I am using google JavaScript sign-in for web site in our web application. Everything is working the way it is supposed to be, however i would like to force the user to enter his password every time whenever he selects google sign-in method. At the moment, google password prompt is skipped, if same user is signed in chrome or in same browser.
Kindly confirm if it is do-able and how.
Related
I have an app that all works fine for authentication and it uses Oauth2 (Google).
Now, I am struggling with the logout URL for this app. It works, but I am under the impression that it is possible to logout of it and remain logged into my gmail account please? Currently, ALL accounts are logged out of so the two gmail accounts need to go through login each time the app is used and log out is pressed.
I have read that this is possible but this is the URL that I am using to Log out
https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://news.bbc.co.uk
I am sure it can be done because I did it in a former role but do not have the code!
I've implemented the Google SignIn code with authentication to access Google Drive and have a sign out button with the following recommended code from Google:
GIDSignIn.sharedInstance().signOut()
However, every time after the first time I run the app, the signIn process no longer asks me for my password.
If I sign in and then press the my sign out button, the next time I press the sign in button I am prompted for a google account and then prompted to allow access to Google drive.
If I sign in and then quit the app without pressing the sign out button, the next time I press the sign in button I receive no prompts and am logged in completely.
This behavior appears to be consistent with Google's statement regarding their quick start code (https://developers.google.com/drive/v3/web/quickstart/ios?ver=swift):
"Authorization information is stored in your Keychain, so subsequent executions will not prompt for authorization."
That is the GIDSignIn.sharedInstance().signOut() sign out command appears to work on Google's end (have to pick a Google account and allow Google drive access on the next login), but not on the iOS end as it appears that iOS has saved the password (presumably in the keychain) and always gives it to Google when I sign in after the first time.
I saw the post for Google Sign Out iOS where Birendra had recommended trying
[GTMOAuth2ViewControllerTouch removeAuthFromKeychainForName:kKeychainItemName];
to remove the password from the iOS Device's keychain.
I have not had any luck finding out how to use that suggestion. Can someone explain how to remove the password information that the user entered using Google SignIn? (Assuming this is what needs to be done to completely log out the user). I'm using Swift.
Normally having the keychain remember the password for Google wouldn't be a problem, but this is an app to collect research data. The subjects will be using their own iOS device (iPhone) and log into the lab's Google account, so we don't want that password to stay in their keychain.
Help is appreciated.
As of the time of this post, you can use the following:
Swift 5
GIDSignIn.sharedInstance()?.disconnect()
Disconnects the current user from the app and revokes previous
authentication. If the operation succeeds, the OAuth 2.0 token is also
removed from keychain.
Short description:
If a user has already granted my application OAuth access to their google profile, I want to spare them of having to press "sign in using google" button every time they land on my home page and log them in automatically.
If user has not granted access yet, I want to present them with sign in options page with "sign in using google" button.
Long description:
I am implementing Google OAuth flow as described on this link:
Using OAuth 2.0 for Web Server Applications
Just for the clarity, the flow in question is as follows:
present (client side) user with "sign in using google" button
after user presses the button, redirect them to google's OAuth 2.0 server, where they allow/deny my application to access their google profile
if user allows access, google redirects them back to my application
my application (server side) uses acquired grant to get access token
my application (server side) access user's profile using acquired access token
I want to achieve the following:
If user has already allowed my application access to their google profile before (either on current computer or some other), I want them to have an impression of being signed in to my application (using google) immediately after they navigate to my application's URL. Without having to click anything.
This is at first glance not a problem. To achieve this, I would automate steps 1 and 2 of the flow described above. User would be redirected to google oauth server automatically - without having to press "sign in using google" button - right after they navigates to application's URL. Google in turn immediately redirects user back to my application with a valid grant (again without requiring any input from the user). The rest remains the same. User would have an impression of being logged in immediately .
This approach has a problem though. If user goes to my page for the first time (not having granted my application access before), they would also be redirected to google OAuth page. But since they haven't granted access yet, and didn't press any sing in button, they would and end up staring at google oauth server page confused having no clue, what is going on.
Is there some API, by which I can detect that user has not yet granted access to my app (and I should present him with sing in button first)?
Please, if your solution would involve some API calls, point me to a HTTP/REST API, as I don't use (and do not want use) any higher level OAuth library.
Thanks.
Add "prompt=none" parameter to your initial OAuth redirect. This way google will not block if user has not logged in or has not granted your app the permissions.
See Chapter 3.1.2.1 of http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Short summary of other possible "prompt" values:
none - will not prompt anything, redirects back with error "login_required" or "interaction_required" if silent login is not possible.
login - force the login prompt, even when user is logged-in.
consent - force the consent prompt, even if user has provided consent in the past.
select_account - present account selection prompt.
I'm developing Salesforce iOS application.
From application frequently the user has to modify data which is available on Salesforce.com.
When user tap on edit I'm launching salesforce login screen and prompt to enter username and password all the time.
So I have decided to implement SSO using Salesforce Oauth. I have done everything I'm able to receive a access_token once user authenticate with Salesforce.com.
My question is lets say "If the user want to edit a lead with id as 0097hjy7" , URL to edit this lead will be "https://sales.mysalesforce.com/0097hjy7" when this URL launch on browser it prompt to enter username and password again.
How can I navigate the user to "https://sales.mysalesforce.com/0097hjy7" this URL without asking username and password all the time by using the access_token available with me.
Thanks in advance.
I resolved this issue by adding Salesforce iOS SDK to my project and using some classes like SFOauthCoordinator and SFOauthCredentials. At the end we need to prepare a frontDoorUrlWithReturnUrl which is available on "SFAuthenticationManager" class.
I got the SSKeyChain working and tested that what is retrieved is same as what was previously stored. I am conducting all of this in the login action when user presses the button. I want to know if what I am doing is correct or not (illustrated in steps below):
User launches application for first time, landing page has creating account or logging in.
User provides logging in credentials and presses the button
In the body of the action, I take the parameters query database (HTTP) and if response is valid, user proceeds. If not, user requested to re-enter credentials.
Once and if user login successfully, I will use SSKeyChain to store his credentials (but what use are these credentials for me in the future?)
What I am really asking is: what is the use of SSKeyChain in above scenario? Also if the user login successfully, where am I going to store his credentials (is it via SSKeyChain) so that next time he will skip the login screen (like facebook, twitter apps).