alternatives to accessing google reader with oauth? - oauth

I'm really new to this oauth stuff. I want to access a user's google reader liked items feed.
This blog says that oauth doesn't work (yet) with google reader. The working way seems to be to get the user's google credentials (email, password) directly, and login directly to google. This also gives me access to the rest of their services.
Is there a better way? I sure hope so, because ClientLogin is captchad. Not to mention I don't want the user to have to trust me with their google credentials.

Yes, there is a way ... but you still need the user's Google credentials to access the API. On the server-side, you can GET a secure token and authentication key ... these are then passed along with GET and POST requests to the Google Reader API to do whatever you want.
Here's a fairly robust C# tutorial (read the comments to make sure you're doing authentication right).
Here's an open-source PHP library that partially implements the Google Reader API without oAuth.

Authentication to Google Reader with Oauth is now available.

Related

Access Microsoft graph resources with an auth0 login

I'm having difficulties finding documentation for auth0 and microsoft graph integration. My end goal is to have a SPA that can login with a microsoft profile to auth0 (connected to azure ad). Then I want my app to get a token for microsoft graph and do some api calls.
As I've understood it so far, auth0 does not allow you to get the access token to different identity providers in a front end application, but rather that they should use a proxy to get this token. My flow therefore is:
I login with a SPA auth0 app (using a microsoft identity)
This is then used to authenticate to a backend server using a api registration in auth0
The backend has its seperate machine-to-machine app in auth0
Backend api uses this seperate app to get access token to auth0 management api
Current user is fetched (based on the logged in user from front end app login) from management api,
Here i find an access token under the azure identity (if I do the same in the front end, the access tokens are omitted)
Token does not work to call graph, I am unsure of where to send it next.
I am aware that the above is probably completely wrong, that's why I am here :)
My questions are:
1) Is it even possible to get an access token for microsoft graph starting from a login to auth0 in the way I want it to. If not, can it be done from a backend?
2) Does anyone have a link that discusses this, ideally with some code samples.
To answer your first question:
1) Is it even possible to get an access token for microsoft graph starting from a login to auth0 in the way I want it to. If not, can it be done from a backend?
I have had the chance to authenticate apps using the microsoft identity library called MSAl whose documentation is found here. It gives a pretty detailed way to authenticate directly from your SPA.
I have also used the microsoft javascript sdk as it comes inbuilt with token caching and refreshing so that I do not need to build that for myself.
In relation to this,
Does anyone have a link that discusses this, ideally with some code samples.
You can find the samples well described in the samples section of the SDK
I hope this helps.

Access Google API Contacts without login in gmail

I want to access Google Contacts API in java. So basically I am confused whether it is possible or not, I want to access user information without login into gmail with client id and client secret. please provide me some link or idea to achieve this. thank you
The answer is yes.
Authorizing requests to the Google Contacts API service
Wish these two samples helps you.
OAuth 2.0 and the Google OAuth Client Library for Java
Google Contact example

Avoid first Google OAuth 2.0 authorization

I've made an app who use OAuth from Google to access to Google Sites API. It works perfectly, but I want less user action, especially the first time when you must accept google's permissions, get authorization token, to get access and refresh token.
I want to know if it's possible to avoid all this steps (for users, and do this behind the application), in the code with HTTP requests for example or google libs, and just have to inform a google account (mail/password) to get an access/refresh token.
Have you any tips or knowledge about this ?
Thanks by advance
As i was using google analytics api i made some research and the minimum process is:
user click authenticate link on your web page, then is redirected to external google webpage when is prompted securely for login and password. and nothing else.
This oauth refresh token you can automate then - read about this in google docs - there is some info about this. i made all by changing a little simple hello world analytics app from google code.
As i remember You had to know what class in php is, and changing oauth wrapper in simple apps. It can store and process refresh tokens automatically - user needs to enter login and password as i said but it can be stored in cookies, so made once.

Does Google OAuth2.0 support an OAuth-flow for a Resource Owner Password Credential Flow?

Hello kind people of the internet.
Does Google OAuth2.0 support an OAuth-flow for a Resource Owner Password Credential Flow?
...and if so, then:
A.) can this type of OAuth flow be tested on the Google OAuth2 Playground?
B.) are there any examples of the "Resource Owner Password Credential Flow" with Google OAuth2.0 and the Google APIs?
Per an OAuth presentation recently in Oslo NDC 2013, this subject flow apparently skips the authorization end point all together and directly talks to the token end point of the OAuth2 server. The request syntax incantation would supposedly look something like this:
grant_type=password&
scope=resource&
user_name=owner&
password=password&
My understanding is the Resource Owner Password Credential Flow is for trusted applications in a back-end enterprise type of situations (where a name-password pair could be securely stored).
This particular OAuth flow would require no end-user consent interaction (no pop-up of a browser to Accept, then get a returned authorization-code, etc). In this subject flow the access & refresh token are directly returned, again: with no end-user interaction (albeit after an entry of a username-password).
Looking through the Google OAuth documentation ( link to Google OAuth2 docs ) there does not seem to be any mention of anything resembling Resource Password Credential Flow, but not sure that necessarily means it is explicitly not supported by Google.
Any help or advice would be much appreciated.
thanks in advance
Dear kind internet person,
it is true that Resource Owner Password Credential Flow is not supported on Google but google suggests you use the Installed Application Flow, which is described in: https://developers.google.com/accounts/docs/OAuth2InstalledApp.
You would need to create an Installed Application in the Google Console (https://code.google.com/apis/console), when you do that you can fetch the client_id and build a GET request with the parameters, which would look like so:
https://accounts.google.com/o/oauth2/auth\?
scope\=<scope>\&
redirect_uri\=urn:ietf:wg:oauth:2.0:oob\&
response_type\=code\&
client_id\=<client_id fetched from google console>
You would construct this URL and navigate to it on your browser, allow access for the app and google would give you what I believe is a code which you can use to get credentials. You can use those credentials to get an access token and refresh it, and this credentials is permanent. There's a good example of that on github. Note that you only need to get those credentials manually once, and then you save those credentials somewhere and keep using them to get/refresh tokens.
Hope this helps!
As far as I know, No. The OAuth 2.0 stuff is for Google accounts, for which Google does authentication.

Google OpenId and Google APIs

I was trying to achieve an openID login with google and then get an acces token to access google apis (such google plus, or drive)
The first attemp was successful but with a big problem:
Make the openId stuff, and the user is redirected to google to identify himself, then return to my app identified.
Make the oAuth stuff with google apis, redirect the user again to identify himself and cameback with a code, then exchange the code for the access token needed to call google apis.
The user needs to identify twice. That's not good.
I read and tryed the google hybrid openId and oAuth. All links there points to the deprecated oAuth1 interface, and i cant make it work, i get the user identified but not request_token to continue the oAuth stuff.
So i have a couple of questions:
Is there a way to identify the user agains google openId and at the same time get the users consent to access google apis?
Is the hybrid protocol still working with oAuth2 and new google apis?
I'm on the good way or im missing something?
I need both openId and oAuth beacouse the application needs to be in the google marketplace and is a must to login users with openId, and i need to hit some APIs that need oAuth2 access_token.
Thanks!
Why do you need to work on both OpenID and OAuth side by side, and have two login screens? If you simply use OAuth 2.0 workflow, the user needs to key in his credentials just once and you can do anything that you want to.
Once the user consents to the login/permissions screen in the OAuth workflow, your app will get an access token. If you need any client info for, say, a welcome user screen - you just need to hit the https://www.googleapis.com/oauth2/v1/userinfo endpoint with the access token and it will give you the user's public information. So, in short you can do pretty much most of the things with the OAuth flow, and with the user logging in just once.
Good luck! Feel free to follow up with more questions.
OK, finally i have a working solution, and this is the "magic" url that make the trick for me:
String url = "https://accounts.google.com/o/oauth2/auth?"
+ "client_id="+ GoogleapiAuthHelper.CLIENT_ID +"&"
+ "response_type=code&"
+ "scope=openid%20profile%20https://www.googleapis.com/auth/plus.me&"
+ "redirect_uri="+GoogleapiAuthHelper.REDIRECT_URI+ "&"
+ "state=security_token%3Dasdalskjqwo91231029";
if( userService.getCurrentUser() != null ){
url += "&login_hint=" + userService.getCurrentUser().getEmail();
}
Steps:
First of all, identify the user with openId, the users go to login screen and type his credentials.
User return idenfied to the application
Redirect the user to the URL above. The param login_hint makes that the user dosen't need to idenfity again and the response to this url is a redirection with an oAuth code, wich you can easily exchange for the desirec access token.
After reading all Google Plus API, Google Drive API, oAuth2 and openId documentation, the doc that point me to the rigth direction was https://developers.google.com/accounts/docs/OAuth2Login?hl=es
I don't know if this is the best way to achieve openId + oAuth, but it works and i cant make it work in any other way. Hope this can help someone.

Resources