I'm making a website for a friend where he can view photos from his wedding. I created a Google account, and loaded the photos to that account's Picasa. I then wrote a small PHP app that gets the URLs for all the images in that one album, and makes a nice little viewer for him.
I'm authenticating using oauth2, but I don't want anyone who goes to this app to have to sign in to that Google account to authorize the app to get the photo URLs.
My question is, what would be the best way to authorize the Google account on the server without any input from the user? I could then make my own application specific password that my friend can give to people so that they can see the photos, and no one has to worry about the Google account username and password but me.
In the end, I made the album viewable to anyone with the link. Now on my PHP parses the xml from the album link, and the account information does not have to be used at all.
Related
I have a platform that allows people to sign up/log in with their Google account.
Inside the platform, there is a calendar feature where people can connect their Google Calendar and share the data between our app.
I'd like to know if there's a way to separate google calendar with the normal login stuff, so when they sign up with Google, we won't be asking for their Google Calendar permission. Once they are in the app, if they want to connect their Google Calendar, they can do so by clicking another button.
Currently, the 2 things are linked together and I'd like to separate them.
My app is https://clascity.com/
Any help is greatly appreciated!
Just because you use Google signin (openid connect) does not mean that you have permission to access the users Google calendar data.
Google calendar data is private user data, you need specific permission to access the users calendar data, you cant just let them login without asking for permission to access the data you need to access. The user needs to know what data you will be accessing and accept that specifically though the authorization form that google supplies.
Yes, in fact, what you are suggesting is considered a best practice [1]. Use incremental authorization as described here [2].
[1] https://developers.google.com/identity/protocols/oauth2/policies#unbundled-consent
[2]
https://developers.google.com/identity/sign-in/web/incremental-auth
Is there a way to automatically authenticate the google javascript api client, without user interaction?
Something like this:
User loads webpage -> webpage automatically signs in into a predefined user account -> api calls get executed
Basically i want to prevent the popup where you have to select an account and sign in to it. As the account which will be signed in is always the same.
EDIT:
pinoyyid answer looks promising and is what im looking for. But this only works if the user has signed in with an account at least once, if im not mistaken.
Now i dont want to use an account supplied by the user, but a predefined account which i am the owner of and sign this account in.
Im not entirely sure if this is even possible, as i have to provide the password/some authentication code to google and somehow do this in a secure way.
Use Case: The website will create a Youtube Broadcast via the Youtube Data/Livestream API for the specified account.
Yes you can do that. Referring to https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
there are three pieces of information that will get you where you want to be:-
The OAuth URL can include a login_hint which is the email of your intended user
The OAuth URL can also include prompt=none which will do its work silently
This all needs to run in an iframe because this is based on origins and redirects.
==EDIT==
If the requirement is for a browser client to connect to a Google Account other than that of the browser user, then this is not possible. It's kinda obvious really that to do so would require a credential in the browser which by definition is not a secure environment.
The approach I would take would be to use a service such as Lambda or Google Cloud Functions (or whatever marketing name they have this week) to create a proxy for the corresponding Google API using a credential stored server-side.
I want to develop an application that uses the Picasa Google API for uploading images to my own account. I've already created the Service Account from the API Console and have created the code to upload the image (which works correctly given a valid access_token obtained from the OAuth2 playground).
However, when trying to obtain an access_token with the Google-api php library, this one doesn't seem to be associated to my own username (obviously, no consent screen), which throws me a 404 Not found error message when trying to access data from my personal account.
From what I've read over at https://developers.google.com/api-client-library/php/auth/service-accounts I could create an apps account to setup permissions for a whole domain. Is this, however, necessary given that I only want to access information from my own account? (the same I used to register the application in the API console). Couldn't this be done beforehand using API panel?
A service account is not you and does not by default have access to any data. Think of a service account as a dummy user. If you take the service account email address and add it as a user on a folder in your google drive it will have access to that folder on google drive. If you take the service account email address and give it access to one of your calendars on Google Calendar it will have access to the calendar.
If you set the album public I suspect it will then have access to the album. I did some Googleing and I cant see how you can add another users email address to an album on picasa.
I suggest you try using Oauth2.
I am new to the world of web development. I know how to use PHP and so I can do that just fine, but I am a little behind on "modern practices". Last night I went ahead and used the LightOpenID library with CodeIgniter to create a login section on my website. The user clicks log in which takes them to a login page with a Google "log in" button. That button uses the URL generated by LightOpenID to direct the user to the Google "Account selection" page which asks for permissions/etc. It then redirects the user to my website where I write their details to the database for future use - like a "silent registration feature". I store their first name, last name, email and OpenID. I then create a session for the user and the user can now browse my website. Super simple.
The reason I felt like I should explain that is because I wanted to point out how "little" I want to utilize the users account. I just need them to sign in with Google for authentication. Google's OpenID>oauth2 migration page and all of their migration examples (which are a little beyond me) explain Google+ authentication for the purpose of retrieving a users friend circles and other social junk. I don't need anything this complicated, all I need is authentication.
So I was wondering what method I should be using now instead (Google says use oauth 2, but not "early oauth 2".. I have no idea what the difference is. They also say that I should only use Google+ now) and I am wondering if you guys can help me find a simple library that handles authentication for me
Have a look at HybridAuth, it works with Google, Facebook, Twitter, etc...
I'm trying to get a user's facebook profile picture based on their email address. Effectively, I want to offer my users the option between using Gravatar for their image, or Facebook. However, the only way I know of to get a user's facebook image is via:
http://graph.facebook.com/[FBOOK USERNAME]/picture?type=large
Since the usernames may vary between facebook and my site, I would like to do this via email address rather than username. How do I query for someone's facebook profile picture via email address?
I see this question has a couple of years already but the same search approach can be taken using the Graph API:
GET https://graph.facebook.com/search?q={EMAIL}&type=user
You can try this on the Graph API Explorer. You don't get the profile picture directly but you get the user id which you can easily use to get the public profile picture.
https://graph.facebook.com/{UID}/picture
There doesn't seem to be an official way to do what you are asking. It seems like facebook has made this closed on purpose, probably something to do with privacy. Its actually really easy to do this in a few screen-scraping steps though:
Visit http://www.facebook.com/#!/search.php?q=#{USERS_EMAIL_ADDRESS}&type=all&init=srp
If page returns "No results found for your query.", then they don't have a profile.
Otherwise, the page will contain a thumbnail of the user for that email address. (something like http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs227.ash2/48219_72120057_3223_q.jpg)
I could write a sinatra app to do this in about 5 minutes, if anyone would like me to.
But I think gravatar and facebook should just be friends.
What you're asking to do is part of why Facebook Connect exists.
Using their not-too-cleverly-named XFBML you can request the image directly:
<fb:profile-pic uid="1256100362" facebook-logo="true" size="thumb"> </fb:profile-pic>
But you have to implement logins with FB Connect first...