What I want to do:
display videos from a client in a RN app. They keep them as private YT videos and only want to give access to paid users via a mobile app.
Apparently, after a few tests, an API key is not enough for that, as I get only the public videos.
I could get the private videos and playlists back using Oauth2 authentication, in Google OAuth2 playground.
Where I am lost is, how to programmatically get the authorization code, then the access and refresh token, on app startup, to attach them to the requests.
Every tutorial I find is about implementing it via the consent screen to authenticate a user.
I don't want to use a consent screen, I got the clients username/password already and just would like to authenticate in the background as the app starts.
Any good resources/tips out there to help me figure this out? Thank you.
Related
I am working on creating an mobile app using Expo (managed workflow). I have a backend server which this app will connect to. The backend server has its own authentication with username and password and all other endpoints are protected based on a token that you would receive by signing in to the API using a /authenticate endpoint.
Now, I would like to add a 'Sign in with Google' feature to my app. From the Expo's AuthSession documentations, it looks like somehow the app can authenticate with Google. I want to use this identity to authenticate with my backend API.
I created a /api/auth/google endpoint in my API that uses passport google-oauth, redirects user to google and get authorization code sent to /api/auth/google/callback. I then use the authorization code to access Google's people API, to get the email to validate the user and respond back with a access token for my API if the Google sign in was successful. This works fine when using in a browser.
I want to do something similar for the react-native app. When I use the Google example in Expo's AuthSession, it gives me back a access_token. I have no idea how it gets an access_token because the app does not know my client secret. But still, I don't know how to use it to login to my API and get my API's token.
I have thought about using AuthSession to directly open my API's /api/auth/google, so it would redirect correctly and my backend can then send my API's token to the app. The problem with this is, when someone clicks on the 'Sign in with Google' button in the app, apple will tell you 'App name wants to use myapi.com to sign in' or something along those lines instead of Google.com. Additionally when I add more sign in options like Sign in with Facebook and Sign in with Something else, the user's phone will always say that the app wants to use myapi.com to sign in and then in turn be redirected to Google/Facebook or something else. I am not sure if this is allowed and would count as misleading the user and get rejected form the app store. I tried logging into some of the apps on my phone and clicking on 'Sign in with Google' tells the app is trying to sign in with Google.com and 'Sign in with Facebook' tells that the app is trying to sign in with Facebook.com correctly. But then I also know that the app eventually authenticates with its own API somehow. I don't know what is the right way to do that.
Can someone help? Thanks.
As I am new to mobile development and I am using react native. I am trying to implement external login(Facebook/Google) login, I got libraries using which I am able to get the details of user profile such as firstName, lastName, email from both Facebook and Google. Here my question is, is it right and safe to get details of the user profile, and calling register api to register/login and get the JWT token to land the application to home screen? Or is there any way that we can just click on Facebook/Google button by passing just provider name we can get all details from web api itself.
I feel, fetching the user profile details from web api is safer than getting user profile using react native library/sdk and then calling register api to register/login the same.
If there any link or Github reference please share the same for better and in details understanding.
Thanks In Advance.
You seems to have it figured out yourself. Call Google or other third party to retrieve user details such as email and name. Then call your own backend to register that user to your platform.
The next time user login using social login do a similar call to your backend to check if user with the details exist in your database and send a corresponding response back.
Check this link Google Login React Native. This reference is a little old one but might give you a heads up.
Note: You will need to have corresponding permissions enabled in providers developer console. Some cases you will get an access token after login/signup using social media. You will then need to fetch user data from corresponding provider using their api or SDK.
I've built a simple app that consumes the Google Analytics API.
I have authorized access through OAuth 2, but have only been using my account to save access and refresh tokens.
If I want to let others use the app, will I need to save an access token for each user?
For web app, you just need one, and put the tracking code in every page of your app.
I'm not sure about native app.
My app was rejected by Apple because "Login via Facebook" opens the Safari app, because I am using UIWebView for Facebook login, which is working fine. I am getting the access token as well.
The problem is I also need user information like user ID, email ID, user name etc. because I need to save it on my server.
How do I get the logged-in user's info when I have the access token?
Have you read the FB iOS documentation?
https://developers.facebook.com/docs/reference/ios/current/
There is an API called FBRequest which can retrieve various information or the Graph API can be used to obtain stuff.
How to integrate FB login with an iOS app is fully documented with example projects.
i want to develop an android app using youtube API 3.
It is necessary that the user who will be using the app has to login with his/her gmail credentials to actually view a video?
Or just registering the app here https://developers.google.com/youtube/registering_an_application is fine and the user watching the video or using the app need not login to his/her gmail account.
It is necessary that the user who will be using the app has to login with his/her gmail credentials to actually view a video?
No. Authentication via OAuth is only necessary if your application requires access to "private user data". Simply viewing a video does not meet those requirements.
More details here: https://developers.google.com/youtube/v3/guides/authentication