I want to implement login via OpenID-Connect in an iOS App. The AppAuth-SDK seems to be the standard way to do so. After downloading some examples I am a little bit confused. All AppAuth examples and tutorials are working with a WebView in which the user enters username and password. I want to make a native login screen where the user has to enter username and password. Is that even possible with AppAuth? I read something about "resource owner password grant" and "client secret". Is that what I need?
If somebody could push me in the right direction, I would be really thankful.
Think AppAuth-iOS to be a simple set of classes that helps you to build OAuth/OpenID Connect requests and receive responses. Their samples may contain ones which only use WebView with Authorization Code flow. But if you check docs, you can find their class APIs supporting for password grant.
You can build a OIDTokenRequest with related parameters. Here you can use build in grant type OIDGrantTypePassword from OIDGrantTypes. Simply feed in username password obtained from your login mechanism to OIDTokenRequest through additionalParameters. Create the request and obtain the response. I haven't tried this myself, but simply looking at the docs suggests this is the way to go.
Always think about supporting libraries as simple classes that were written to help you. That way things become simple to deal with.
Related
Since the "preview" of the GDK is out, I was wondering how we could transfer the credentials of OAuth (say from Twitter) from an AppEngine project (or anything else, open to suggestions) to the APK on Glass. I haven't seen anything on this, and since authentication on Glass would be very hard, how would we do this? I know that I could create a database, but I'm not sure how to make a lightweight version of that. Any other ideas besides a database would be welcome. Thank you for your help.
The easiest way is to have user login on a website, then save OAuth token into a QR code and let the user scan the QR code with Glass.
I have used it in my app Glasquare (Foursquare for Glass), it's all open-sourced:
https://github.com/destil/glasquare
EDIT: There is official way now: https://developers.google.com/glass/develop/gdk/authentication
Maybe you could login from the smartphone version of your app, and transfer those credentials to your glass generating a QR code and reading that QR first time you enter to your Glass app
The video that was published implied there was a authentication step during install but he also said that 'it was still beign worked out'
The bike app (Streva? May have the spelling wrong) does request some kind of authentication
I should add I'm pretty interested in how to deal with oauth in glass also
** UPDATE **
It truly seems that Google has just screwed every single person on the planet by absolutely requiring user interaction to upload a video. Of course I know, they are free. Exactly what I warned the client years ago about, so I don't need to be reminded. Thank You.
So I would like to try to take this in a different direction and just find a loophole and a workaround to still keep doing what we are doing in spite of Google's complete lack of support or caring in any way about the developers and what they have to deal with.
It would be different if you can actually call a phone number and talk to a human being about YouTube Partner access, but you can more quickly get access to the Illuminati.
OAuth 2.0 is now the only supported authentication method period. It does require user interaction.
But what about that token? Does anybody know how long the token lasts?
If I can obtain a token just once using user interaction and place it in the database, I can automate possibly hundreds or thousands of interactions afterwards.
In other words, I'm trying to turn the user interaction into a speed bump instead of a concrete wall.
If anybody has any examples of obtaining that token, caching it, and using it afterwards, that would be a godsend to me right now.
Thanks for the comments and the help. I'm not surprised that the YouTube Developers Forum just folded and said to come here instead :)
It seems that Google has completely pulled the plug on the existing dashboard.
https://code.google.com/apis/youtube/dashboard/gwt/index.html
That link is now 404'd. Tried from several different browsers on different systems.
Registered under the new Google APIs Console already, but still get the problem.
// Set the authentication URL for this connection object
$authenticationURL= 'https://www.google.com/youtube/accounts/ClientLogin';
// Try to connect to YouTube with the channel credentials passed
try {
$httpClient =
Zend_Gdata_ClientLogin::getHttpClient(
$username = $channelfields['EMAIL_ADDRESS'],
$password = $channelfields['PASSCODE'],
$service = 'youtube',
$client = null,
$source = 'Redacted Data',
$loginToken = $channelfields['CACHED_TOKEN'],
$loginCaptcha = '',
$authenticationURL);
} catch (Zend_Gdata_App_HttpException $httpException) {
$update_error['response_body'] = $httpException->getRawResponseBody();
$update_error['error'] = 1;
} catch (Zend_Gdata_App_Exception $e) {
$update_error['message'] = $e->getMessage();
$update_error['error'] = 1;
}
This code has worked perfectly fine before, but does not work with the older API key, or the newer one generated inside the Google APIs console.
I'm attempting a simple upload and this concerns me greatly:
"The service account flow supports server-to-server interactions that do not access user information. However, the YouTube Data API does not support this flow. Since there is no way to link a Service Account to a YouTube account, attempts to authorize requests with this flow will generate a NoLinkedYouTubeAccount error."
From all reports it seems that Google has forced YouTube uploads to become interactive in all cases precluding all possibility of platforms that automatically upload generated content from working at all.
Any help or insights into the process is appreciated.
P.S - Ohhh, it's been awhile since I looked at that system and Google shut down the YouTube Developer Forums and said "YOU" were responsible for their support now :)
OAuth2 does support the ability to avoid user interaction through the offline access type parameter (ie, using access_type=offline). Check out Google documentation for details.
The solution is really rather simple. Your app needs to use oauth to request offline access. It will be given an access cide which you convert to a refresh token, which is the thing you store in your database. This doesn't expire. Well actually it sometimes does, but that's another story. Whenever you need to access the api, use the stored refresh token to request an access token which you include in each api call.
See https://developers.google.com/accounts/docs/OAuth2WebServer for details.
I don't know what you did but https://code.google.com/apis/youtube/dashboard/gwt/index.html works perfectly fine for me. Maybe it was a temporary issue. If you want no user interaction you HAVE to use YouTube API v2 OR you have to use v3 with methods that don't require authentification OR you have to provide your own youtube account credentials which is not recommended and probably not appropriate for you situation.
Several issues to respond here, I think.
1) The older API console has not been removed, but I've noticed intermittent outages to it and to the newer API console while Google is rolling out their new "cloud console."
2) ClientLogin was officially deprecated in April of 2012, not just 48 hours ago. Jeff Posnick has detailed all the changes over the months (and related ones, such as AuthSub, Youtube Direct, etc.) at his blog (apiblog.youtube.com).
3) You're right that, with v3 of the APIs, you cannot do automatic uploads across the board, as the oAuth2 flow requires user interaction. However, given the limited description of your use case, using refresh tokens is probably your best bet. If the content is user generated, somewhere they must be logging into your app, correct? (so that your app knows which credentials to leverage to do the uploads). At the point they're logging into your app, and you're starting the oAuth2 flow, you just have to hit the first oAuth endpoint and pass it the parameter access_type=offline (along with any other parameters). This will ensure that, when they grant that initial permission, you're returned a refresh token instead of an access token. With that refresh token, you can exchange it for multiple access tokens as needed (an access token lives for about an hour. I don't know how long a refresh token lives, but I've never had one expire before my own login cookies did, and then I just get a new one when my users re-login to my app).
Here's some more info on how to use the refresh token; note, too, that the various google api client libraries make it pretty smooth.
https://developers.google.com/accounts/docs/OAuth2WebServer#refresh
Also, this video tutorial from a Google Developers Live broadcast a couple of months ago might help illustrate the point: http://www.youtube.com/watch?v=hfWe1gPCnzc -- it's using the oAuth playground rather than a client library, but the concept is the same.
The answer is to use google-api-php-client, create an interactive auth page, and set up YouTube API v3 correctly with the new API console.
You can create a very simple page that will authenticate for the supplied channel and then store the correct token in your database. Is already working and uploading hundreds of videos on one channel. You do need to remember to fully activate yourself under the new API console and add the services required. Just keep authenticating and adding the services it says it needs. After that, the regular v3 upload process works just fine. On failure send a group an email and they can get a new token in 10 seconds.
Not the most elegant solution, but the documentation from Google is far from elegant anyways that Stack Overflow is now their front line support.
Just hang in there, a solution is always found. Don't give up!
I didn't get here by myself either, the other answers on this page helped me get all the way to this point. Thanks guys.
P.S - Don't forget the scopes
$client->setScopes("https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/youtube.upload");
I need to use Twitter Oauth to login my windows phone app,
What i need exactly is
1)when the user click twitter log in button from my app, i need to show the twitter llog in page in a browser,
2)when he enters his credentials and accept the app, then i should get the user information like, name, gender, bday, what ever i can take.
That,s it, then i can close the browser and make my app active.
I just need to make the user to log in via twitter.
I referred lot of examples, that are all quit confusing and doing all the stuffs in twiiter.
I tried this example
and got this error
'TweetSharp.TwitterService' does not contain a definition fError 2 'TweetSharp.TwitterService' does not contain a definition for 'GetAccessToken' and no extension method 'GetAccessToken' accepting a first argument of type 'TweetSharp.TwitterService' could be found (are you missing a using directive or an assembly reference?)
and i tried enter link description here
failed on that too.
Can anybody help me to do the authentication via twitter for my app.
Thank you.
I tried this example and got success, I contacted the person who have posted that example and got help from him to solve the issues raised from this example.
Actually this Example works fine for twitter integration,
What you have to do is
1)Register your app in twitter, here the link for app registration,
log in and register your app.
2)Make sure you have given the Call Back URL(i forget to give that, and that makes me face lot of issues)
3)Note down the Consumer Key, Consumer Secret and Call back url(we need specify this 3 in our code)
4)Go to Settings, and set your app access to Read and Write
5)down load the above link and change the Consumer Key, Consumer Secret and Call back url as per your app, and then run the example, it will work fine.
Thank you.
If you just want to authenticate using Twitter and don't want to post anything, perhaps you can try Azure Mobile Service Authentication. You can find more information here: mobile services authentication
Problem : I am facing difficulties in getting user's birthday from api calls and I am new to OAuth.
Steps followed : (Have followed all steps required for implementing login with google+)
1. Created an app.
2. Obtained app_id and secret_key.
3. Did not make use of SDK, implemented the process without SDK in php.
4. Obtained "CODE" by calling accounts[dot]google[dot]com/o/oauth2/auth?
5. Using the code from the URL parameters requested for access token by HTTPS POST method to https://accounts.google.com/o/oauth2/token, using CURL
6. When accessing the login page, user is asked for permissions to access the information such as email, profile, DOB etc., but I am not able to find a way to get that date of birth
7. I have tried access www[dot]googleapis[dot]com/plus/v1/people/User_ID?key={THE_API_KEY} . Still no luck
Please guide or suggest me on how to get the DOB. Also let me know if there is any other information I missed to share.
Thanks in advance.
Cheers!
Farhan
Well Well Ofcourse.. It has to be a security thing from google.
I got to know after I did a part of unit testing with different scenarios and missed out on a simple thing that google only responds with the b'day information if the user has allowed to in his profile settings.
all if the birth year is hidden, it will throw 0000 as year in the response of the HTTPS Post method.
If I am wrong in any of the information provided, Please do correct me.
Cheers!
Farhan.
I'm trying to implement Soundcloud connect and having a weird issue.
First thing I do is send my users to
https://soundcloud.com/connect?client_id=MY_CLIENT_ID&redirect_uri=http://myredirecturl.example.com&state=RANDOM_STRING&display=page&response_type=code&scope=email
When users connect they get redirected to
http://myredirecturl.example.com?error=invalid_scope&error_description=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed.&state=RANDOM_STRING
The same happens if I use scope=*.
However, if I use scope=non-expiring it lets me go through, but I need the users email and that type of scope doesn't have enough grants.
I thought it had something to do with my app being in development mode, but Osman at Soundcloud said it doesn't.
Thanks.
The 'email' scope is not available to all integrations. It's used for a few custom integrations that have provided us with accepted terms of service / privacy policies. There is no way to get a user's email address using the SoundCloud API.
You should however be able to use the '*' scope to get an expiring access token. I'll check with our app team to see why this is giving you an error. I'll edit my answer once I have more information there.
For your purposes, I would stay with the 'non-expiring' scope and simply prompt a user for their email address (providing them with a way to agree to your terms of use / privacy information).
Using scope=* sometimes doesn't work because the url is not properly encoded. If you are getting this error while using the * wildcard, try properly encoding the url, using a function like urlencode() (for PHP).