I want to validate a google Authentication Code in my Net Core API with a Google's API or Microsoft.AspNetCore.Authentication.Google. I've seen people usually make a http call to validate the one-time Code following this guide but I think to make the application more robust the validation should be executed with the a proper Google API however I can't find an example code doing it except processing all OAuth flow that's not my case because I already have one-time Code (Authentication Code) gotten by my android application. Is it possible for these Google APIs to validate just the one-time Code? If I can which API should I use and how do I do it?
Btw my android application will be using the back end service a lot so I'm thinking on creating another token for the user not to be prompted with google login every time he uses the service but shouldn't be easier to use the same google's Access Token? I think that they advice to use one-time Code to avoid been caught with man in the middle attack in the future, but if I'm already giving another token for the user access my service shouldn't I use the google's instead already?
Related
I tried to build a mobile app (client(mobile) <-> server) and i'm going to use google API to authenticate and identify my user and to sync to my server.
which is the best method to achieve this?
I was thinking to use below method:
Mobile app get authorization code
send the code to server
server contact google server to get access token
both server and mobile client use the access token to access data from google. <-- is this access token generated portable? means: i can use it in server as well as in mobile app?
i'm not sure if above method is the right method that i should use, if it the right method, is there any reference that i can follow (esp. in python) - i tried to read developer.google.com but it's quite humongous type of API there and i got lost...
Thanks for the kind advise
I'm trying to write a CLI script (ruby) to manage my youtube videos. Technically I'm updating a script that I used in 2012 to do this. It appears that since 2012, youtube has discontinued the simple client authentication mechanism and moved to OAUTH2 (though I'm not totally sure).
I'm wouldn't be the first to say that OAUTH2 is hell (just google it). It's been 3 hours and I still haven't gotten my old script to even authenticate with google (using the youtube_it ruby gem).
I simply do not understand why I would need to use OAUTH to access my own account on Google? What am I missing? I thought OAUTH was so that separate users could give access to applications to temporarily access their data.
Is there another way? What am I missing. As one blogger commented OAUTH2 is enough to make one want to change careers. Even the lead dev quit the project.
The Youtube API docs is specific in stating that if you're going to use Youtube API (or other Google APIs), you must learn how to use OAuth:
If your application will use any API methods that require user
authorization, read the authentication guide to learn how to implement
OAuth 2.0 authorization.
Youtube has a Ruby Quickstart sample which includes the OAuth process.
I simply do not understand why I would need to use OAUTH to access my own account on Google?
I think OAuth answers exactly that question, "how will Google products know if you are who you claim to be?"
Read the OAuth Google guide for more info.
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and google. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
for more detail study :-
https://www.rfc-editor.org/rfc/rfc6749
I'm a novice developer and use Parse.com to power the backend of my iPhone app.
I was wondering if it was possible to manage Facebook OAuth issues from Parse's cloud code (my backend) using http requests or the Facebook JS SDK.
For example: a user's long-term access token becomes invalidated due to expiration. I would like to be able to generate a new access token on the backend, given that I have access to: the old access token, my app_id, my app_secret, and the user's facebookID.
Q1: is it possible to generate a user access token using an http request? I know that I can generate an app access token, but this is not what I want (https://developers.facebook.com/docs/facebook-login/access-tokens). If it is possible, what is the correct structure for the http request (I've spent several hours trying to find an example and haven't been able to).
Q2: if #1 is not possible, is it possible to use the Facebook JS SDK in Parse Cloud code? Parse has previously stated this is not supported since the Facebook JS SDK assumes/necessitates being executed from a browser, but wouldn't it be possible to mimic a browser and still have this function correctly? If so, please provide example code.
Thanks!
Looks like this question has been answered already here: https://parse.com/questions/cloud-code-how-to-get-current-users-facebook-access-token
Parse.User.current().get('authData')['facebook']
I've been trying to find a way to interact with Google's API (specifically, the Compute Engine API) without having the user authorise via a consent screen each time I need to reauthorise with Google.
The requests will be made when no user is present, so not having to authorise via a consent screen is an absolute must.
I'm using Go and the Go API Client Library.
Can anybody explain a method to achieve what I need to?
You should take a look at service accounts. They utilize the public/private key pair to authorize calls to Google API.
Google Developers has one very nice document explaining how service accounts work:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
Here's how generate a service account:
https://developers.google.com/console/help/new/#serviceaccounts
You will also find the code samples in the first doc, but unfortunately not in Go.
However, there are some comments that I found here:
https://code.google.com/p/google-api-go-client/wiki/GettingStarted
Hope it helps.
Is it possible to get authorized for Google's custom search API with OAuth2 instead of using their ClientLogin, which would mean I'd need to build a whole UI to deal with user's login/password/captcha, plus I'm not a fan of inputting secure information like that on my own system. I'd rather rely on OAuth2 and login directly to Google
I've looked around but haven't been able to find anything for the scope part of the url eg scope="https://www.google.com/m8/feeds" for authenticating with their Contacts API.
Note: I'm using Ruby to develop this.