The page on the Sonos developer site that shows credentials used does not allow selection of the Key or Secret in the browser, which makes it impossible to Copy to the clipboard. I have to resort to View Source and get it that way, which is excessive.
Related
We are setting up an "app" in Google Cloud Console for the sole purpose of single sign on - letting users sign into a WordPress site and a Moodle site using their Google accounts.
When setting up the "Oauth Consent Screen" - there is a "Submit for Verification" button which is disabled (grayed out). The verification Status is "not published".
The question: does it need to be verified? The documentation, such as there is, hints darkly at various limitations if it is not. Yet, there appears to be no path to get it verified.
It "works" in testing for allowing log in with Google account, but the organization has a large number of users. Are we going to hit limits if we go live with it?
We haven't added any scopes. Do we need to, just to get the ability to get it verified? It "works" in testing, without having added any scopes.
Any insight is welcome on how to get this app verified - or as whether we need to have it verified (maybe it can't be verified because it doesn't need to be?).
On Vimeo (using their API), is it possible to generate private links that automatically expire? If not, what would be a good workflow to approximate this function, based on the API's limitations?
Basically, we would like to provide subscribers to our website limited time access to our videos. We would embed the player links in a private area of the site.
We wouldn't want users to have the ability to copy the link code and keep accessing the videos after their access has expired. Also, in the case of multiple users wanting access to the same video, we wouldn't want any updates to the privacy settings of a video to interfere with previous user access granted (that has not yet expired).
The Vimeo API can only toggle a video's privacy settings, the API cannot grant playback to a viewer outside of the privacy settings available.
For example, the API can be used to set a video as password-protected and set the video's password, however the API cannot be used to authenticate and bypass password protection and allow playback.
You could deal with this by providing a redirect from your own site and have the redirect expire. That would provide the functionality you’re looking for, but it’s also very easy to circumvent. It depends how strict/hard you want to make the expiry.
To make the experience for our users more convenient we implemented a feature with allowed a user to automatically get logged in when he clicks on a link he received via email.
In the past he had to click on the link and then had to enter his password. By providing a special security token in the link, we can now automatically login the user without the need for entering his password.
A few days after we went live with this feature, internal pages (which can only be accessed via password or via the special email link) appeared in the google search results. We are using Gmail as a Email provider for sending emails from our system.
The only explanation I have for this behaviour is, that google is crawling the links in the emails. Which is not very nice from them if those are "private" links.
Is there a safe way to still allow users to login without password via a special link they receive in their email, without google being able to crawl the internal pages?
Couple of questions:
I implemented the authentication process with OneDrive. My desktop application is designed for end-users. Every time the application is launched the little browser window pops up asking the user to confirm access...and if more than 1 hour passed user needs to provide username and password. Is there any way that end-user with SOME SORT of saved credentials (or user Code +user Secret, or API code + API secret) will be able to invoke the application and not be prompted by browser form (that currently requires login - if access token expired - or confirmation)?
The goal of my application is file sharing - that is, one end user may send URL (to the file that he uploaded to OneDrive) to another user and the latter should be able to download the file by clicking on the link (without any prompts, exactly like in manual process of sharing link to the file in OneDrive). Is it possible? If yes, how to achieve that? That is, how do I get that URL? Redandent to say that I am looking for a programmatic way to obtain a URL that will achieve the above described)
The OneDrive authentication process uses Microsoft account, which supports OAuth 2.0. You should be able to point the user to:
https://login.live.com/oauth20_authorize.srf?client_id=CLIENT_ID&scope=SCOPE&response_type=code&redirect_uri=REDIRECT_URI
Once the user authenticated and authorizes your app, the user will be taken to REDIRECT_URI/?code=CODE, where your app can exchange that code for an access token at:
https://login.live.com/oauth20_token.srf?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=CODE&grant_type=authorization_code&redirect_uri=REDIRECT_URI.
There are more details at http://onedrive.github.io/auth/msa_oauth.htm.
I am trying to make a webpage that can display information about documents on my google drive. For example I would like to display the titles of all my google documents on a webpage. I don't want the user to have to be logged into a google account, and I don't want to have to authorize anything (or the user to authorize anything). I just want the user to be able to see what I display - in a read only format - when they navigate to the page. The user will have no chance to edit or upload or delete anything, they can just view the info I display.
Is there a way to get files from google drive (via the API or any other way) possibly without using oauth 2.0? I've looked through the api docs and even coded up the sample apps, but all of them have a step that says, "Go to this URL, click Allow, enter the code" then you get access. These steps shouldn't be necessary. I just want to download the file and be able to manipulate it (either in memory or as a stream) then display something about it.
Also, I may misunderstand how OAuth 2.0 works so if that seems like the case, any helpful information would be much appreciated. Thank you.
You don't need to authenticate your visitors into Google, but need to authenticate yourself, so your web app can retrieve data from your personal Drive.
Get an access token and refresh token for yourself, store them and autenticate your requests. If you're using one of our client libraries, most of them refresh the access tokens once they are expired. See Using OAuth 2.0 for Web Server Applications for more details and OAuth 2.0 Playground helps you to understand how to get these tokens.