Any way to test OAuth integration to google without having to have a port forwarding rule in my router back to my development Mac?
Background:
Developing Ruby on Rails web app that will request data from Google Calendar API via OAuth
Using Rails "OAuth Plugin" for this purpose
Developing on MacBook which is running my dev environment
Google needs (as part of OAuth) to make a callback back to my local dev environment
Can't seem to think of a way to test with Google without having to set a Port forwarding rule in my site's router back to my Macbook?
This threw me for a loop too. I actually went through the work of setting it up on a public IP even though I didn't have to in the end.
But yes, your comment is correct. The callback URL is passed on to Google during the redirect then after you've been authenticated with Google, Google will redirect you back to the callback URL providing an authorization code as a parameter.
The only server to server communication that happens is exchanging the authorization code for access and refresh tokens. This typically happens on the callback page. But since it's initiated by your server and not Google, no special open ports are required.
Related
Say a SPA hosted in spa.com is loaded by user in user.com and uses oauth2 server oauth2.com for authentication through auth code flow (optional with PKCE). after user authenticated, oauth2.com would send the auth code back to the web browser and instructs it to redirect to the "redirect URI" registered with the app. now since SPA runs entirely inside the web browser, which can be anywhere, what the redirect URI should the SPA sent to oauth2.com to start with?
http://localhost : suppose to be just for local testing
its own address (user.com) : will not work since it is not registered
spa.com : SPA runs entirely in browser, not connected to spa.com
i know #1 and #3 do work but can't figure out why (#3). please advise what is wrong or missing with my understanding. thanks in advance!
The redirect URI for an SPA is usually the public URL of the app itself, so in your case this will be a value similar to one of these. On a developer PC this might be a localhost URL but I would think of it as a deployed URL and try to use proper domain names:
https://myspa.com
https://myspa.com/myapp
The technique for an SPA is then to see if you are receiving a login response as part of the main page load. See the call to handleLoginResponse in this source file of mine.
I've followed a sample created here:
https://github.com/googlesamples/oauth-apps-for-windows/blob/master/OAuthDesktopApp/README.md
to have Google OAuth work with my desktop application and it seems I got stuck with redirect URIs. I know I have to provide a RedirectURI on Google Credentials page (in Developers Console), but I cannot figure out how to provide a RedirectURI to accept any port number.
In this sample, a local HTTP server opens a connection on localhost (127.0.0.1) and it seems to work, no matter which port is used for listening (it finds some random port and then sends RedirectURI as localhost:randomport) and authentication works as expected. However, when I try to do that in my application, I get notification that RedirectURI is not defined. Is there any special syntax to be used when defining RedirectURI inside Developer Console?
As stated in the read me for the sample you are following
Create a new OAuth 2.0 client, select Other
You should have created a oauth2 client of type other, not an web application. the only difference really is that other is intended for desktop or native applications which use localhost by default as the redirect uri.
Following this quickstart guide (Python version), I was able to quickly create and deploy a Python Flask app to a project owned by my organization. However, toward the end the guide instructs "Visit your deployed container by opening the service URL in a web browser", and but this is the step I can't get to work.
Curiously, in the logs
(https://console.cloud.google.com/logs/) the 'textPayload' data element for the request is "The request was not authenticated. Either...", which seems unusual, as I'd expect an unauthenticated request to return 401, not 403. In any case, it does not list my org email address in the request, suggesting my identity for some reason isn't being supplied. Any way to fix this so I can access the URL using a user with appropriate permissions?
Note: I can access the URL by manually running "curl -H 'Authorization: Bearer <my token>'"
Cloud Run URLs aren't directly accessible if the service only allows authenticated invocations because passing the URL on your browser will not generate the credential for you. You will have to pass auth credentials on your request and the easiest way to invoke the service is to use a tool like curl which is exactly what you noted.
You have two options to authenticate your end users which are the following:
Integrate Google Sign-In.
Implement Identity Platform or Firebase Authentication.
In either of the above choices, you need a public web or mobile app that handles the sign-in flow and then makes authenticated API calls to a Cloud Run (fully managed) service.
For more information on authenticating end users, check out the official documentation.
To complement what Mr. Donnald Cucharo said, you can also use Identity Aware Proxy (IAP) to expose your application in a secure way.
Im trying to setup a groovy app where I'm trying to integrate a third party service. They have an OAUTH process where the user clicks on a button and is redirected to their site to login and "grant" my app access to their service (somewhat like facebook). BUT - They are then redirected back to the app with a user "code" in the url as a parameter, which is then used to get an OAUTH token on the user's behalf through a different endpoint. I'm having an issue getting the "code" on the redirect. can anyone help?
wwww.someurl.com?code=2l314jhlk13...2134lkj23h4==
how can groovy listen for the redirect? I don't know where to go from here and the service i am using dosn't have any documentation.
Depending on what service would you like to integrate.
In some of them you can skip redirect. Some of them provides SDK with ready to use solutions.
If nothing - you need to http server.
If you app is a plain groovy without any web frameworks, probably the simplest solution is to use JDK built in http server.
Example - http://glaforge.appspot.com/article/the-jdk-built-in-web-server-with-apache-groovy
I am trying to authenticate to an Oauth 2 service from a console app.
When opening the authorization server with the browser (Process.Start...) to authorize the app I should pass a callback url to receive the auth_code.
I tried to insert inside the app a webservice to be called back (servicestack), but it is not accessible from outside (localhost) and also if called is not receving the auth_code.
Is there a more effective and elegant way to do desktop authorization for Oauth 2.0 service?
Desktop application can use PIN based authorisation.
For example:
http://www.voiceoftech.com/swhitley/index.php/2010/02/twitter-oauth-with-net-for-the-desktop/