I have a Web application using Google and Facebook signin.
I want to require the authentification by adding the secret key, so in the client side I can connect just using my own application and not any other application.
I did that in Facebook by adding the appsecret-proof parameter, enable
How I can do the same using google?
You can register a new set of "Web Credentials" for your application via https://console.cloud.google.com/apis/credentials and the client secret would be available there.
https://developers.google.com/identity/protocols/OpenIDConnect
https://developers.google.com/identity/protocols/OAuth2
https://developers.google.com/identity/sign-in/web/sign-in
The above describes how Google Oauth works and its configurations.
Related
I am writing a google drive desktop application and I am using OAuth 2 to get credentials. I can get creds for just reading, but not changing files. As it is a desktop application, there is no site. It is written in https://developers.google.com/identity/protocols/oauth2/native-app, that I need to "supply a local redirect URI to handle responses from Google's authorization server". So, should the client also be a server and listening on some port locally? If I want to have the app verified, I need to provide Authorized domains and other stuff, but it is a desktop application, again. Or maybe there is a way to allow users to use the app, but with a warning on a consent screen for example for development purposes.
Also how to hide the credentials, that I use to get the token? If I publish the app with the credentials, everybody can just steal them and use them
In order to develop a desktop application which will use the Drive API you will have to use credentials of the web app type for which you will later provide the appropriate redirect URI.
By using OAuth 2.0 in your application, you are the only one who has access to the credentials for the application - unless you share them.
According to the Google OAuth 2.0 documentation:
You start by obtaining the OAuth 2.0 client credentials from the Google API Console. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access.
For the login process, when the users will log-in to your application, they will use their own credentials and then they will have to authorize the application you have built in order to be able to use the Drive API.
Reference
OAuth 2.0 for Mobile & Desktop Apps;
Using OAuth 2.0 to Access Google APIs;
I'm working with a company that is using the Google Apps free subscription. This company has a web site. They want to let users who have Google Apps accounts in their domain to authenticate into the web site via OAuth.
My question is, where do I find the ClientId and ClientSecret needed to do OAuth?
Thank you!
OAuth 2.0 for Client-side Web Applications will allow you to authenticate users using Oauth2. This will allow the users to grant your application access to their private data.
You will need to go to Google Developer console and create credentials on this page Credentials
Open the Credentials page in the API Console.
Click Create credentials > OAuth client ID.
Complete the form. Set the application type to Web application. Applications that use JavaScript to make authorized Google API requests must specify authorized JavaScript origins. The origins identify the domains from which your application can send API requests.
Right now, I have a native azure app that my iOS app uses ADAL to authenticate to with no issues. I've added a Web API in azure and it's being managed by the Azure API Management resource. I have this API using an oAuth server that uses Azure AD for authentication (all created within the Azure API Management).
The issue I'm having is the oAuth token I'm receiving from my iOS App is not being accepted by my Web API. They are both using oAuth to the same Azure Active Directory. I tried changing in my iOS app, to use the Web API app client ID instead of the native app client ID. The issue then becomes during authentication, it needs a "client_secret" in the request. Looking at the ADAL iOS library, I'm not seeing a method to get a token that passes in a client secret as a parameter.
Scroll down to the Keys section, you will see the key as the client secret. They are used for calling the web api.
These two methods of authenticating the applications are referred to as interactive (user signs in) and non-interactive (app provides its own credentials). In the non-interactive mode, you must assign the service principal to a role with the correct permission. About the AAD authentication's more information, you could refer to: https://azure.microsoft.com/en-gb/documentation/articles/resource-group-create-service-principal-portal/
These are the settings I have behind my twitter App,
And these are the settings I've tried in Amazon IAM,
Which I'm assuming doesn't work because twitter is providing oauth login only, not full OpenID Connect compatible options. Is there any way I can get twitter as one of the login options, or build some sort of middle server, or similar, to be able to make this work?
You are correct, this is because Twitter only supports OAuth 2.0 delegated access to the Twitter APIs for 3rd party clients. Twitter does not support an OAuth 2.0 based signin mechanism (like OpenID Connect), their current signin mechanism is based on OAuth 1.0, see: https://dev.twitter.com/web/sign-in/implementing and https://dev.twitter.com/rest/reference/get/account/verify_credentials
You could indeed build a middle server to bridge standard OpenID Connect to Twitter's OAuth 1.0 signin mechanism. I am not aware of the existence of such a bridge as an open source product. There are commercial products that can do this.
I have been playing with the new Admin SDK in conjunction with the "upgraded authorisation experience" and wondered if someone has and experience/examples on how to use it. From what I have read, if you upgrade the authorisation experience you shouldn't need to use OAuth 2.0 and get a client ID and secret from the API console.
When you upgrade the authorisation, the API console entry is automatically created so you just have to turn on Admin SDK. Your app should then run simply using your own admin credentials.
Have I misunderstood this and if so, what is the benefit of the new authorisation experience?
I can use the Admin SDK just fine if I create a client ID and secret in the API console but this is using OAuth 2.0 then.
If someone has an example of how to use the admin sdk with OAuth 1.0 i could have a look at it would be much appreciated.
You will still need get your tokens and API key...
Take from the Directory API documentation:
If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key. You can find your application's API key in the Google APIs Console, in the Simple API Access section of the API Access pane.
If you are looking for an oAuth2 example with GAS, Arun has a nice example he posted on GitHub, see the SO posting: How to authorize with oauth 2.0 from appscript to Google APIs?
Sorry, I don't have any oAuth1 example to interface with the new APIs.