I'm using RoamResearch with Sign In With Google feature, how do I use it with Roam-bot?
Sign in with google is not supported in Roam-bot. You will have to go to your RoamResearch settings and switch to a standard login/password connection in order to use them in Roam-bot.
Related
I have a VB.NET web form website that I up until now have been using an SQL server with user data used to let the users login. I now want to use Google sign-in instead. I cannot find any good example that works. Anyone know any good examples?
Is it possible to use Smartsheet's API to sign into Smartsheet on the Web. I am thinking of creating a form-based auth that uses the API to login. Has anyone done something like this? or is this even possible with the tokens that can be produced by the API. I am aiming for a web based single sign on without using SAML.
I'm not totally clear on what you are asking, so I'll address each question individually in hopes that it addresses your overall question:
Is it possible to use Smartsheet's API to sign into Smartsheet on the Web?
No, you cannot create a web session using the api. For 3rd party apps, that would defeat the purpose of using OAuth2 since the whole goal with OAuth is to grant limited access to protected resources. For user-generated access tokens, it could be feasible, since those tokens have unrestricted access, but the API does not currently support that.
I am thinking of creating a form-based auth that uses the API to login. Has anyone done something like this?
I assume you mean you will create a form to collect a user's Smartsheet credentials and use those to have an SSO experience into Smartsheet? This is technically possible, but I'd strongly discourage against it. To create an SSO experience, you'd need to retain the password in a way that allows you to POST it on behalf of the user. This means you'd store it in a 2-way encrypted state (at best), which is definitely not best practice. Again, I'd highly recommend NOT doing this.
I am aiming for a web based single sign on without using SAML.
If you want an SSO experience into Smartsheet, you can either use SAML or Google (not truly SSO, but pretty close). There isn't an API-based approach currently.
Side note, if you want to go the other way, meaning you have a website and you want to use Smartsheet (or any OAuth2-based API for that matter) as the identity provider, you could use the 3rd Party OAuth2 flow. See the docs here. You could then add a "Login with Smartsheet" button to initiate that flow, much like we see everywhere on the web with "Login with Google" or "Login with Facebook".
In my rails 3 application, I am using carrierwave gem (version 0.5.6). I would like to use Google Storage for developers for storing the uploaded files. I have created an initalizer which looks like following:
CarrierWave.configure do |config|
config.fog_credentials = {
:provider => 'Google',
:google_storage_access_key_id => 'xxxx',
:google_storage_secret_access_key => 'yyyy'
}
config.fog_directory = 'directory'
end
I am getting 403 forbidden message with
...<Error><Code>InvalidSecurity</Code><Message>The provided security credentials are not valid.</Message>...
I have just enabled my Google Storage using the apis-console, and I can upload files using the online 'Google Storage Manager'. For 'google_storage_access_key_id' in the initializers file above, I am using 'Google Storage Id' for 'You' in the 'Storage Access' page. For 'google_storage_secret_access_key', I am using the 'Legacy storage access keys'.
I don't know how to proceed. Could someone kindly point me towards how to get about debugging this issue?
Thanks,
Saksham
It took me almost a complete day to find the correct keys in the Google API Console. I could not find the information at all in the new interface.
Here are the minimal steps to find your access key and secret:
open the old API console
enable interoperable access by pressing the button (it says: make it the default for interoperable access, but without pressing this button, I did not get the "interoperable access" tab)
pressing the button will show two sub-menus under Google Cloud Storage: Storage Access and Interoperable Access; click on Interoperable Access
there you will see the access key (hint: it starts with GOOG)
fill in in google_storage_access_key_id)
press the Show button behind the access key to actually show the corresponding secret
fill in in google_storage_secret_access_key
I hopes this helps! I found the names of the fog-configuration-keys confusing enough to actually switch the values, and it took me ages to actually discover the Show button actually showed the secret.
It sounds like you've enabled the legacy access keys for your account. From the Google APIs console select Google Storage and then click on legacy access.
Use the access key from that page here:
google_storage_access_key_id => 'xxxx',
From the APIs console click show to display your secret key. Use that key here:
google_storage_secret_access_key => 'yyyy'
Do not use the Google ID for legacy access.
Hope this helps,
Anthony
To generate a developer key in 2016:
Visit this page:
https://console.cloud.google.com/projectselector/storage/settings
Create or Select a project.
Select Interoperability.
If you have not set up interoperability before, click Enable interoperability access.
Click Create a new key.
The Google API console gui is not the most friendly user interface, so that's why I'm putting detailed instructions. I am writing this as of October 2013. The interface is now changed but Google API Console still enables you to use legacy access. If you are using the new Google Cloud Console, look on the bottom left hand corner and you will see the message "This is an experimental version of the API Access page. Some features may not be available." Click the words "API Access page" to get you to the legacy access. Then on the left menu select "Google Cloud Storage". Underneath that you will see two other fixed submenus, "Storage Access" and "Interoperable Access". On the "Storage Access" submenu page, enable "Interoperable Access" if you haven't done so already. Then on the "Interoperable Access" submenu page, you can get your Storage Access Keys for use in fog configuration.
Is it possible to use a combination of authentication systems in a web app?
I want to use OpenId, however I think my potential customers are actually more likely to have a Facebook ID.
Therefore I wonder if it is possible to offer both types of authentication?
Facebook has joined the OpenID foundation, so perhaps they'll be implementing OpenID soon (in which case it may be better to just use OpenID).
For nearly every language there should be a Framework! You can chain/wrap the functionality of that frameworks to statisfy your needs!
In pseudocode:
if(IsUserValidViaOpenId() || IsUserValidByOwnAuthDB()) ... user auth successful
If you use java, Acegi/Spring Security might be the best way (Security which isn't inversive - via AOP). There you can use openID and define an own second validator for yor own userdb!
You want RPX. It abstracts the whole mess of OpenID away from both you and your visitors. It also lets them authenticate with Facebook or MySpace in addition to the OpenID providers.
It provides a login interface very similar to what you see right here on Stack Overflow.
Something like this in your form processing logic:
def authenticate(form_info):
url = form_info['url']
if (is_facebook_url(url)):
return perform_facebook_authentication(form_info)
else:
return perform_open_id_authentication(form_info)
The tool I'm developing would do a thing similar to when you join Facebook and they ask your GMail username and password and with it they can grab all your contacts.
But my tool doesn't use a browser, therefore it is difficult to get the proper headers. I assume that the Google application (Orkut) checks only my Cookies and Identity(ip, machine name, user-agent) as authentication method. In this case all I need is to get the proper cookies.
I tried to call https://www.google.com/accounts/ServiceLoginAuth?service=orkut with the parameters Passwd=realPasswordHere&Email=mymail#gmail.com . But the response was a similar HTML with Set-Cookie: GALX=A9iBuq7y5xU;Path=/accounts;Secure
None of these cookies are the real thing. Have you tried it yourself? Do you know how to do it? Have you ever seen an open source project that does it?
Consider using OAuth -- the URL I just gave details how to use OAuth to authorize the OpenSocial REST interface on Orkut, and this one has detailed specs on the RPC interface to OpenSocial, if that's what you prefer (the authorization part is basically the same, anyway).
If you are just looking for the contacts check out the provided API:
http://code.google.com/apis/contacts/
other google APIs
http://code.google.com/apis/gdata/
If you need source code to view how to do this you can check out the following project.
http://sourceforge.net/projects/gccontactman/
hope that helps, and good luck!
Perhaps you could check the source code of a Google tool that does this:
http://mail.google.com/mail/help/email_uploader.html