I have went through the OneDrive API documentation but couldn't find anything on what I needed. Basically, we have developed two apps, one webapp and one mobile app for our product. We want to share the tokens between the two apps (if the user has already authorized for one app, he shouldn't need to re-authorize the second app).
The API settings page in Microsoft Account Developer Center states that
Mobile client applications use a different OAuth 2.0 authentication flow.
What is the recommended way to achieve this in OneDrive? Can the two apps use the same client id/secret and share the tokens? Or can they use different id/secrets and OneDrive provides a way to sync these tokens?
You can not do this since the registration for web apps are different from the mobile app. You can do this if both are web or mobile apps.
When registering an app in Azure AD, the first option is to specify is your app web or mobile app, and then the flow and settings will be different based on the selected app type.
Hope this helps.
Related
At work we have developed an individual customer specific software application that is in use for a long time. We have a new requirement in this same program to implement an option for sending emails directly from the program.
The user is able to add his own email account with the credentials and login through our program. For Microsoft and Gmail accounts OAUTH is implemented and something here is not very clear.
For Gmail-API we have made an OAUTH Client and Consent screen on Google Cloud Console which we need to publish and verify and here is where the problems start. I am not very clear with the whole process of verifying the app.
In the steps for verifying is stated that we should verify a domain for the app, but this software is not hosted anywhere on internet and is not publicly available, it is available to a number of specific users (2000-3000).
Also Google requires a YouTube video of the software to be available publicly, which we are not able to upload because of customer requirements. Also here is required a Data Protection Policy page for the application which we as a developers don't have because we are only developing the software.
Other thing that is not clear to me, how is this type of software rated by Google, internal or public?
Have anyone experience with this or something similar?
Verifying an app for one of the Gmail scopes is a very complicated process. This process depends upon which scope of authorization you are requesting of the users.
In your case you are trying to send an email so you are using the users.messages.send method from the Gmail api. This uses a restricted scope. Which means you will need to go though the full process.
First of it doesn't matter if your application is hosted or not. It also doesn't matter that you give this app to a limited number of users. What matters is the scopes you are using.
You will need to ensure that your domain has been registered via google search console. So this app will need a domain
Once that is done you will be able to host your website, and the privacy policy on that domain.
You will need to create a YouTube video showing your application running, and how authorization is used.
You will also need to submit to a third party security checkup of your application which is not free and will need to be done once a year.
All of this is needed because of your consent screen it doesn't matter if its hosted any where, It also doesn't matter if this is only available to specific number of users.
If all of the users are part of a single google workspace account, that has created your client id and client secrete then you can set the app to internal and you wont need to be verified. This only works for google workspace domain accounts.
My App works for different clients (based on the configurations after the actual login).
I want to integrate Intune MAM SDK into a specific client. It need not affect the other clients (meaning should not affect the MAM policy to other clients)
Scenario:
let's take two clients A and B.
A wants to integrate Intune MAM SDK
B doesn't want to integrate the SDK
Expecting:
if B downloads an app from the google play store or apple store, he can able to use an app with a normal login flow.
but if A download app from stores, he should not able to use the app with normal login flow. (he needs to download an app from the company portal to control the app. Then login needs to work)
is there any way we can get to know that app downloads from the company portal not from stores (make sure that it should affect the other client's login flow)
Can anyone tell me how can I achieve this?
We currently have a MVC5 web application that has recently gone live. Much of the business logic is contained within GET and POST controller methods in C# files. A native iOS app is planned for the project and the concern was expressed that we must ensure that the business logic is the same for the web app and the mobile app. I'm asking for anyone with experienced with Azure Mobile Services to elaborate on how we can easily ensure consistency between the web app and the mobile in terms of backend business logic. I see two options as of right now: 1. Create an API project and ensure both the web app and the mobile app call the same endpoints 2. Integrate Azure Mobile Services and ensure that the business logic matches the web app at all times. I'm just looking for guidance.
Thanks
If you are starting work now, I would start work with Azure Mobile Apps rather than Azure Mobile Services. Azure Mobile Apps can provide a web app and a mobile-friendly API for you.
Azure Mobile Apps provides three distinct things on top of Azure Web Apps. The first is a mobile-friendly data-sync capability. This is a RESTful interface that provides access to data from a backend resource. You can use it directly as a REST endpoint - great for your websites, but it is also an OData source. There are clients available for iOS (Objective-C/Swift), Xamarin (C#/.NET) and more coming that use this to provide a sync capability. The addition of a SQLite store provides an offline sync capability that your mobile app can utilize for performance and network efficiency.
The second is authentication that works with the mobile data-sync capability. This can be used across your web and mobile apps and links into enterprise authentication systems (via Azure AD), Facebook, Twitter, Google+ and Microsoft Account. One of the more interesting things you can do is provide personalized results - a user can only access their own records via data-sync. Mobile authentication is different and the SDKs provided in addition will provide that functionality for you.
Finally, there is a pass-through for Notification Hubs - a powerful push notifications system that provides access to APNS (for iOS devices), GCM (for Android devices) and WNS (for Windows-based devices) as well as push capabilities to Chrome and Safari web apps, Baidu and Kindle.
Nothing stops you from doing all this from a standard MVC5 ApiController, but the wrapping of the client-side SDK plus the additional functionality of the table controller reduces the complexity of the code you have to write.
I'm trying to build a Google Apps Marketplace App using the new APIs only available through OAuth2. We already have an app using the old APIs, but I'm having trouble figuring out how to have the same flow with OAuth2.
In our old app, the domain administrator would install the app and give it permissions. Then, we could just make requests using our app's id/secret without user interaction. (2-legged OAuth)
How would I do this with OAuth2? None of the flows described here sound like what I'm looking for.
I'm also having hard times to find out to get this new OAuth2 login up and running.
You will have to use service accounts to make requests on behalf of the user.
Documentation is here:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
I did not yet manage to get the flow working without each user being prompted again, but this most likely is because I need offline access:
Google Apps Marketplace SDK + Domain-wide OAuth 2 SSO
We have a web application that supports Facebook and Twitter login/signup via oAuth (and can also post to FB/TW). Now we are building a mobile client and naturally we want people to be able to login-signup via FB-Twitter on mobile as well, on iOS even using system-integrated accounts.
Now mobile app and our server app are two different apps, however, and if I get oAuth correctly, we'll need to have two authentications: one for a mobile client (system account can be used), another one for a server (we'll have to show WebView for it).
Yet some existing apps seem to be fine with single authentication only (e.g. Flickr and Foursquare! At least 4sq seems to be fine with iOS system FB account only. How is it possible?
Do they share consumer key/secret between mobile and web app making it essentially the same app?
Do they use some FB-specific extension to oAuth
Do they only use auth token wherever it comes from making it a user ID?
Something completely different?
Old question, but this may help someone who finds their way here.
Twitter Reverse Auth