First of all, sorry if this has been asked before, I cant find anything adapted to my low level.
I´m trying to use django-rest-allauth 1.1, which is cool it provides a fast basic endpoints building, though some tare found like email validation (if email login, it is made by username up to the #, so it´s done if email is edited or different username initially provided with email, so it just doesnt work email login...)
My question is about social login... How can i get Google´s token if developing a non front-end API?
I mean where is the google´s consent screen on the API?
Should I reformat allauth code to run django-rest-allauth social login right after consent call?
How can I achieve that?
Again, sorry my low level in both, english and programming skills.
Thanks
Related
I have this example - Embed API Third Party Visualizations - working locally and on a test server, but I'm unsure of what I need to do to ONLY display our organization's Google Analytics data instead of the user's personal GA account.
I created the project and clientID within our org's Google Account, but I'm obviously not understanding something big here.
I'm completely new to both GA's API and oAuth in general, so while I'm sure this has been answered multiple times, I wasn't completely sure which direction to look in. If someone can give a helpful nudge in the right direction I'll happily be on my way.
Thanks everyone!
Embeded API uses Oauth2 to authenticate. Oauth2 requires that a user give you access to their Google Analytics data.
You want to show your person Google Analytics data to other users. Normally I would say you should use a Service account, a service account gives the application direct access to a specific account it has to be set up like you would add a user to Google Analyitcs. The problem is the Embeded API uses JavaScript, for security reasons its probably not a good idea to use a service account with JavaScript. I also think it may be against Googles terms of service to use a service account with JavaScript. That being said I have never found anyone who has gotten a service account to work with JavaScript probably for the reasons I just stated.
Drop the embedded API and switch to a server sided language of some kind and code it yourself. What you want to do cant be done with the embedded API.
I am trying to build a small toolbox of scripts such that I can automate some tasks involving Google contacts, calendar and so on. Most of the work is already done by means of the googlecl project, which looks very promising.
As far as I understand the process, googlecl needs to request an authentication ticket from Google by means of OAuth. Admittedly, I have only a sketchy notion of what is going on there, but that’s something that Wikipedia will help me solve.
Here’s the catch: My Google account uses a non-Gmail address (let it be vucar#example.invalid for the sake of this discussion). The account was created back in the old days when Google didn’t force GMail down people’s throats who have no use for it. googlecl will direct me to https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=…&hd=example.invalid to complete the OAuth handshake. Google will then tell me that ‘the domain name has not been signed up for Google Apps’. Which is correct.
If I don’t supply my user ID to googlecl, then the URL reads …&hd=default. Google will accept the OAuth request, granting whichever permissions needed to my locally running googlecl, but then googlecl will complain that the token was issued to a different user ID than for the user ID that was requested. Which of course is also correct.
I’ve read through https://support.google.com/a/answer/33419, which in turn redirects me to http://www.google.com/a in order to ‘to sign up your domain for Google Apps’. Apparently, if my Google account uses a domain different from #gmail.com, then I am a business user and need to purchase Google Apps for my domain—to get, amonst a truckload of other stuff, my domain connected to GMail, the polar opposite of what I wanted to have by having that ‘foreign’ domain in the first place.
I have to admit that I am stymied. I understand what OAuth in this case is used for, but I fail to grasp the byzantine reasoning at Google’s. I do not believe that I want Google Apps for my domain, and I especially do not want to hand over my emails or anything else to Google. I merely want to access and modify my data at Google’s, with my user ID happening not to end in #gmail.com.
Is it strictly required that I purchase Google Apps for Work for such a configuration? The contacts, calendars and so forth is already at Google’s, and used from both Google’s web site and Android clients. The only thing new to the mix is API access.
Currently using the OAuth server side one-time-code flow, discussed here:
https://developers.google.com/+/web/signin/server-side-flow
Works perfectly for google login.
I want the ability, though, to limit this login to only work for users that belong to a specific apps domain.
Is there any way to enforce this through the api?
OR am I limited to only doing this on my end after google authentication by regexing the email domain? (I would like to avoid this).
Thanks!
There is no support for doing this through Google login. We could allow a developer to set some restrictions on the client id if there are good use cases and a lot of developers would benefit with it. The primary issue I see with is the error message that we have to display to the user. It is better to display that error (and explain) on your site.
In general, as a good practice, you would always want to do the checks on your system/services regarding the authorized user (e.g. check domain)
The only way I can see to do this on the API is to use the fully server side flow (OpenID Connect).
The docs are here:
https://developers.google.com/accounts/docs/OpenIDConnect
With the parameter of interest here:
https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
It doesn't appear to be possible with the server side one time code flow
I am new to the world of web development. I know how to use PHP and so I can do that just fine, but I am a little behind on "modern practices". Last night I went ahead and used the LightOpenID library with CodeIgniter to create a login section on my website. The user clicks log in which takes them to a login page with a Google "log in" button. That button uses the URL generated by LightOpenID to direct the user to the Google "Account selection" page which asks for permissions/etc. It then redirects the user to my website where I write their details to the database for future use - like a "silent registration feature". I store their first name, last name, email and OpenID. I then create a session for the user and the user can now browse my website. Super simple.
The reason I felt like I should explain that is because I wanted to point out how "little" I want to utilize the users account. I just need them to sign in with Google for authentication. Google's OpenID>oauth2 migration page and all of their migration examples (which are a little beyond me) explain Google+ authentication for the purpose of retrieving a users friend circles and other social junk. I don't need anything this complicated, all I need is authentication.
So I was wondering what method I should be using now instead (Google says use oauth 2, but not "early oauth 2".. I have no idea what the difference is. They also say that I should only use Google+ now) and I am wondering if you guys can help me find a simple library that handles authentication for me
Have a look at HybridAuth, it works with Google, Facebook, Twitter, etc...
I'm trying to get a user's facebook profile picture based on their email address. Effectively, I want to offer my users the option between using Gravatar for their image, or Facebook. However, the only way I know of to get a user's facebook image is via:
http://graph.facebook.com/[FBOOK USERNAME]/picture?type=large
Since the usernames may vary between facebook and my site, I would like to do this via email address rather than username. How do I query for someone's facebook profile picture via email address?
I see this question has a couple of years already but the same search approach can be taken using the Graph API:
GET https://graph.facebook.com/search?q={EMAIL}&type=user
You can try this on the Graph API Explorer. You don't get the profile picture directly but you get the user id which you can easily use to get the public profile picture.
https://graph.facebook.com/{UID}/picture
There doesn't seem to be an official way to do what you are asking. It seems like facebook has made this closed on purpose, probably something to do with privacy. Its actually really easy to do this in a few screen-scraping steps though:
Visit http://www.facebook.com/#!/search.php?q=#{USERS_EMAIL_ADDRESS}&type=all&init=srp
If page returns "No results found for your query.", then they don't have a profile.
Otherwise, the page will contain a thumbnail of the user for that email address. (something like http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs227.ash2/48219_72120057_3223_q.jpg)
I could write a sinatra app to do this in about 5 minutes, if anyone would like me to.
But I think gravatar and facebook should just be friends.
What you're asking to do is part of why Facebook Connect exists.
Using their not-too-cleverly-named XFBML you can request the image directly:
<fb:profile-pic uid="1256100362" facebook-logo="true" size="thumb"> </fb:profile-pic>
But you have to implement logins with FB Connect first...