Google will no longer allow OAuth requests to Google in embedded browsers - ios

"On April 20, 2017, we will start blocking OAuth requests using web-views for all OAuth clients on platforms where viable alternatives exist."
We received this notice. In our iOS app using the Google drive, but google drive sdk no updated. google drive sdk still uses the old way. We need to modify the authorization method?

If you are using the WebView for Google OAuth authentication (i.e. if the user has to type the Gmail address and password in a WebView), yes, you have to update it.
You have two options.
SFSafariViewController: Load the Google login URL in the SFSafariViewController instead of the WebView. If you are accessing any cookies in the WebView, you cannot do that in the SFSafariViewController. For iOS 8 and below, which does not support SFSafariViewController, you can fallback by opening the Safari browser to authenticate.
Google Sign In SDK: Use Google Sign In for iOS SDK. You put a Google Sign In button in your app and use the Google APIs to authenticate.
For more information, refer this presentation from Google devs: https://docs.google.com/presentation/d/1z7bgAqYcEt7EHRmwe3T-vF_iMw9e8Wyxr10wPudypEo/present?slide=id.g135ae23358_0_71

Related

MSAL iOS not able reuse Accesstoken and cookies for WKwebview

Not able to share cookies between MSAL library to WkWebview.
I have used MSALlibrary for authentication in the iOS app, In the app, there are few functionalities that were not implemented in iOS so, we are navigating to the web application(using WKWebview) where it asks every time login prompt.
Can I send access token/cookies or do something so will not ask for authentication the second time when I open WKWebView?
For iOS ASWebAuthenticationSession, SFAuthenticationSession, and SFSafariViewController are considered system browsers. For macOS only ASWebAuthenticationSession is available. In general, system browsers share cookies and other website data with the Safari browser application.
By default, MSAL will dynamically detect iOS version and select the recommended system browser available on that version. On iOS 12+ it will be ASWebAuthenticationSession.
When you verify user via API, you must get the token from response. Pass this token as a query parameter in your url and redirect to Safari.
URL - https://www.example.com/page1
URL with token - https://www.example.com/page1?token=asdfv12324fvfropfc23as
You can store the token in localStorage/Cookies.
Read more here.

Google OAuth Electron WebView deprecation

In reference to: https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html
In this page, it is clearly stated that: "On April 20, 2017, we will start blocking OAuth requests using web-views for all OAuth clients on platforms where viable alternatives exist."
Does this affect Electron WebViews as well? If it does, can you point me to any samples?
It looks like Google is indeed deprecating Electron WebViews. There are multiple solutions to this:
Open google sign-in page in user's browser and :
(1) Setup a HttpListener similar to this https://github.com/googlesamples/oauth-apps-for-windows/tree/master/OAuthDesktopApp
(2) Specify custom URI scheme in the redirect_url to open your app after login. (This might open notifications/popus in the user's browser)
Use AppAuth to perform login to Google

Gmail API 0Auth 2.0 using OAuth Phonegap SDK

Has anyone had success in using the Gmail API's authorization in a Phonegap application? I found this (http://phonegap-tips.com/articles/google-api-oauth-with-phonegaps-inappbrowser.html) that describes using the generic Google API OAuth with Phonegap's inappbrowser plugin, but the newly released Gmail API does OAuth authorization differently, and I'm not sure how to get it to work with Phonegap.
Note: It does work when I try a web version of my app, but the button that brings up the authorization screen doesn't do anything in Phonegap..not sure why. I do have the appropriate Android credentials for the app in the Google Developer's Console.
UPDATE: Using OAuth's Phonegap SDK (found after registering your app here: https://oauth.io/), I am able to authenticate a Google Account. However, I am unsure how to then call Gmail API methods or correctly pass whatever authentication tokens from the OAuth SDK to any Gmail API code. Has anyone done this and can share their knowledge?
I found a solution using the OAuthio Phonegap SDK. Then I can call the appropriate HTTPS requests from the Gmail API.
If you want to login your users via Google on iOS and Android, then use this new plugin I just created: https://github.com/EddyVerbruggen/cordova-plugin-googleplus
You will also receive the name and gender etc from the plugin. The plugin will also try SSO with any other Google apps installed on your device by using the Google+ SDK on both platforms.

Post on google plus from ios

My app has a feature to share on google plus.
My app cannot allow users to login using google.
Is it possible to post on google plus without using google plus sign in ?
Google APIs use OAuth 2.0 for both authentication and authorization. You cannot do anything if you are not authorized - it's the matter of security. Here is a great official guide on how to properly login in Google Plus and use different APIs features.
So, you must enable the possibility to login through Google or disable the sharing feature.

Is Google Cross-client Auth possible with iOS, and if so, how?

I'm using oAuth2, and I have a project in my google API console with an iOS client and a Web client registered.
I'd like to auth in from my iOS app, and have my web backend retrieve an access token so it can do the heavy processing work with the Google api.
I've tried following these instructions which are for android: https://developers.google.com/accounts/docs/CrossClientAuth
But I keep getting an invalid scope when I assign the scope as:
oauth2:server:client_id:MY.WEB.CLIENT.ID:api_scope:http://www.google.com/m8/feeds/ https://mail.google.com/ https://www.googleapis.com/auth/plus.login
Anyone successfully implement a similar set up for iOS? If so please explain or share documentation? What libraries or SDKs did you use to get the code from google on the iOS app that the web backend could use to generate a proper access token of it's own?
As of June 18th, the google iOS SDK 1.7.0 supports one-time authorization code which is consistent with the Android feature: https://developers.google.com/+/release-notes/

Resources