Does any one know how to retrive D.O.B through Google OAuth api? I am able to get other information like name, email, gender by setting the scope as https://www.googleapis.com/auth/userinfo.profile. But I am not able to get D.O.B with this scope.
I definitely get it for my account:
{
"id": "108635752367054807758",
"name": "Nicolas Garnier",
"given_name": "Nicolas",
"family_name": "Garnier",
"link": "https://plus.google.com/108635752367054807758",
"picture": "https://lh4.googleusercontent.com/-K1xGP8W20xk/AAAAAAAAAAI/AAAAAAAABhY/Cs_4qr30MxI/photo.jpg",
"gender": "male",
"birthday": "0000-08-25",
"locale": "en"
}
all I did is authorize for the https://www.googleapis.com/auth/userinfo.profile scope and then sent a GET request to https://www.googleapis.com/oauth2/v2/userinfo
First make sure that the Google+ account that you are testing with has set a Birthday (of course), then try the request on the OAuth 2.0 Playground for instance: https://code.google.com/oauthplayground/#step1&apisSelect=https%3A//www.googleapis.com/auth/userinfo.profile&url=https%3A//www.googleapis.com/oauth2/v2/userinfo
It seems you have to send 2 requests:
https://www.googleapis.com/plus/v1/people/me (oauth v1)
https://www.googleapis.com/oauth2/v2/userinfo (oauth v2)
to get both google plus profile data and google account data (there are date of birthday and also locale if you need it)
I use scribes and it works ok. Set two scopes ("https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/plus.me") and send two requests for both REST links
Related
I am using a vanilla configuration of the firebase Auth SDK. It is currently asking for all of these scopes.
I do not need profile picture or name, and would love to remove them. Is it possible?
Simple answer is No name, and picture permissions are granted to your application when you request the profile scope as part of signin.
explanation
Assuming you are following the example found here. If you check the lines called addScopes.
provider.addScope('profile');
provider.addScope('email');
This is where you define what permissions your applicating needs. The email and profile scopes are part of Google sign in (Open Id Connect) The profile scope give you access to some basic profile information about the user. Part of basic profile information is their picture.
These two claims are actually returned by the user info endpoint. This is the response from the userinfo endpoint when I authorized only with the profile scope.
{
"family_name": "Lawton",
"name": "Linda Lawton",
"picture": "https://lh3.googleusercontent.com/a-/AOh14GhroCYJp2P9xeYeYk1npchBPK-zbtTxzNQo0WAHI20=s96-c",
"locale": "en",
"given_name": "Linda",
"id": "1172004755376"
}
This is all default, so its not something you can change.
full example
// Using a redirect.
firebase.auth().getRedirectResult().then(function(result) {
if (result.credential) {
// This gives you the OAuth Access Token for that provider.
var token = result.credential.accessToken;
}
var user = result.user;
});
// Start a sign in process for an unauthenticated user.
var provider = new firebase.auth.OAuthProvider('google.com');
provider.addScope('profile');
provider.addScope('email');
firebase.auth().signInWithRedirect(provider);
so I'm making the integration with google sign in from a web-site, so basically the flow here is:
google sign in -> get the token id and send to an auth rest api -> rest api get the user Name, profile picture and email then signup the user.
My problem is that I'm not beeing able to discover how to get the user name and profile picture. Even with the userinfo.email & userinfo.profile scopes, the token id only stores in the payload the UserId and the email. Here is what my token id payload is looking now:
{
"iss": "accounts.google.com",
"azp": "######",
"aud": "######",
"sub": "######",
"email": "gsalomaoc#gmail.com",
"email_verified": true,
"iat": 1639009337,
"exp": 1639012937,
"jti": "######"
}
I was expecting the profile picture and the first&last name to bee sent at the payload. Can any one give me a hand to figure out how to get this fields?
Appreciate any help.
You can use this:
www.googleapis.com/oauth2/v1/userinfo
instead of:
oauth2.googleapis.com/tokeninfo
Try it out: https://developers.google.com/oauthplayground/
Source: How to get user profile picture from Google Chat Bot using Google App Script?
I have a Rails API with minimal authentication - just a simple bearer token hooked up to Auth0.
I have one endpoint which looks like this:-
mysite.com/api/users/1/calendar.ics
The URL is unauthenticated, to allow people to subscribe to their calendars.
I'm basically trying to hide the id, and change it to a SecureRandom hex or something, so that other users can't just change the id and see other individuals' calendars.
How would I achieve this?
My front end would need some way of knowing what the encrypted string was - and since we only have bearer token auth, I'm not sure if it's secure enough to just pass the calendar URL into authenticated requests to users/1, for example:-
{
"id": 1,
"name": "John Smith",
"email": "email#email.com",
"intro": "string",
"calendar_url": "mysite.com/api/users/jUhGtDhajaluyt34/calendar.ics"
"created_at": "2021-05-13T16:15:09.748Z",
"updated_at": "2021-05-13T16:15:09.748Z"
}
Is delivery of the URL like this even a valid concern?
So, i've got this response from google upon authentication:
{
"user": {
"id": "116807551237969746774",
"email": "123456#gmail.com",
"verified_email": true,
"name": "John Doe",
"given_name": "John",
"family_name": "Doe",
"picture": "https:\/\/lh3.googleusercontent.com\/-XdUIqdMkCWA\/AAAAAAAAAAI\/AAAAAAAAAAA\/4252ldubv5M\/photo.jpg",
"locale": "en"
},
"credentials": {
"access_token": "ya29.GlsSBIA_hMKZIDE_wqJAJS0vrHD_Wd2HfwRTTvLISv0i1uFICCqz4JdEZcL09mFFlGdt71D9pW80SLShHgyeSOZgnWcL5piL5m0jYo1TMU6o0fDLnqGAWm6BY-Wl",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "1\/az_TmhPRaYG5NDH6L9gBeNo6STOD9EbTt1VkkBmp3IQ",
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjBlNmExN2I2YjU4MGIzNTFmMGQ5YmEzMzY2YTU0Y2U1NmViOWIxN2UifQ.eyJhenAiOiIxMDAzMjk3NzQ4MDc1LWsxdml0OGMxMHJ1ZnM4cjZpYmZyYmxlZmJhamFoZmllLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiMTAwMzI5Nzc0ODA3NS1rMXZpdDhjMTBydWZzOHI2aWJmcmJsZWZiYWphaGZpZS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjExNjgwNzU1MTIzNzk2OTc0Njc3NCIsImVtYWlsIjoiNzA0MzA2N0BnbWFpbC5jb20iLCJlbWFpbF84PIXpZmllZCI6dHJ1ZSwiYXRfaGFzaCI6IkdrOHFjMTdCcEVGVGZmWkpKbkh6NGciLCJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOjE0ODk4MTIxMzksImV4cCI6MTQ4OTgxNTczOSwibmFtZSI6IkFudG9uIEFsZWtzYW5kcm92IiwicGljdHVyZSI6Imh0dHBzOi8vbGg0Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tTEJuMTlWX1NEN3cvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQUEvQUFvbXZWMTRMVFIycUgtOXJ5S2dScjIxd3A1Z1FZRGNmUS9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiQW50b24iLCJmYW1pbHlfbmFtZSI6IkFsZWtzYW5kcm92IiwibG9jYWxlIjoiZW4ifQ.BHv5BP3ZsagvunfMzGLwmxkBdtoRocPa_PXdq2lrd4D9BoFGkK06eJVbNNbcPOFdAMba3V5lIIG_L499gIy3TTz_PIHBPi6DMSp6uyfkCwf2n-PspZtTbTRlUm5ZvRdAyPEEyLLkWllKkMsRk-Nwp3vhyOLnExzH7SXiEefU4kaXXCpjsHV3GvZ-yhrmNlicEY3TPLwI-tl_lydXTBXRRiPZBGWjHK75hqvQzUktC2Flimd7JnCLhF0FOS3yFKc5D11WPKMOO4YkIQDbBrKY64vyxQAd-Zb2KfvXZi6Dorq7IJF6sK2GAfI3edSaoMZBMa0-x2V7FuFIBLtTgGRnsw"
}
}
I haven't found documentation on what should i do with credentials part of this response? What should i use for user identification? What should be saved as token on client side (ios/android app) in order to revive the session? What does expires_in: 3600 means and what should i do about it? What does token_type: Bearer means and why do i need it? etc.
Thank you, #pinoyyid for clarifications!
The main thing i was looking for is this:
On server side get access_token property from credentials and verify it, using this url
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={your access_token}
Do whatever you want with the rest of the provided data.
Personally, i'll prefer to generate own token, save it on client side and use it to revive user's session (to verify his identity). Once token is lost for whatever reason, user just will go through the whole process again.
what should i do with credentials part of this response?
Rejoice, for you have done the hard part.
What should i use for user identification?
Anything you like, or nothing at all. It depends on your app's use case.
What should be saved as token on client side (ios/android app) in order to revive the session?
The Refresh Token. Note that "revive the session" is wrong terminology. In OAuth/REST, there are no sessions.
What does expires_in: 3600 means and what should i do about it?
It is saying that the Access Token will expire in 1 hour (3600 seconds). What you should do is use the Refresh Token to acquire a new Access Token by POSTing it as described https://developers.google.com/identity/protocols/OAuth2WebServer#offline
What does token_type: Bearer means?
It means the Access Token should be placed in an HTTP Authorization header whenever you try to access a Google API. Eg Authorization: "Bearer aaaaaaa" where aaaaaa is the Access Token.
and why do i need it?
To prove to Google that your app has been given permission to access a Google resource (eg. a file in Drive) by the owner of that resource.
I have made a Google login with OAuth2 and the PHP library which can be found on the documentation site.
The scope which I have used is userinfo. I'm getting all the userinfo except the picture. I accessed both the V1 and V2 links with the access token which I received. The links, if I am not mistaken are, -
https://www.googleapis.com/oauth2/v1/userinfo?access_token=<access-token>
https://www.googleapis.com/oauth2/v2/userinfo?access_token=<access-token>
For both of these, the picture info is missing. I receive the following responses-
{
"id": "<some-id>,
"email": "<correct-email-id>",
"verified_email": true,
"name": "Siddharth Saha",
"given_name": "Siddharth",
"family_name": "Saha",
"link": "<google-plus-link>",
"gender": "male",
"locale": "en"
}
Is there some other way to get the picture? Is there a link to the user picture (like in facebook authentication).
From comment: But do you really have a photo on your profile? I think that the "picture" attribute is included only if you have a photo. I follow your "link" and not photo there.