I want to authorize my web-application for all users landing on it with a common google account. I am using google Document List API and want other users to get authorized by the common google account whenever they want to access the document.
Thanks
OAuth only connects your application to the target authenticator (Google). You would still need your application to proxy for the end user, your application cannot create a direct connection between Google and the end-user.
That said, http://oauth.riaforge.org/index.cfm is pretty easy to use. I used it to connect to a third party application from mine and, once I figured out the basics of OAuth, it was pretty easy. I then wrote a wrapper for all the internal functions to ease integration.
So, the OAuth package at RIAForge will make it pretty easy to authenticate your application to Google, but will not create a direct line between Google and your end-user.
Related
I need to authenticate to an API using OAUTH2, however, it has to be made programmatically, no user typing stuff in a browser is permitted.
This seems like such a simple use case, but I haven't found anything online, the only thing close to it was this post, and the only answer is "yeah, you don't want to use a web browser, but what if you do?"... This doesn't help.
So, please, opening a web browser is not an option, I just want to know if Google provides any way to authenticate purely through code.
Thank you!
In order to achieve your goal, I would like to propose to use the Service account. When the Service account is used, the access token can be retrieved without using the browser.
As the points for using the Service account, please check the following points.
The Service account is not your own Google account.
For example, as one of several situations, if you want to manage a file in your Google Drive using the Service account, please share the file with the Service account. By this, the Service account can access to the file in your Google Drive.
References:
OAuth2ServiceAccount
Several cases using the Service account
Google Drive Access - Service Account or OAuth - To read/write user files
Google service account not being authorized for calendar API
Service Account for google sheets returns not found
I'm using thephpleague oauth client library and everything works fine except for Google authentication. It seems I have to enable my domain somewhere to be able to use Google apps.
https://support.google.com/a/answer/33419?hl=en
This was not helpful indeed as I don't understand what I have to do. Am I obligated to pay for having a working OAuth connection with Google? I don't have a company, I don't need the apps, cloud or any other thing then a working API.
EDIT: to be clear I already wrote my libraries for OAuth and it's all working, it's Google that needs me to do something on domain level.
You don't have to pay. First of all you need to create a project in the Google Developers Console. Then get your credentials. I don't know which API you are going to access. Have a look at this.
https://developers.google.com/identity/protocols/OAuth2?csw=1
Additional - This site was very helpful for using the Google Calendar API
http://www.daimto.com/accessing-google-calendar-with-php-oauth2/#Conclusion
Hope you find what you are looking for.
I'm trying to create a web service for my college, which uses Google Apps for education. We have our own themed login page. I was wondering if its possible to use oauth/ openID to use our Google apps account to log in. I know when I use generic oauth, I can enter the school email address and force it to take the Google apps domain, but is there a way to redirect to it directly?
You can use the hd parameter in the oauth request to specify a google apps domain to login through. I believe the apps domain needs to have the option enabled and/or be a paying domain, but I am not certain about this part
Example URL
https://accounts.google.com/o/oauth2/auth?access_type=offline&DOMAIN.COM&response_type=code&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&client_id=CLIENT_ID&type=web_server
I'm creating a simple iPhone app. The basic premise is that the app will display some data (That I provide online) on the application. The data changes over time, so the app has to draw the data from online and display it. I don't have a significant programming background so I don't want to use my own server.
Thus, I thought it would be significantly easier to just put the data into some documents on a Google account and then access them programmatically via the Google Drive API. I could then update the data in my Drive account and it would get updated in the application. The key here is that I am ONLY accessing ONE account that I own MYSELF. The users' accounts are not being accessed. Therefore the goal is to never have to log in manually. It should all happen behind the scenes, aka, it should look like a server, not a google doc.
With this in mind, it doesn't make sense to show the Google Accounts sign-in page to my users as the standard OAuth2.0 tutorial shows here:https://developers.google.com/drive/quickstart-ios#step_1_enable_the_drive_api
I should be able to access my own data by somehow hardcoding in my username, password etc. Google agrees here: https://developers.google.com/drive/service-accounts#use_regular_google_accounts_as_application-owned_accounts
The above link mentions a "refresh token" that I'm supposed to save. However, I have no idea how to build and save that token, or even for that matter, where to find it.
I've gone through both the basic tutorial and the Dr. Edit Tutorial for iOS, but they both assume that the application is accessing USER accounts not application-owned accounts.
I'm not asking for someone to write the code for me (though tidbits are nice), but if you can point me to a step-by-step guide or related sample code that would help me get started that would be awesome. I'll even come back and post the code that I use!
EDIT: Since I realized that the Google Drive API wasn't something I could use for what I am trying to do, I eventually found Parse which is an awesome tool that handles all the server backend for me and is free at the basic level.
Google APIs objective-C client library doesn't support service (application-owned) accounts, because they are supposed to be used by a server-side apps, instead of clients -- you shouldn't be distributing your private key as a part of an app.
If you would like to distribute content from a service account, maybe you should write a server leg to do the authentication and pass clients credentials in a secure way for them to talk to the API on the behalf of the service account. Or, use Web publishing to make documents universally accessible without authorization and authentication if privacy is not a concern.
Can we build applications on top of the twitter user base?
Is it just another open id or something more?
I noticed when using twitpic and some MUD type game 14mafia.com that it uses my twitter login (it tweets on your behalf).
If they are using my login/password that's pretty crazy, I mean what kind of security is that?
Anyhow, just want a developers who has expereince to tell me if we can re-use their membership like openid?
Can we build applications on top of
the twitter user base?
The Twitter API is described at http://apiwiki.twitter.com/
Is it just another open id or
something more?
Twitter is neither an OpenID consumer nor provider.
I noticed when using twitpic and some
MUD type game 14mafia.com that it uses
my twitter login (it tweets on your
behalf).
If they are using my login/password
that's pretty crazy, I mean what kind
of security is that?
Awful security. Don't give out your password to third party sites. Some just use the password anti-pattern, others will steal your credentials for purposes you don't want.
Twitter supports OAuth today. If a site wants to do things with your Twitter profile, it should use that.
Anyhow, just want a developers who has
expereince to tell me if we can re-use
their membership like openid?
No, you can't.
Twitter offers both OAuth and simple username/password authentication in its API. Originally they only had the basic authentication API so many early apps were built using it. Later, they added the OAuth support, but since it was easier to use the basic authentication, many twitter clients and apps still use it.
You can tell which one an application is using, because if they are using the simple authentication they will ask for your password. You have to trust them with it in that case. You're right that it's poor security.
I imagine they are using the Twitter API.