I found this tool from google recently https://developers.google.com/oauthplayground/
and well I am currently doing an authentication practice for an api with node and passpor.js, I would like to know which of these apis is the one that I should choose to obtain a token with the user, the email and the profile photo, in the tutorial I saw that use https://www.googleapis.com/auth/userinfo.profile, so I don't know if it is depreciated or has been replaced by a new one, or if it is something that can be used in production.
And well also if you could explain a little more about what this tool is, I would appreciate it a lot.
On OAuth Playground you can "input your own scope".
Copy and paste https://www.googleapis.com/auth/userinfo.profile and click Authorize APIs.
Then exchange for an access token.
After that you can call https://www.googleapis.com/oauth2/v2/userinfo and it should return the data you are looking for.
Related
So I am updating an older desktop app (written in VB, .net 4.0) with facebook integration and followed the guide found here, and have been able to successfully get a token (by parsing the uri of the embedded webview if it contains "token="). Now my problem is if I try to login with a facebook account that has already approved the app in a prior session, the webview just gets redirected to https://www.facebook.com/connect/login_success.html without any token information.
Do I HAVE to log all of the tokens I generate manually (ie on successful token generation, I can call their profile info, use their FB ID as key and save the token)? Even if I do, since the email and password is input directly into the facebook login window, how do I check if the user already has a token?
Thanks in advance
The access token can change any time, you need to get it everytime. After getting the token, I immediately get the user information https://graph.facebook.com/me?access_token=??? and use that ID to find their database information.
I couldn't quickly find facebook information but on google's oauth information it says "The access token is also associated with a limited scope that define the kind of data the your client application has access to (for example "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen."
https://code.google.com/p/google-api-php-client/wiki/OAuth2
Ok so I finally figured it out myself. My mistake was apparently requesting the access_token directly (ie https://www.facebook.com/dialog/oauth?response_type=token...) to try and save time.
I fixed it by making a request for a 'code' instead (ie https://www.facebook.com/dialog/oauth?response_type=code), which I then use to make a second request to retrieve an access token as documented here: https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/, "Exchanging code for an access token" section a bit lower on the page.
Hope this helps someone in the future, this was very frustrating on my part.
Regards,
Prince
I have managed to get an access token from the twitter api. Now I want to use that token for my further data fetching things, so please help me here to get the details of my twitter account.
For example, lets say I wanted to get the user's data, so when I tested this in apigee console, I got my result.
But how to get the same result, using same api, by hitting on a browser using the access token
something like this
Please help
It's a little more complex than the URL you suggested, but you can use Twitter's OAuth tool to generate the OAuth signature you need to make requests to its Home Timeline API call.
You can find the OAuth tool here:
https://dev.twitter.com/docs/api/1.1/get/statuses/home_timeline#oauth-tool
it's not like that when making twitter api calls you need to send consumer key, consumer secret, your_access_token and your_access_token_secret together
Eg: oauth_consumer_key="KEY",oauth_signature_method="HMAC-SHA1",oauth_timestamp="TIMESTAMP",oauth_nonce="NONCE",oauth_version="1.0",oauth_token="YOUR_TOKEN",oauth_signature="SIGN"
Source: https://twittercommunity.com/t/getting-the-user-details-using-access-token/6325/3
Does anyone have clues about how to do this? I'm basically trying to replace the strategy for "Connect With Google" from OpenID to OAuth. The challenge is identifying an old user (user on Google open ID) when a user signs in under the new OAuth scheme.
I have a working implementation which relies on email address as the primary key, as the open ID strategy captures that. The problem is, I don't want to ask for email in the OAuth flow. The ideal value is simply Google user ID, but the Open ID strategy doesn't seem to capture that.
So I have open ID tokens like https://www.google.com/accounts/o8/id?id=AfSCwGQ4PUaidXSQddJugXKLqU5V0MrXFhJM6UHybPw and trying to understand if I could get a Google ID from that.
UPDATE: I explained here how I ended up doing this migration - http://softwareas.com/migrating-user-accounts-from-google-openid-to-google-oauth-to-google-plus
We don't have a strategy ready today that avoids the user seeing another approval page.
However, rather than attempt to do an OAuth1 based hybrid flow and have to add all that legacy code to your server, I'd suggest you simply correlate on email address and move to OAuth2 login. I'm assuming you're like the majority of sites that end up asking for email address because they usually want it for account recovery. Just make sure you get the email address from OpenId as one of the signed parameters.
Then use the userinfo.email scope and OAuth2 https://developers.google.com/accounts/docs/OAuth2Login and you should be able to migrate with less developer pain.
In addition, we're in the process of adding support for OpenIDConnect and it supports a parameter of login_hint so you'd add &login_hint=bob#gmail.com to your authorization URL and it will steer the approval to the right account. This is not documented right now but it may be useful for you to try it. The user's browser could be logged into Google with a number of accounts and you want to try to get the right one. Always check the email you get from the OAuth2 flow to make sure it matches since this is just a 'hint'.
Users will still have to re-authorize for OAuth2, but we have plans to skip this reauthorization in the future. The main point is to plan on using OAuth2 and we hope to deliver a seamless migration soon and you'll be on a supported protocol.
Google uses directed identifiers for OpenID that are unique per relying party and are explicitly designed to conceal any correlatable identifier for the user. So the short answer is, no there's no way to get a Google ID that corresponds with a given Google OpenID.
One option, however, might be to use Google's OpenID+OAuth Hybrid flow. This allows you to get an OAuth token as part of a normal OpenID flow, which could then be used to get the user's ID from the OAuth2 Login API, which you can then associate with their existing account. Once you've done that for all of your existing users, then switch to using the OAuth2 Login directly.
The trick, of course, with this approach is getting all of your users to login again so that you can send them through the new flow. That will come down to how long you're willing to wait to migrate accounts, and whether you're willing to prod existing users by emailing them and asking them to login again (similar to a forced password reset).
I'm trying to get access to the Google's todo feed with this url:
https://www.google.com/calendar/tdl?secid=<SECID>&tdl={%22action_list%22%3A[{%22action_type%22%3A%22get_all%22%2C%22action_id%22%3A%221%22%2C%22list_id%22%3A%2215052708471047222911%3A0%3A0%22%2C%22get_deleted%22%3Afalse}]%2C%22client_version%22%3A-1}
If I open this in my browser with a correct secid, it shows me right what I want.
Now, the question is: how do I get secid programmatically (specifically, in a java program)? I have access to the authToken (from CalendarService), but I have no clue how to use it to authorize my access to the URL above.
I tried to use the url http://google.com/accounts/ServiceLogin, but I didn't find any examples.
Any help, please?
From what I read secid is a session ID obtained from browser's cookies. Whereas your case uses Java which implies a server app. If that is the case, you want to drop the idea of using secid entirely.
Instead, you want to check out Google's OAuth2 documentation. If you are using Java, most likely you would be interested in the web-server OAuth flow. Pay special attention to the sequence diagrams.
The key steps include:
1) Obtain an authorization code from Google OAuth with the user's consent. For that, you redirect the user to Google with the appropriate scope. Check the list of calendar scopes for your case. Once the user consents, Google redirects back to you with an authorization code.
2) Call Google OAuth with the authorization code and your app's credentials to exchange for an access token.
3) Call Google's Calendar API using the access token.
And if you use Google's Java client as suggested by #ChaosPredictor, chances are some of the steps are already wrapped into the Java client (and your code will be much simpler).
The tool I'm developing would do a thing similar to when you join Facebook and they ask your GMail username and password and with it they can grab all your contacts.
But my tool doesn't use a browser, therefore it is difficult to get the proper headers. I assume that the Google application (Orkut) checks only my Cookies and Identity(ip, machine name, user-agent) as authentication method. In this case all I need is to get the proper cookies.
I tried to call https://www.google.com/accounts/ServiceLoginAuth?service=orkut with the parameters Passwd=realPasswordHere&Email=mymail#gmail.com . But the response was a similar HTML with Set-Cookie: GALX=A9iBuq7y5xU;Path=/accounts;Secure
None of these cookies are the real thing. Have you tried it yourself? Do you know how to do it? Have you ever seen an open source project that does it?
Consider using OAuth -- the URL I just gave details how to use OAuth to authorize the OpenSocial REST interface on Orkut, and this one has detailed specs on the RPC interface to OpenSocial, if that's what you prefer (the authorization part is basically the same, anyway).
If you are just looking for the contacts check out the provided API:
http://code.google.com/apis/contacts/
other google APIs
http://code.google.com/apis/gdata/
If you need source code to view how to do this you can check out the following project.
http://sourceforge.net/projects/gccontactman/
hope that helps, and good luck!
Perhaps you could check the source code of a Google tool that does this:
http://mail.google.com/mail/help/email_uploader.html