OAuth Consent Screen Dispay Issue - google-oauth

We have developed an new application which has been integrated with Google File Picker API on Client side application. We are trying to show the OAuth Consent Screen to the end user by showing the Application name " Gsuite Intergration" when the user try to login OAuth Sign In screen.
For running the application from local development server (https://localhost:4200) then OAuth pop up showing the Application name like "Continue to Gsuite Intergration" before the Sign in Header. Its expected behaviour what we are looking. Please refer the "GoogleFilePickerPopup_Localhost.png" attachment.
But when we deploying same application into the server (https://applicationname.domain.com) then OAuth pop up showing as "Continue to domain" instead of "Continue to Gsuite Intergration" before the Sign in Header. Its not expected behaviour as we need to display the Application name what we have updated Under the Oauth Consent screen. Please refer the "GoogleFilePickerPopup_server.png" attachment.

You need to request app verification so your brand configuration can be verified before the name is displayed to your users. See the OAuth App Verification FAQ about circumstances under which verification is needed: https://support.google.com/cloud/answer/9110914?hl=en#circumstances

Related

How to use best use Google/Facebook signin using expo AuthSession to authenticate with a custom backend API

I am working on creating an mobile app using Expo (managed workflow). I have a backend server which this app will connect to. The backend server has its own authentication with username and password and all other endpoints are protected based on a token that you would receive by signing in to the API using a /authenticate endpoint.
Now, I would like to add a 'Sign in with Google' feature to my app. From the Expo's AuthSession documentations, it looks like somehow the app can authenticate with Google. I want to use this identity to authenticate with my backend API.
I created a /api/auth/google endpoint in my API that uses passport google-oauth, redirects user to google and get authorization code sent to /api/auth/google/callback. I then use the authorization code to access Google's people API, to get the email to validate the user and respond back with a access token for my API if the Google sign in was successful. This works fine when using in a browser.
I want to do something similar for the react-native app. When I use the Google example in Expo's AuthSession, it gives me back a access_token. I have no idea how it gets an access_token because the app does not know my client secret. But still, I don't know how to use it to login to my API and get my API's token.
I have thought about using AuthSession to directly open my API's /api/auth/google, so it would redirect correctly and my backend can then send my API's token to the app. The problem with this is, when someone clicks on the 'Sign in with Google' button in the app, apple will tell you 'App name wants to use myapi.com to sign in' or something along those lines instead of Google.com. Additionally when I add more sign in options like Sign in with Facebook and Sign in with Something else, the user's phone will always say that the app wants to use myapi.com to sign in and then in turn be redirected to Google/Facebook or something else. I am not sure if this is allowed and would count as misleading the user and get rejected form the app store. I tried logging into some of the apps on my phone and clicking on 'Sign in with Google' tells the app is trying to sign in with Google.com and 'Sign in with Facebook' tells that the app is trying to sign in with Facebook.com correctly. But then I also know that the app eventually authenticates with its own API somehow. I don't know what is the right way to do that.
Can someone help? Thanks.

Automatically fill auth code for Google's OAuth for devices API

I have a console application that uses Google's OAuth for devices workflow to authenticate users using their Google accounts (see: https://developers.google.com/identity/protocols/OAuth2ForDevices).
During the authentication process, the user is required to visit https://www.google.com/device and copy-paste a code printed by my app.
Is it possible to include the code as part of the auth url such that the code will already be filled in, and the user only has to click on to authenticate (I'm thinking on opening a browser window programatically)?
Looking for an option like https://www.google.com/device?code=ABCD-EFGH

ServiceM8 Oauth Authentication not working

I am trying to set up an integration API between ServiceM8 and another 3rd party application. I need to create a webhook which requires Platform Services Authentication using Oauth.
I have created a developer account and a store item after which I got the APP ID and APP Secret which are required for the authenticatcation.
I initiated the authentication by redirecting the user to the url
https://www.servicem8.com/oauth/authorize?response_type=code&client_id=[App ID]&redirect_uri=[my redirect url]&scope=manage_jobs
The user was es expected directed to the login page.
However after logging in, instead of prompting the user to accept the required permissions and redirecting to the redirect_url the user is being redirected to the ServiceM8 dashboard page.
Can someone please help me.
Thanks

Google Oauth 2.0 with Non web application(Windwos/Mobile app) shows Have offline access consent screen

We are implementing Google Oauth2.0 Single Sign On with our applications. We have Web application, windows desktop app, Adroid app, iPhone app.
From our applications(windows app/mobile app) when user tries to login we use below flow:
1) We get URL(https://accounts.google.com/o/oauth2/auth?client_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&response_type=code&scope=openid%20profile%20email&redirect_uri=urn:ietf:wg:oauth:2.0:oob&login_hint=myemail#gmail.com) from our API which redirect user to Google login screen
2) After authentication:
a) On first login it display consent screen with scopes(View your email address/View your basic info/Know who you are on Google) mentioned in above URL.
b) On subsequent login it display consent screen with scope (Have offline access).
3) Then Google return us a code in page title which we use for our authentication and then we allow user to access our application.
When we are using Same flow in Web application it won't ask Offline access scope screen for subsequent logins but in Desktop app/Mobile app for all the subsequent login it ask "Have offline access" scope screen.
How can I avoid scope (Have offline access) screen for subsequent login?
Please suggest.
FYI
1) I have tried approval_prompt, access_type but no change in nature.
2) We are not storing any refresh token after first authentication.

How does Google Glass authentication work?

I am trying to create a sample test application that authenticates a user wearing Google Glass.
I have read the following page
https://developers.google.com/glass/develop/gdk/authentication
I need to know how will the authentication actually work. Now lets say I have an app "XYZ" uploaded onto MyGlass. User turns on the app via MyGlass and then automatically gets redirected to a web page say, for example,
http://www.example.com/glass/authenticate.html
In this web page, he has to sign in using a username and password. Once he clicks submit will he be redirected to another webpage on the browser or will the Glass application get activated. Where will the userToken be obtained. Will it be on Glass?
I am really confused. Please can someone help me out.
What exactly is the flow for authentication on Glass?
Assuming you're doing 3rd part authentication (i.e. your own users, not google accounts).
Once you click Submit on your login page:
Server-side: If the user is valid, call the Mirror API to insert the account, including your authToken and the userToken. The userToken will be a query parameter added to your login url by the glassware store.
Close the page using window.close(). The Glassware will then be installed on the user's device.
When the user launches your glassware, retrieve the account from the Mirror API, and then retrieve the authToken that you inserted in step 1. for that particular account.