I have completed an example of making a washing machine with a smart home in Google colab. This time I want to make a login function with non-fakeauth and non-faketoken methods. I'm having difficulty figuring out what to put in Authorization URL, Token URL and Fulfillment URL. There is documentation, but I don't know how to apply it. How to start?
Google identity
Google actions console
In google identity, I have completed receiving a refresh token by exchanging codes. However, in the actions console, instead of sending to https://accounts.google.com/o/oauth2/v2/auth?. I have to authenticate with https://myservice.example.com/auth, so I can't start. I would like to know how to create myservice.example.com/auth. After that, I think I can get a token by exchanging codes in the same way.
Related
I am working on creating an mobile app using Expo (managed workflow). I have a backend server which this app will connect to. The backend server has its own authentication with username and password and all other endpoints are protected based on a token that you would receive by signing in to the API using a /authenticate endpoint.
Now, I would like to add a 'Sign in with Google' feature to my app. From the Expo's AuthSession documentations, it looks like somehow the app can authenticate with Google. I want to use this identity to authenticate with my backend API.
I created a /api/auth/google endpoint in my API that uses passport google-oauth, redirects user to google and get authorization code sent to /api/auth/google/callback. I then use the authorization code to access Google's people API, to get the email to validate the user and respond back with a access token for my API if the Google sign in was successful. This works fine when using in a browser.
I want to do something similar for the react-native app. When I use the Google example in Expo's AuthSession, it gives me back a access_token. I have no idea how it gets an access_token because the app does not know my client secret. But still, I don't know how to use it to login to my API and get my API's token.
I have thought about using AuthSession to directly open my API's /api/auth/google, so it would redirect correctly and my backend can then send my API's token to the app. The problem with this is, when someone clicks on the 'Sign in with Google' button in the app, apple will tell you 'App name wants to use myapi.com to sign in' or something along those lines instead of Google.com. Additionally when I add more sign in options like Sign in with Facebook and Sign in with Something else, the user's phone will always say that the app wants to use myapi.com to sign in and then in turn be redirected to Google/Facebook or something else. I am not sure if this is allowed and would count as misleading the user and get rejected form the app store. I tried logging into some of the apps on my phone and clicking on 'Sign in with Google' tells the app is trying to sign in with Google.com and 'Sign in with Facebook' tells that the app is trying to sign in with Facebook.com correctly. But then I also know that the app eventually authenticates with its own API somehow. I don't know what is the right way to do that.
Can someone help? Thanks.
I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.
I have searched long and far for this on Google Identity documentation but my question seems to be out of it's scope (https://developers.google.com/identity/protocols/OAuth2).
This is what I have:
I have an app that is using Google's PHP Client library to authenticate a user via oAuth2. My application stores the retrieved token & refresh token from a user. I am able to use this token and refresh token to pull in information from various Google API's (Drive, Calendar, Mail, etc). I am also storing a cookie in browser to keep the user logged in to the application when the user closes the browser. I have created a simple way for users to login to the application via a QR code that matches up their stored token and refresh token. After the first login they are able to simply use a badge to login to the application.
This is what I want but don't know how to do
When a user logs into the application with their QR badge everything work perfectly (I am still able to pull in anything via the PHP Client Library/Google API's), however when a user goes to Gmail, Drive, or other Google service, Google is asking them to login (it's because they are not technically authenticated with accounts.google.com (only my application)). Is there a way to programmatically authenticate a user to accounts.google.com via a stored token/refresh token?
I was searching for a proper way to implement authentication of users with Google accounts into an app I'm developing. One thing led to another and I found this:
https://github.com/thephpleague/oauth2-google
They have a few implementations depending on how you may wish to implement OAuth2 (via separate repositories). I believe this directly answers your question, albeit 3.4 years later. Hopefully it will help someone else who is looking for this info.
I'm using https://github.com/devfd/react-native-google-signin to get OAuth2 into my application. From this, i'm requesting a server token for "offline" access.
In testing this, I didn't have my server fully put together to save access tokens/refresh tokens etc. The second time of trying to claim the token I (of course) got an error saying the serverAuthCode was already claimed. Now when I re-authorize google sign-in it does not return a serverAuthCode.
Is there a way to force google to give a new serverAuthCode?
Could it be that the google sign-in library i'm using just isn't requesting/returning it?
I realized that this was the library caching my user data. I simply revoked my app in the google connected apps management console and called the .signOut() method of my lib which seemed to fix it.
While implementing the Facebook Connect to a web application , its possible to show Facebook Sign up page in a pop up and once logging in and Granting permissions are complete, its possible to Authenticate Again in PHP and to get the necessary details of the user, - id, email etc.
I believe, thats secure because, the User Insertion is not based on the Ajax Request Parameters.
Is it possible to do the same with Google Plus Login also ?
Means - Logging in to Google - Using Javascript SDK, asking permissions, Authenticating all done in a Pop Up Window. and then, Creating a new user with the Help of google-api-php-client ??
Yes, what you're trying to do is outlined with https://developers.google.com/+/web/signin/server-side-flow which includes some PHP code samples to help you do this. In general, the steps at authentication time are:
User clicks the "Sign in with Google" button which may pop-up a new window at Google prompting them to log in and authorize your webapp.
After they do so, a one-time code is sent to a JavaScript callback you specify.
Your Javascript method sends this code to your PHP server.
Your PHP server uses the client library to contact Google's server and exchange this one-time code for an access token and refresh token, which you keep and use to perform actions on the user's behalf.