Google's login integration guide for iOS does not actually describe the possibility of programmatically switching accounts.
My requirement is to allow the user to switch their Google account, but if they choose to cancel the switch then they should stay logged in with their current credentials. Youtube already do this but I can see they're using a custom built screen instead of the default account selection screen.
What I've done so far is to call this when user taps account image
GIDSignIn.sharedInstance().signOut()
GIDSignIn.sharedInstance().signIn()
which prompts the account selection screen each time, with the disadvantage that, of course, if the user cancels, they will be signed out of the app. There must be a way to preserve the authorisation token in the Keychain, but I don't know they key for it in order to trigger the save before displaying the screen. Is there an easier way to go about this?
Related
I've implemented the Google SignIn code with authentication to access Google Drive and have a sign out button with the following recommended code from Google:
GIDSignIn.sharedInstance().signOut()
However, every time after the first time I run the app, the signIn process no longer asks me for my password.
If I sign in and then press the my sign out button, the next time I press the sign in button I am prompted for a google account and then prompted to allow access to Google drive.
If I sign in and then quit the app without pressing the sign out button, the next time I press the sign in button I receive no prompts and am logged in completely.
This behavior appears to be consistent with Google's statement regarding their quick start code (https://developers.google.com/drive/v3/web/quickstart/ios?ver=swift):
"Authorization information is stored in your Keychain, so subsequent executions will not prompt for authorization."
That is the GIDSignIn.sharedInstance().signOut() sign out command appears to work on Google's end (have to pick a Google account and allow Google drive access on the next login), but not on the iOS end as it appears that iOS has saved the password (presumably in the keychain) and always gives it to Google when I sign in after the first time.
I saw the post for Google Sign Out iOS where Birendra had recommended trying
[GTMOAuth2ViewControllerTouch removeAuthFromKeychainForName:kKeychainItemName];
to remove the password from the iOS Device's keychain.
I have not had any luck finding out how to use that suggestion. Can someone explain how to remove the password information that the user entered using Google SignIn? (Assuming this is what needs to be done to completely log out the user). I'm using Swift.
Normally having the keychain remember the password for Google wouldn't be a problem, but this is an app to collect research data. The subjects will be using their own iOS device (iPhone) and log into the lab's Google account, so we don't want that password to stay in their keychain.
Help is appreciated.
As of the time of this post, you can use the following:
Swift 5
GIDSignIn.sharedInstance()?.disconnect()
Disconnects the current user from the app and revokes previous
authentication. If the operation succeeds, the OAuth 2.0 token is also
removed from keychain.
I'm creating an app where the user has to login and can use FaceID or TouchID to speed up the log in process.
Using FaceID or TouchID for the login can be enabled or disabled in the internal settings of the application.
When first using TouchID/FaceID the user has to grant these permissions to the app. I want that this permission request dialog appears as soon as the user enables biometric authentication in the app settings and not right before the user logs in using it.
I didn't find anything with google so I doubt this is even possible.
This is possible if you prompt the user to perform Touch or Face ID when the feature is enabled within the app.
As far as I know, there is no other way to trigger this permission prompt.
Sometimes when a user logins into a site with Google's OAuth 2.0 they choose the wrong account to login with. Normally this isn't a problem if the user has more than one account registered with the browser, google will automatically show the user select screen:
But if a user has only one account and is logged in, this screen is skipped. Instead I need Google's sign in panel to always appear, so that I can be sure the user has the option to try and enter the correct account. I tried using approval_prompt = "force", but that forces the acceptance of permissions rather than simply showing the login page.
How can I force Google's OAuth 2.0 to always show the login screen?
(and never automatically skip it)
Add the parameter prompt=select_account to your authorization request.
This will cause the account chooser to always be shown, even if the user is only logged in to one account. Users will be able to select from their accounts, or add a new one.
For example: https://accounts.google.com/o/oauth2/auth?redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&response_type=code&client_id=407408718192.apps.googleusercontent.com&scope=profile+email&access_type=offline&prompt=select_account
we are running into an issue that once our users are login in the app and are authenticated thru the oauth flow the authentication page is never being displayed again, in that way user cannot switch account if needed. We are using a popup display mode (which does not provide options to switch user) and "switch user" small button in top right side of the screen is not appearing in our mobile small screen devices (as Iphones). We tried the auth_type=reauthenticate but it does not provide any option to switch user in popup mode either. We can´t control user´s cookies as well so there is not how to delete them. Is there any way to always ask user to reathenticate during all oauth requests allowing user to switch accounts?
If Facebook has implemented OpenID Connect correctly, try to add prompt=login or prompt=select_account to your authorization request. See "3.1.2.1. Authentication Request" in OpenID Connect Core 1.0 for details.
To the Box SDK team:
I'm using the iOS version of the BoxSDK. When I present the BoxAuthorizationViewController login controller, there is a checkbox labeled "Remember login".
It doesn't seem to do anything. I get the same results whether I leave it checked or not. And the iOS API to the Box SDK doesn't provide any access to whether it is checked or not.
In my iOS app I'd like to know whether the user checked this or not. If they have it checked then I want to store the refresh token in the keychain so the user doesn't need to login again. But if the user unchecks this on the login screen, I need to know this so I don't store the token in the keychain and my app can ensure the user is shown the login screen again on the next access.
What is this "Remember login" checkbox supposed to do in the context of an iOS app?
Can the API be updated so when the BoxOAuth2SessionDidBecomeAuthenticatedNotification notification is sent, the state of the checkbox is part of the notification?
Thanks.
New OAuth2 screens just went live that should fix this problem:
https://app.box.com/api/oauth2/authorize?response_type=code&client_id=&redirect_uri=https://your-token-generator.com