Is it possible to locally authenticate a user who has only logged onto my website using Oauth 2 (maybe using Google or Facebook)?
Say a user has only ever logged onto my app using Oauth 2 (ex. Google) and one day decides to log on locally (via email or username and password), he wouldn't be able to log in because you can't access a users password via Oauth.
For example, by using Oauth 2, I may only have stored his Google_id and his display name in the database. He probably doesn't even know his Google_id in the first place.
Can he log in locally? I know the situation I just made would make it impossible, but is there a way to structure your database so that the user can log in either locally or with Oauth 2 and access the same account?
Also, wouldn't this be the case if he decides to log in using Oauth 2 via Facebook instead of Google?
If anyone could shed light on this for me I'd be very grateful!
I only worry because if a user log on via Oauth 2, makes a lot of progress on my website then logs in locally or via a different social media platform (via Oauth 2), they would be confused and possibly falsely believe their data has been lost.
I'm using SQL and Node.js (Express), not that it matters.
Related
I have a Google Apps Script deployed as a web app. It is configured to run as me, as it creates and amends events on my calendar and uses a Google sheet of mine as its data store.
There is a requirement that users are NOT required to have a Google (or any other specific type of) account to log on, so I have written a bespoke login function.
The problem I have is reliably identifying the user session.
User properties/cache doesn't work as the user is me for all users.
Is there a way I can identify something unique about the actual user to identify their session?
I understand that web apps run on Google's server and that I have no access to the user's browser so cookies and similar technologies are not an option.
I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.
I want to connect the Users from my website with the TeamSpeak server, that i can automatically grant rights, ban users and so on.
At the moment the User has to enter his Ts UID on my website, so that i can search him in the TS database.
But for some time now, you can login to the TeamSpeak client with a TeamSpeak account.
Is there a way that the users can login on my website with this Teamspeak account like with Google, Facebook and so on?
And am I able to find them on my TS Server when they are logged in with that account?
TeamSpeak's myTeamSpeak system was definitely not designed for any oauth type functions. However TeamSpeak has a brilliant plugin SDK, serverquery and clientquery available to interact with teamspeak.
I would recommend you "link" users' TeamSpeak UID's like https://ts-n.net/ranksystem.php does via a user's IP address. From there you can simply accept the login, or you can take it a step further and sending a message with a "activation code" via one of the ways mentioned above to interact with teamspeak for additional security.
From what I understand, you want to find online user's that are logged in to your website through a form of authentication using teamspeak. I have no idea what you mean by "them", but teamspeak's serverquery lets you search through every single client in it's database, and whatever you are looking for is there or in your logs folder.
Sorry I could not be more helpful, I will edit this/respond when/if you clarify your question.
I have searched long and far for this on Google Identity documentation but my question seems to be out of it's scope (https://developers.google.com/identity/protocols/OAuth2).
This is what I have:
I have an app that is using Google's PHP Client library to authenticate a user via oAuth2. My application stores the retrieved token & refresh token from a user. I am able to use this token and refresh token to pull in information from various Google API's (Drive, Calendar, Mail, etc). I am also storing a cookie in browser to keep the user logged in to the application when the user closes the browser. I have created a simple way for users to login to the application via a QR code that matches up their stored token and refresh token. After the first login they are able to simply use a badge to login to the application.
This is what I want but don't know how to do
When a user logs into the application with their QR badge everything work perfectly (I am still able to pull in anything via the PHP Client Library/Google API's), however when a user goes to Gmail, Drive, or other Google service, Google is asking them to login (it's because they are not technically authenticated with accounts.google.com (only my application)). Is there a way to programmatically authenticate a user to accounts.google.com via a stored token/refresh token?
I was searching for a proper way to implement authentication of users with Google accounts into an app I'm developing. One thing led to another and I found this:
https://github.com/thephpleague/oauth2-google
They have a few implementations depending on how you may wish to implement OAuth2 (via separate repositories). I believe this directly answers your question, albeit 3.4 years later. Hopefully it will help someone else who is looking for this info.
I'm using the Google Apps Provisioning API to synchronize user data with our internal database (MySQL). For every new user created through our site's backend, a corresponding user in created in the GoogApp system. Change is passwords are also synchronized accordingly.
I'm about to implement SSO, so that logins performed on our website automatically makes the user login into the google apps too.
My question is what happens IF the user happens to change his/her password using the Account > Settings in the googapps interface, instead of our own backend? Our system has no way of knowing about the change! Is there a way in Prov API or SSO with which I can turn off the password changing mechanism in googapp engine and let the user do it ONLY through our backend?
Anyone who's used / setup a similar system, please shed some light on it.
Thanks,
m^e
When you have SSO enabled in your Google Apps domain you have to provide a "change password" URL, that way when the users tries to go "Setting"->"Change Password" they will be redirected to your custom URL and make the password change in your backend.