For local account, strapi validates the local jwt successfully. However, when I sign in using Google provider, /connect/google/callback redirects to the homepage with access_token, raw[access_token], raw[id_token], etc... I have tried all of these tokens, and strapi returns all of them invalid.
Also, I don't see the account that I signed in with google in Users(content-type).
Am I missing something?
I'm one of Strapi's team member. I have coded a small example that fully explains how to setup Strapi to enable Google as a provider.
Here is the documentation and the associated documentation.
What you need to do when Google redirects your user to your app is to send another request with the code contained in the URL see the example.
Related
I am using Socialite in Laravel to login with Twitter.
I know that not all twitter users have an email attached to their account, but for my application the user does need an email address. I am fine to block logins from people who do not have an email attached, but at the moment every user does have the email field set to null.
I am using this function to redirect to twitter:
return Socialite::driver($provider)->redirect();
I have already tried using scopes like this:
return Socialite::driver($provider)->scopes(['email'])->redirect();
But twitter is the only provider that does not allow scopes.
The callback returns the email address for other providers like facebook and google, but there seems to be something that I am missing while using twitter.
For OAuth1 there was a setting somewhere to enable the option to return the email field aswell, but since twitter accepts OAuth2 I can not find this setting anymore in the Twitter developers panel.
Any help would my appreciated since most of the information about this topic is outdated.
The solution was found in the twitter developers dashboard.
First of all go to the settings of your app.
Then you have to fill in a link to your privacy policy & terms page.
After that also enable OAuth 1.0 en then an option pops up to also receive the email address from the user that is trying to log in.
Twitter's new Oauth 2.0 user authentication does not currently (at the time of writing this answer) provide access to the user's email address, and will require an additional scope to be added. This is on the Twitter API roadmap and is a known feature request.
You can still use OAuth 1.0A and set the option to request the user's email address.
I work for a large company (50K+). Some orgs within the company use OKTA for auth on their servers.
I have a valid user login (via OKTA) for the servers, and can log in through a browser without any issues, but want to access this site programatically.
How can I log into these websites using my OKTA credentials?
I've found this doc: https://developer.okta.com/docs/reference/api/oidc/#authorize
that details how to use an OKTA endpoint, but it requires some info that I do not have. Namely, nonce, state, and client_id. I have no clue how to get this info.
I've found another endpoint that allows a similar login method, but only requires username and password (I forget the doc that referenced this):
https://<company>.okta.com/api/v1/authn
I am able to successfully authenticate with OKTA using this endpoint, and receive a session_token. Can I take this session_token and apply it to my arbitrary webpage somehow? I can not find any documentation that says so.
At first glance it appears that many of the API endpoints for OKTA require intimate knowledge of the hosted application (and/or are not meant to be accessed programmatically).
Is it possible to log into an arbitrary webpage that uses OKTA for authentication, with only knowledge that an end user would have (username/password/optional MFA)?
Hi not sure you found the answer yet. from your descriptions i think yours is web app, which is supposed to use authentication code flow. else, you can ask your web developers what authentication flow they use and follow the auth process accordingly.
you need to retrieve id token & access token for authentication.
I'm trining to create live stream on youtube using google API. Now it working only when I use oauth authorisation. When I use API key authorisation I get authorisation error (login required)
When I use oauth authorisation - it require to enter confirmation code each time I create new translation. Is it possible to use "liveStreams->insert" method of API with authorisation that does not require entering of confirmation code?
From what you are writing it appears to me that you haven't understood the concept of OAuth and when to use OAuth vs an API key.
Try to think about it this way: You, as a person, have a Google account. This Google account is not the same as your YouTube account (or, as it is more commonly refered to, your YouTube channel). But your Google account is associated with your YouTube channel (of which you can have multiple). Because you are logged in to your Google account and your channel and Google account are linked, the YouTube website knows who you are and gives you access to your channel.
Now you head over to the Google Cloud Console. Here you create a project, which is very similar to a YouTube account in the sense that it, too, is an independent account which in this case represents your app, but is linked to your Google account so the Cloud Console website knows to give you access to the project as long as you are logged-in to your Google account.
HOWEVER, your YouTube account is not linked to your Cloud Console project. When you make an API request with an API key, the API does not see you as in "your Google account", but rather your apps's Cloud Console Project. That's why with an API key, you can only access publicly available data (everything you could "see" when you browse YouTube while not being logged-in).
So, in order for an application to read private channel information or modify channel information, the API needs verification that whoever makes that request is actually allowed to do that. This is where OAuth comes into play.
When you say you have to provide the confirmation code for each request, I think you don't save the access token and refresh token. I highly recommend you read Using OAuth 2.0 to Access Google APIs and Obtaining authorization credentials over on Google Developers to help get you started.
I had a "sign in with Google+" function in my web-app. Upon signing in I would show user's email and name on the page and save it to database. To fetch user's profile data after sign in I used Google+ API method people.me with access_token in GET params.
Google+ API is going to shut down on March 7. I have to migrate to Google People or some other api. How do I achieve the same goal with a different google API? I need to fetch email and name by known auth token.
We use this through Laravel's Socialite, and they're replacing it with:
https://www.googleapis.com/userinfo/v2/me
You may want the profile scope as part of the OAuth flow to make the profile data accessible through this methods. Otherwise it will return incomplete data.
I am making an api that accepts social logins from a few services, namely Google.
So far, the mobile app allows the user to log in to google with the OAuth2 flow, and obtains a JWT token. The first time I was able to get the profile info from the token (first name, family name, profile pic, etc...). Now, I doesn't contain all of the fields I need.
I remember reading somewhere that google will only send all the fields from time to time...
Since I'm in testing, I tend to wipe the user database often and would like to be able to count on the google JWT to re-create the account.
I'd rather use the token than hitting the userInfo API. Especially since the JWT is technically secure.
So, is there any sure way to get all of the user profile info in the id_token from the google API?
Check the 'scopes' that you define when logging in with Google. Each scope has a type of data that it returns back to the user. Be sure that you're using scope: 'profile'" when initializing the Google login. If additional scopes are necessary, use add them to the request as shown in the link below.
https://developers.google.com/identity/sign-in/web/incremental-auth
I was using an older endpoint, changed to https://accounts.google.com/o/oauth2/v2/auth and everything is ok!