In reference to: https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html
In this page, it is clearly stated that: "On April 20, 2017, we will start blocking OAuth requests using web-views for all OAuth clients on platforms where viable alternatives exist."
Does this affect Electron WebViews as well? If it does, can you point me to any samples?
It looks like Google is indeed deprecating Electron WebViews. There are multiple solutions to this:
Open google sign-in page in user's browser and :
(1) Setup a HttpListener similar to this https://github.com/googlesamples/oauth-apps-for-windows/tree/master/OAuthDesktopApp
(2) Specify custom URI scheme in the redirect_url to open your app after login. (This might open notifications/popus in the user's browser)
Use AppAuth to perform login to Google
Related
If the user is logged-in with the native Twitter app installed, I want my app to open the Twitter app to request authorization.
I already implemented the flow to get the oauth_token in order to start the login process through Twitter's api. Only, the current API Documentation do not mention anything about how to use the native iOS app in the process. It only sends back a url for the user to log in.
let url = URL(string: "https://api.twitter.com/oauth/authorize?oauth_token=\(result.oauthToken)")!
DispatchQueue.main.async {
UIApplication.shared.open(url)
}
On getting the requested oauth_token, I get this link. Opening the link will display a Webview to login. Not the native Twitter iOS app.
I tried to use a deeplink to manually launch the Twitter app, but I couldn't found any resources on how to setup the link properly.
So far I have tried things like:
twitterauth://authorize?consumer_key=[KEY]&consumer_secret=[SECRET]&oauth_callback=swifter-[KEY]
or
twitterauth://authorize?oauth_token=\(result.oauthToken)
without any success...
As mentioned in another post, Clubhouse has implemented exactly this flow. So it is possible. The question is how ? 😅
This flow seems to have not been officially supported since the retirement of TwitterKit on May 1, 2018. Any applications that still offer this functionality to their end users likely have some sort of partnership with Twitter to allow for this which is otherwise undocumented publicly.
The reasoning for this was detailed sparsely in a related Twitter Developer Forums thread:
Unfortunately at this time we have had to make some incremental adjustments that are not so smooth for everyone; especially as you’ve found, for mobile app developers. We’re in the middle of a transition to a new API platform (via Twitter Developer Labs) and there will be some changes as we go along - we are asking for your feedback to help us, and if you check the ideas, authentication and authorization is something we’ve heard a lot about.
I cannot tell you today exactly when we’ll get to an enhanced solution, but this is something we are actively working on.
Direct link
The official guidance is to use the traditional WebView method until Twitter officially re-releases this capability:
I don’t believe that this is possible any longer, so I would encourage you to use the full OAuth flow. I apologise that this may not be what your users prefer, but this is the documented way to gain authorisation (we do not document or support URL schemes for the native iOS app).
Direct link
We do not support or document any means of users signing in to Twitter outside of the OAuth flow; any use of undocumented features is subject to change without notice.
Direct link
As linked above Twitter appears to be soliciting feedback on this via their UserVoice page, should you feel so inclined to suggest the re-implementation of such a feature.
I've added kGTLRAuthScopeDrive scope to OIDAuthorizationRequest and I am facing the issue shown in the picture below:
How can I verify my ios app?
OAuth Client Verification
Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.
Add-ons, web apps, and other deployments (such as apps that use the Apps Script API) may need verification.
You must apply to have your application verified by google before others will be able to use it. Verify
By clicking advanced you should be able to login yourself as the developer who created it. this is used for testing only
"On April 20, 2017, we will start blocking OAuth requests using web-views for all OAuth clients on platforms where viable alternatives exist."
We received this notice. In our iOS app using the Google drive, but google drive sdk no updated. google drive sdk still uses the old way. We need to modify the authorization method?
If you are using the WebView for Google OAuth authentication (i.e. if the user has to type the Gmail address and password in a WebView), yes, you have to update it.
You have two options.
SFSafariViewController: Load the Google login URL in the SFSafariViewController instead of the WebView. If you are accessing any cookies in the WebView, you cannot do that in the SFSafariViewController. For iOS 8 and below, which does not support SFSafariViewController, you can fallback by opening the Safari browser to authenticate.
Google Sign In SDK: Use Google Sign In for iOS SDK. You put a Google Sign In button in your app and use the Google APIs to authenticate.
For more information, refer this presentation from Google devs: https://docs.google.com/presentation/d/1z7bgAqYcEt7EHRmwe3T-vF_iMw9e8Wyxr10wPudypEo/present?slide=id.g135ae23358_0_71
Google released nice feature called Over-The-Air Installs. But documentation has example only for google's sign-in button.
Checked Google API PHP Client and it doesn't have anything related. Tried adding apppackagename and app_package_name to authorization url - didn't help. Another problem is that Google doesn't enable this feature for all clients.
Is it possible to use it via oauth triggered on server-side? Does Google somehow indicate that you're allowed to use this feature?
It is currently not possible to trigger Over-The-Air Installs using the server-side flow. It is recommended that you use the client-server flow as described and demonstrated in the quick-start sample apps instead of using a server-side flow.
You can direct users to install the app at the conclusion of your install by linking to your app in the play store. From the play store, the user could still install your app directly to their device, it would just not happen in the sign-in dialog.
Even hybrid client-server flow needs to implement the "sign-in button" to your page...
https://developers.google.com/+/web/signin/server-side-flow
https://developers.google.com/+/web/signin/client-to-server-flow
Don't know why Google is doing this way!
I am working on a mobile app that will hit some Google APIs, authenticating using OAuth2.
It's working pretty well but when I navigate to the approval Uri, Google is returning what looks like a full blown desktop app approval page. It doesn't look too bad but I'd prefer to get the stripped down mobile version that you could ask Google's OAuth 1 to display.
(from http://code.google.com/apis/accounts/docs/OAuth_ref.html)
btmpl
(optional) Forces a mobile version of the approval page. The only accepted value is "mobile". This is a Google-specific parameter.
I've tried adding it to the OAuth2 approval Uri but no joy. So if I'm using the Google installed application auth flow, are there any options for indicating that the request is coming from a small screen device?
The oauth endpoint I am using:
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=http://localhost&scope=https://www.googleapis.com/auth/userinfo.profile&client_id=XXXXXXX.apps.googleusercontent.com
The OAuth 2.0 URL that you are referring to already has a mobile-friendly version available. However, unlike the OAuth 1.0 URL, there is no URL parameter to force it, instead it uses user-agent detection to display the appropriate version depending on the browser. At least it works fine on my Android device (I haven't tried with any other devices though).