Guess we are all tired of login and password system and want to go passwordless.
I saw that the only solution to login without hassle is via SAML, well bad news you have to pay some SaaS apps like slack, miro, agile crm... to have access to SAML configurations.
I'm trying to build a website, like a portal where I have links to thoses website and I just click on them and I'm auto sign-in (SSO Dashboard).
I don't want to be dependent of in-browser remember password or any password keeper like bitwarden. I want to store all of my user pass in my database.
Any hints to do this ?
I already tried this solution : https://crunchify.com/automatic-html-login-using-post-method-autologin-a-website-on-double-click/ it doesn't work at all.
Related
I am in control of three twitter accounts: One is my main account, the other two are supposed to automatically post content via a bot. I created the bot logic and added it to Twitter's development tools and I can easily use it to post to my main account.
Now I need to add the access tokens for my two secondary accounts. My question is - what's the easiest way to do this.
As far as I can see, Twitter only enables one way to do this: 3-legged OAuth flow. It is not too complex, but it seems to me to require setting up a mock website with callback url, which seems like too much considering I only need to generate two api tokens. Am I missing something?
There are some alternative ways to generate access token and access token secret for OAuth 1.0A via command line tools which allow you to use the “PIN-based” OAuth flow.
One example would be Twitter’s own twurl tool for API testing, which requires you to also have Ruby installed. This will let you authenticate a user account (it still pops open a window onto twitter.com to have you do the authentication) and stores them into the ~/.twurlrc file in your home directory. There is also tw-oob-oauth-cli which is a standalone app for doing the same thing.
You're not missing something. The reason this is required is to force users have a browser they trust open and see that they are on https://twitter.com/, so they can trust that it's a safe place to put in their password.
I'm trying to setup a Google OAuth consent screen but I have two separate google workspace accounts. The two accounts are completely separate.
I have the consent screen setup, working perfectly for the one workspace "domain-a.com" as an Internal User Type to make sure only users within "domain-a.com" can login.
I'd like to also allow "domain-b.com" accounts from the other google workspace to also be able to login.
I'm wondering if this is at all possible? Or is my only option to set the User Type to external and then vet the domains in my auth flow?
I was hoping it would possible to somehow authorise "domain-b.com" on the "domain-a.com" workspace without adding all the additional domain aliases to users etc? I do see the Domain Verification option under the APIs and Services screen, but this only mentions webhooks.
Any help would be appreciated
I think setting the type to external is the only way to achieve this.
Does your app use any sensitive scopes? If so, then setting the app to external means that your app might require verification unless you mark the app as trusted in both Workspace accounts.
I want to connect the Users from my website with the TeamSpeak server, that i can automatically grant rights, ban users and so on.
At the moment the User has to enter his Ts UID on my website, so that i can search him in the TS database.
But for some time now, you can login to the TeamSpeak client with a TeamSpeak account.
Is there a way that the users can login on my website with this Teamspeak account like with Google, Facebook and so on?
And am I able to find them on my TS Server when they are logged in with that account?
TeamSpeak's myTeamSpeak system was definitely not designed for any oauth type functions. However TeamSpeak has a brilliant plugin SDK, serverquery and clientquery available to interact with teamspeak.
I would recommend you "link" users' TeamSpeak UID's like https://ts-n.net/ranksystem.php does via a user's IP address. From there you can simply accept the login, or you can take it a step further and sending a message with a "activation code" via one of the ways mentioned above to interact with teamspeak for additional security.
From what I understand, you want to find online user's that are logged in to your website through a form of authentication using teamspeak. I have no idea what you mean by "them", but teamspeak's serverquery lets you search through every single client in it's database, and whatever you are looking for is there or in your logs folder.
Sorry I could not be more helpful, I will edit this/respond when/if you clarify your question.
I'm currently designing a website (on google app engine) in which user can register from multiple sources (classic registration, google account login, facebook login, or maybe OpenID or OAuth).
I'm a bit confused with all this, i don't know what's the best behavior for this.
Should i try to associate accounts automatically when using the same email address ?
Should i dissociate accounts (meaning that if you use Google login when you registrated with classic user/password, it will fail) ?
Should i send verification emails for classical registration, or allow user to use the website and just send a "welcome" email ?
I'd like the website to be as easy as possible, but we may put some commercial features on it later. Do you have any advice on the user auth system to develop ?
I'm using the Google Apps Provisioning API to synchronize user data with our internal database (MySQL). For every new user created through our site's backend, a corresponding user in created in the GoogApp system. Change is passwords are also synchronized accordingly.
I'm about to implement SSO, so that logins performed on our website automatically makes the user login into the google apps too.
My question is what happens IF the user happens to change his/her password using the Account > Settings in the googapps interface, instead of our own backend? Our system has no way of knowing about the change! Is there a way in Prov API or SSO with which I can turn off the password changing mechanism in googapp engine and let the user do it ONLY through our backend?
Anyone who's used / setup a similar system, please shed some light on it.
Thanks,
m^e
When you have SSO enabled in your Google Apps domain you have to provide a "change password" URL, that way when the users tries to go "Setting"->"Change Password" they will be redirected to your custom URL and make the password change in your backend.