I have used gapi-script package loadAuth2 option in my react project and passed some sensitive scopes there. The consent prompt is appearing every time when same user tries to login in to the system.
I want that consent prompt will appear once for the same user, and it will remember the choice throughout the system.
Related
I'm trying to follow the instructions here which tell me to create credentials via the instructions here, which as step 6 tells me 'Click the user type for your app. If you're running a Quickstart, select Internal.'
On the page in question, 'Internal' is greyed out, and tells me I can't select it because I'm not a Google Workspace user. Going to Google Workspace, it tells me I need a domain name for 'my business'. Since I don't have a business, or any domain that would have anything to do with this project (I just want to push some personal data from the command line to a sheet), I don't seem to be able to proceed. Is the Google Sheets API just not available for such use?
If you don't have a Workspace account but you don't want to publish your app publicly (and go through the associated review by Google), you can set the app to External and test the app instead of publishing it.
In order to do that, just add yourself as Test user when setting the OAuth consent screen, and leave the Publishing status on Testing, don't change it to In production:
Testing
Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Reference:
Publishing status: Testing
Unfortunately, that means that the authorization lasts only for 7 days. Which means that I have to keep creating new projects every 7 days, which is untenable. Here is the excerpt from the "Setting up your OAuth consent screen" page on the Google support site.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Originally, I believe the OAuth consent screen would allow the user to uncheck certain scopes they didn't want the requesting app to have access to (ie. the user could decide not to give the app permission to use phone_number). Google would then send user on their way to the App with whatever access scopes the user consented to. If the app absolutely required that permission then it would be the responsibility of the app to inform the user of this.
Now (I'm not sure when this changed) it seems the user is no longer given the option to deselect a requested scope. They can only allow it or be stuck on the consent screen.
Is this appropriate behavior according to the OAuth spec? To me it shouldn't be the responsibility of the resource owner to halt consent entirely due to the user denying a certain requested scope. This seems to be a Google bug, correct?
To be clear, I am working to make my app only request the scopes it absolutely requires. But I don't think that this change should be absolutely necessary.
We have created a Cumulocity solution and created a very clean, simple interface for our users. We also offer a 'Change Password' feature to the solution users.
Changing the password in Cumulocity causes an email to be sent to the user containing a link for the user to follow and enter a new password. The issue is that the link always navigates the user to the built-in Cumulocity UI - this breaks the consistency of the user experience!
Is there a way we can create this password reset capability but have the email link direct the users to a customised UI to enter their new password?
The following should work:
The content of the password reset email can be configured on system level. Mention just the host there, not a particular app ({host}?token={token}).
Set your custom app to be the default app for the tenant. That will make sure that the user gets to your app when they click on the link.
Note: If you change the default app for a tenant, you may need to clean your browser cache to actually see the new default app.
Hi i´ve a qestion so i integrated the facebook sdk for unity and there when you login once it stores your logindatat somewhere i´dont know so you don´t have to login again each time if you want to play the game how this said
"This property might be true when SetInit is called if the API detects that the user has already previously authed the app in a previous session. This means the user doesn't have to click the login button every time they play the game."
But now i want to know how i can login into another account if i logged in once ...
Thus i have to login the stored information which facebook sdk stores to login into an account.
Cause if i want to login after first time facebook don´t ask me to which account i want to login.
So there must be some "stored" playerprefs which i can overwrite so that the sdk thinks again thats must be the first login ? : /
Or isn´t that feasible ?
You have to logout manually if you have the Facebook App installed on your device. Then you can login with another account from your app. Otherwise FB.logout() should work to logout if you don't have the FB App installed and you'll be able to login via some browser again.
Facebook app requesting the basic authorisation (public profile).
If a user isn't logged into Facebook, it will ask them to first login. All good.
If a user is logged in, it will bypass the login step and ask for authorisation. Also good.
But in this second case, I'd like to be able to have a "Change User" or "Not you?" possibility in case the user needs to be changed.
Otherwise I'll have to somehow instruct my not-to-savvy users to click on the wrong user's name to go to that Facebook account, log out and restart my authorisation procedure again.
I considered having my own a dialog at the start showing the currently logged-in user giving the ability to change it, but I can't see the logged-in user's name unless I already have authorisation, nor can I log that user out with prior authorisation either, it seems.