Is it possible to get authorized for Google's custom search API with OAuth2 instead of using their ClientLogin, which would mean I'd need to build a whole UI to deal with user's login/password/captcha, plus I'm not a fan of inputting secure information like that on my own system. I'd rather rely on OAuth2 and login directly to Google
I've looked around but haven't been able to find anything for the scope part of the url eg scope="https://www.google.com/m8/feeds" for authenticating with their Contacts API.
Note: I'm using Ruby to develop this.
Related
I want to validate a google Authentication Code in my Net Core API with a Google's API or Microsoft.AspNetCore.Authentication.Google. I've seen people usually make a http call to validate the one-time Code following this guide but I think to make the application more robust the validation should be executed with the a proper Google API however I can't find an example code doing it except processing all OAuth flow that's not my case because I already have one-time Code (Authentication Code) gotten by my android application. Is it possible for these Google APIs to validate just the one-time Code? If I can which API should I use and how do I do it?
Btw my android application will be using the back end service a lot so I'm thinking on creating another token for the user not to be prompted with google login every time he uses the service but shouldn't be easier to use the same google's Access Token? I think that they advice to use one-time Code to avoid been caught with man in the middle attack in the future, but if I'm already giving another token for the user access my service shouldn't I use the google's instead already?
I'm trying to write a CLI script (ruby) to manage my youtube videos. Technically I'm updating a script that I used in 2012 to do this. It appears that since 2012, youtube has discontinued the simple client authentication mechanism and moved to OAUTH2 (though I'm not totally sure).
I'm wouldn't be the first to say that OAUTH2 is hell (just google it). It's been 3 hours and I still haven't gotten my old script to even authenticate with google (using the youtube_it ruby gem).
I simply do not understand why I would need to use OAUTH to access my own account on Google? What am I missing? I thought OAUTH was so that separate users could give access to applications to temporarily access their data.
Is there another way? What am I missing. As one blogger commented OAUTH2 is enough to make one want to change careers. Even the lead dev quit the project.
The Youtube API docs is specific in stating that if you're going to use Youtube API (or other Google APIs), you must learn how to use OAuth:
If your application will use any API methods that require user
authorization, read the authentication guide to learn how to implement
OAuth 2.0 authorization.
Youtube has a Ruby Quickstart sample which includes the OAuth process.
I simply do not understand why I would need to use OAUTH to access my own account on Google?
I think OAuth answers exactly that question, "how will Google products know if you are who you claim to be?"
Read the OAuth Google guide for more info.
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and google. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
for more detail study :-
https://www.rfc-editor.org/rfc/rfc6749
I've been trying to find a way to interact with Google's API (specifically, the Compute Engine API) without having the user authorise via a consent screen each time I need to reauthorise with Google.
The requests will be made when no user is present, so not having to authorise via a consent screen is an absolute must.
I'm using Go and the Go API Client Library.
Can anybody explain a method to achieve what I need to?
You should take a look at service accounts. They utilize the public/private key pair to authorize calls to Google API.
Google Developers has one very nice document explaining how service accounts work:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
Here's how generate a service account:
https://developers.google.com/console/help/new/#serviceaccounts
You will also find the code samples in the first doc, but unfortunately not in Go.
However, there are some comments that I found here:
https://code.google.com/p/google-api-go-client/wiki/GettingStarted
Hope it helps.
I'm trying to move my web application to the Google Chrome store, and I want to charge for premium features. The problem is, to use the Chrome Web Store License API I need their Google OpenID identifier. I've read other similar questions, but none with code examples.
I found this example, but it seems to be for a different purpose.
So my question is, how do I use the Federated Login in a Sinatra / Rack environment to get that one parameter?
Thank you.
You need to authenticate users with OpenID. The link has an example that shows how to use Rack::OpenID.
With Google, instead of requesting the openid_identifier from the user you would need to hardcode https://www.google.com/accounts/o8/id as identifier (instead of params["opened_identifier"]) then run normal OpenID.
Our company has a web application that is only used internally by our employees. We also have Google Apps Premier Edition. We would like to make it so our employees can log into our private web application using the Google Apps account that they already have.
Requirements: We want to display our own login form. We don't want to pass the email/password in plain text through the internet.
Which authentication mechanism should we use to achieve this?
Note: our application is written in PHP using Zend Framework (if that matters).
I would look into some combination of OpenID and your domain users (i.e. only let those at domain.com can log in).
Google API
They also have libraries for PHP and other languages that you can leverage to make this happen.
EDIT:
Some more info
When it comes to integrate Google Apps and an internally used private system, we simply have two options.
Use Google as the authentication center. Modify the private system to authenticate at Google's server. We could use OpenID or AuthSub. Check http://code.google.com/apis/accounts/docs/OpenID.html and http://code.google.com/apis/accounts/docs/AuthSub.html for more information.
Use the private system as the authentication center. In this case, we have to implement SAML protocol in the private server and configure Google Apps's SSO settings. Check http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html for more information.
It is easier to accomplish SSO with the first method since there's already bunch of OpenID libraries out there. But, as you described in the requirements, you want to use your own login form. So I guess you have to go with the second method.
BTW, if your private system has to get or set information from Google, you may want to use OAuth for authorization. See http://code.google.com/apis/accounts/docs/OAuth.html for more information.
Use the ClientLogin API, it does exactly what you're after: allow you to verify username and password. (the link goes to provisioning API doco but that is not relevant here)
Pro's:
you get to use you own login form
Cons:
you don't get SSO with Google Apps, i.e. users already in Apps will be prompted to login again (you didn't mention that as a requirement, but it seems a reasonable thing to want)
Google won't like you (they're trying to discourage ProgrammaticLogin.
you will get occasional CAPTCHA tests you'll need to show your users.
OpenID specifically prevents you from displaying your own login page, so if that's a hard requirements, Programmatic Login is really your only choice.
Going the SSO route let's you do pretty much anything, but may be a bit of overkill to take on authentication for the whole domain to make one app authenticate in a nicer fashion? If you really want to go down this route, check out SimpleSAMLphp.