I am running through the OAuth process with Google+ scopes (email, profile) as well as the basic scope for the YouTube API.
If a user selects a YouTube Channel that is tied to a Google+ Page, then the Google information that I get back is for the Google+ Page (which isn't what I want)
What I want is the Google Id (and name and email) of the USER who is logged in - not the Google+ Page's info.
Google Sign-In doesn't work that way. You get authorized to for the info of the identity signing in and only that identity. If you want info from another identity the user has to authorize your app to access that identities info or ask them to manually enter the info.
Related
I have a google login in my app when I try to click on sign in with google I do not see the permission it needs to access
My app uses users contacts and so I have added it to scope in consent screen settings but it do not show any permission. Can someone help me if there is anything else that needs to be configured as I need to verify my app from google
I want permission to display like this(sample image)
Scopes that I am using
this is the api
Lets use the Google Oauth Playground to test a little.
test 1 requesting authorization to Oauth2 scopes.
I am going to select Google contacts really there is not much point in selecting this one using google People api is a much better choice.
And everything under Google People API
This is the consent screen shown me
test two authenticating with open id connect
I am going to only request
Now profile and email are special they are related to Open Id connect, which is out side of the Oauth2 because of that i was not actually shown a consent screen. Because i am Authenticating to Google that this is me logging in.
I am not Authorizing any Oauth2 scopes because none were really requested. Now this make confuse you because by requesting profile you are automatically given access to the users profile data which means that you can access the Google people api and do people/me and get the information about the person.
conclusion
Only Oauth2 scopes appear to the user requesting access. not open id scopes.
I am using HybridAuth on my project and added Facebook, Twitter and LinkedIn social providers in order for the user to be able to sign up/ sign in.
What I have encountered is that Twitter API does not return the users' email. Thus the user obviously can't sign up with his Twitter account.
Furthermore if the user has logged out - he can't even sign in with his Twitter account if he hasn't connected it to your application account, because the Twitter API won't use the email for searching the user in its' database. In order to be able to use Twitter Sign In, the user has to be signed in to your app and connect his Twitter account.
Is there anything I am missing and there is an actual way to Sign Up with Twitter?
I log into my Twitter account. Then I visit this twitter app website. I click sign-in with Twitter link, I am redirected to Twitter authorization page, I give auth. Then I see member page of app website. Then I check authed Applications from my Twitter account: https://twitter.com/settings/applications
I see that I authed that application. Then I remove all cookies of app website. But I don't logout from Twitter website. I revisit app website and click Sign-in with twitter.
Without Auth confirmation I am redirected to members page. How can it be?
I understand that they save my auth tokens inside their database and use to verify credentials. But without cookie etc. how can they know that I'm that Twitter user?
Is it possible to know that user logged in to Twitter?
This problem can be solved when "authenticating" is used rather then "authorization".
Authorization needs permission everytime user sign-ins, authentication needs permisson if user didn't give permission previously or he/she revoked the permission.
That is called as transparent login.
Note: Authentication doesn't include DM access.
https://dev.twitter.com/docs/auth/implementing-sign-twitter
I'm learning to use the twitter API for the first time. I want to build a website that allows users to post messages to their twitter, facebook and linkedin account. They will need to sign up first via the website's registration/authentication system, which is in not related to twitter, facebook and linkedin. Once logged in, they should be able to synchronize their twitter, facebook and linked in account with my website.
I'm starting development with twitter first. I followed this tutorial here:
http://www.1stwebdesigner.com/tutorials/twitter-app-oauth-php/
After authenticating, twitter sends me to this url.
http://mywebsite.com/?oauth_token=o7gIh4x8xAs1mcms6OKthLoLecL99WVbky2Gu6o4no&oauth_verifier=83Ip3jrMVDvnbIY3RXS5DH1FUZrWAHddwApnOBfm4
The first time this page loads, it properly retrieves all the authenticated user info. But when I refresh the page, the all the user info disappears.
My question is:
Are the query string parameters oauth_token=o7gIh4x8xAs1mcms6OKthLoLecL99WVbky2Gu6o4no&oauth_verifier=83Ip3jrMVDvnbIY3RXS5DH1FUZrWAHddwApnOBfm4 all that's needed to gain write access to a user's twitter account? Can I store these tokens in my database so that the user never has to be prompted to sign into twitter again?
You had better keep oauth_token (and oauth_token_secret too) in your database since you will use them for all the authenticated requests you will do for the authenticated user. As for oauth_verifier, it is a parameter only used during the OAuth Authentication flow. So you can get rid of it once you have got the final tokens.
For further details (and to ensure what you are doing is right), see the corresponding "Sign in with Twitter" page on Twitter Developers website : https://dev.twitter.com/docs/auth/implementing-sign-twitter.
I'm developing a social network. Users may register and share their twitter username (if they want). Wherever the user posts a comment or other content, his username is displayed. I would like to display the follow #userTwitter button, if the user has set the twitter account.
Now, everything works, the problem is to validate that the user is the owner of that twitter account. Right now the user could be entering any valid twitter account! Maybe using the Twitter api?
You can set your app up as a Twitter client, this way your user has to log into twitter to authorize your app, thereby verifying their twitter identity.
This is a couple years old but might be enough to get you started:
http://www.1stwebdesigner.com/tutorials/twitter-app-oauth-php/