I'm trying to integrate "sign in" with Google and Microsoft account on my website. I have submitted all requirements for Google and the description of what i will use the sensitive data for. its been 6 weeks now and haven't received any feedback from Google or Microsoft. Can someone please tell me if i'm doing the right thing or an easier way or any way to go about this. The terms of services, cookie and privacy policies are done and can be accessed on my website.
Related
I've been having some problems trying to understand the Oauth requirements for Server-side applications which don't require User interaction when querying google API's.
Apologies if this seems obvious to most, but the issue I have is that all the examples and Oauth flows are based on prompting a user to either authorize which features the application has access to or authenticate the user with a google account before being granted a token and refresh token.
Does anyone have experience querying the Sheets API from a server side app without user interaction that could give me some pointers on how to create the Auth token?
I'll be using Javascript, AJAX and JSON to call the REST API.
Many thanks,
Billy
Thanks pinoyyid, having searched this site for and hour and playing around with Oauth playground for better part of an hour, it's frustrating to know the answer was right under my nose in the settings!
Thanks again, really appreciate you pointing me to How do I authorise an app (web or installed) without user intervention? (canonical ?).
For those reading this in the future the link in the comment above will solve your problem, to summarise, you can use your own app settings by going to the google Oauth playground and on the top right select the settings (picture of a cog/gear) and ticking the box to use your app details, enter the client ID and client secret, job done.
Cheers,
Billy
I have a site that I have tagged using Google Analytics. I can see that the stats are being created and I can analyse them using Google Analytics web tool.
I want to extract my tagging data using the Google Analytics API but all the instructions seem to point me towards the developers console to create my OAuth2 token. My site does not appear in the list of apps that is presented, so I can't do the next step of generating my OAuth2 token.
I feel like I must be missing something obvious, but I am hitting brick wall at the moment. How do I get the site to appear so I can see it in the developers console?
The Google Developer console is for registering your application, this way google knows who is using there APIs. Your Google analytics account wont show up here because well that's not how it works.
Create a new project you will get a client_id and client secrete that are used to identify your application. Then you use a programming language to access the API using the client id and client secret.
I am not a java programmer so i cant help you with that. You mentioned that you want to access your own data. I recommend you look in to using a service account. A service account can be used to grant authentication without having to prompt a user for access. This only works when it is your own account you are accessing and the data doesn't belong to another user. Take the service account email address and add it as a user in google analytics at the ACCOUNT level it must be the Account level. then when you use the service account in your code you will have access.
https://developers.google.com/analytics/devguides/reporting/core/v3/quickstart/service-java
We currently have a corporate portal in which users authenticate and get different page views based on their access level. We have been tasked with allowing them to click a Google Mail icon to sign them into their domain Google Mail Account. To do something like this, should we be looking in to oAuth or Open ID? Presently, they're already using their email and password to sign in.
From what we understand, Open ID requires their email and password to go to us, which we have; but will Open ID do what we're looking for?
Thank you.
Since your users have a Google Apps for Business email address already, I would suggest using the Google+ Federated Login feature-set. (You can learn more here: https://developers.google.com/accounts/docs/OpenID)
A quick snippet from the aforementioned link:
If you are planning to provide a “sign-in with Google” feature, we recommend using Google+ Sign-in, which provides the OAuth 2.0 authentication mechanism along with additional access to Google desktop and mobile features...[the] OpenID+OAuth Hybrid protocol lets web developers combine an OpenID request with an OAuth authentication request. This extension is useful for web developers who use both OpenID and OAuth, particularly in that it simplifies the process for users by requesting their approval once instead of twice.
You can find more on the Google+ Federated Login toolset and explore a sample application here: https://developers.google.com/+/
Hope this helps!
I come in order to have some information about Google API and particularly the authentication "Service account"
I have the same problem that this guy is having, and although that concerns another API, he explains the problem very well.
For a few days now I have already read some articles:
Google dev
DrEdit for .Net
C# sample
I have already registered for a Google API account and I am using the Client Key and Secret that was provided to me. I then downloaded the following libraries:
google-api-dotnet-client-1.2.4737-beta.source.zip
youtube-api-samples
google-youtube-v3-rev35-csharp-1.2.0-beta
Nothing has helped me so far...
I would like to know if Picasa web and the Youtube API v2 or v3 can use oAuth2.0 Service account as I am not able to find anything about that. I am currently using Picasa Web oAuthv1.0 and I found it really easy to use but I would like to migrate to Google Youtube API v3/Picasa web API.
The basic workflow idea:
Private Pictures and videos are created specifically for a web site.
Users will log into the site (it isn't a Google users) and see pictures and videos -> All users that successfully log into the site have access to all youtube videos and picasa pictures and this medias are private in Google
The only example I've found anywhere that shows how to use authentication was in a ASP.NET MVC project that unfortunately requires user interaction and i don't want that.
Can someone please me on this? Does anyone has a piece of code written in Javascript or C# for connecting to the API with Service account or is it better for now to authenticate with oAuthv1.0? Any help will be highly appreciated!!
Take a look in Which Google APIs can be accessed with service account authorization? it contains a list of all APIs which support service account.
As far as I know, Picasa and Youtube don't support service account.
Based on the article posted by peleyal, it is my intepretation that YouTube should support the service account. In the answer on the related article, it states "All Google APIs that supports OAuth 2.0 should work with Service Accounts".
Assuming YouTube is a Google API, it also should work.
I'm not 100% confident in that answer unfortunately, because I have seen documentation elsewhere that says Service Accounts: "Several Google APIs act on behalf of an application and do not access user information." https://developers.google.com/accounts/docs/OAuth2#serviceaccount
Does accessing the YouTube APIs constitute "user information"? The answer to that question is the reason I'm not 100% confident without trying it. An expensive time proposition.
I want to use google/yahoo ids to be used to login to my website.
As its done in stackoverflow.
Can any one provide me a starting point.
That authentication method is called OpenID. You can get details at the open id website.
If your webiste uses PHP on the server, here's a resource to get you started with OpenID and PHP
UPDATE
Since I've posted this, the world of open federated authentication has evolved quite a bit. If you're interested in this you may wish to look up OAuth v2 online, or check out these links: www.oauth.net and the Google resources on OAuth2 available here.
OAuth builds upon the concepts of OpenID and it expands the functionality quite a bit, in particular in the areas of not just providing authentication but also providing authorization for applications using a centralized provider of the user's choice (i.e. Google, Facebook, Twitter or your own :) )
I have been using JanRain for the same thing. It is free and integrates with loads of different login providers, such as, Facebook, Twitter, Google, OpenId (generally), yahoo, msn, and many more.
There is code that lets you integrate it with almost any programming language/platform you want.
try this sample in CodeProject.
http://www.codeproject.com/KB/web-security/OpenIdFormsAuth.aspx
It worked fine with me.