How do I obtain a GDrive access token without using a library? - google-oauth

There seems to be very little information about getting started with Google's Drive REST API, besides the Quickstarts section (https://developers.google.com/drive/api/v3/about-sdk). I am trying to use their API in AutoIt, but I can't seem to find out how to generate an access token without using one of the available quickstart libraries. I am aware of the REST API docs (https://developers.google.com/drive/api/v3/reference/), but still, can't find anything about generating the access token. I have already generated a Client ID and a Client Secret though. Any help is appreciated.

Google's OAuth endpoints can be used with any library (or you could roll your own, but there are plenty of quality libraries). There is plenty of documentation of OAuth2 at Google, and there is the OAuth2 Playground where you can experiment with OAuth and the Google APIs.
If you have a library, Google's OAuth endpoints are available in the OpenIdConnect discovery doc at https://accounts.google.com/.well-known/openid-configuration

Related

Using Google Contacts API with titanium

I am new to titanium and am trying to make a directory of contacts using Google Contact API. I have read up on it yet aren't seeing too many helpful examples. I know I need authentication yet I can't seem to figure out where to start. Any help is appreciated.
You may know some of this already but here's the broad strokes overview for others and an answer to your question (Any help is appreciated).
You need to create an (Google) account and register your project/application first in order to make requests for non-public user data. The request must include an access token. The token also identifies your application to Google.
In order to authenticate a user/application: You will need to Use OAuth 2.0 to authorize requests. You must register your project in the Google API Console and enable the Contacts API service in order to use OAuth 2.0.
To implement the OAuth protocol in a Titanium app you can follow along with the sample/tutorial in this blog post:
OAuth Login for Titanium

Support for Form Post response mode?

Does Google plan to support the Form Post response mode in its OpenID Connect/OAuth 2.0 implementation?
http://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html
Other identity providers such as Azure Active Directory and IdentityServer support this, but it seems Google doesn't (based on reading the docs and some manual testing). For context, I'm building an OpenID Connect library and was hoping to leverage this capability (and prefer not to rely on acquiring tokens via HTTP GET and URL fragments).
This does appear to work when you pass ?response_mode=form_post to google... but I can't find it anywhere in their documentation. :shrug:

Using LinkedIn API without OAuth

I use a application to automate posting updates from the site. Can I use the LinkedIn API without connecting OAuth libraries?
You need OAuth libraries to perform various actions with a user-Linkedin account. There're libraries for linkedin easier than others, it depends on the programming language.

Difference between Google "OpenID Connect" and "sign-in with Google"?

I want users to my website to use Google Accounts to authenticate / sign in to my website. The primary use case being users will edit and generate content and we want to log ownership in a secure way. We are not interested in obtaining users Google data, we just want a means to authenticate users.
After googling, I came across some documentation, which seems to explain how to do this OpenID Connect (OAuth 2.0 for Login). But the documentation immediately says "Note: If you want to provide a “sign-in with Google” button for your website or app, we recommend using Google+ Sign-In, ...", which if you follow the link ultimately takes you to Google+ Sign-In.
What's the difference between these two pages of documentation? Why does the first tell you to go to the second while not saying the first is deprecated? Are both/either suitable for my use case? All it says is "we recommend" I want to know WHY, WHY do they recommend it?
UPDATE: I also found yet another link which seems to be documenting another approach https://developers.google.com/accounts/docs/OAuth2WebServer I think this is just for "Authorization" i.e. authorizing your app to make google api calls to get user data, so cannot be used for authenticating/sign-in.
BTW I'm building my website with a Scala Spray BE REST API & NG JS FE.
A comparison of the two is available here.
Google+ Sign-In with profile scope
Has Google client libraries for authenticating with OAuth 2.0, which includes support for Google+ and other Google services (like getting social information on a user). Also this can make implementing easier and requires less boiler plate code
Has the Google+ Sign-In button to simplify sign-in Has no pre-built widgets
Supports over-the-air Android installs
OAuth login is primarily just for authentication at a lower level, that is by making raw HTTP requests, no API.
OpenID Connect protocols (OAuth 2.0 login)
Google+ Sign-In supports OIDC interoperability if you configure with the openid scope and get the user profile using getOpenIdConnect.
OAuth 2.0 login supports OIDC directly. Use it for signing in users to apps that do not need social features and run on platforms not supported by Google+ Sign-In.

client side javascript authentication with github and LinkedIn - get access token

I need to get an access token from differente providers from the client side.
The idea is that I need the user to authenticate with these providers from javascript, and then retrieve an access token to be used to authenticate against another web service...
So far now, we managed to do it on twitter using twitter-anywhere, in facebook using the javascript SDK and in google using it's api-javascript-client
I was wondering if there's a similar solution for yahoo, linked and github. Or even better, a more general solution that could handle different providers...
Surely, there is one for Linkedin.
http://developer.linkedin.com/javascript
http://developer.linkedin.com/documents/javascript-api-reference-0
Not sure if this was around when the question was asked. For github, the comment by #Ivan Zuzak would suffice.
This link has a workaround with a little server support - http://blog.vjeux.com/2012/javascript/github-oauth-login-browser-side.html