter.com/terms/api-terms