Is it possible to extend Google's Ouath to Geoserver's roles? For example, a user in an RO role could make a WMS request to GeoServer using Google Oauth credentials?
Late answer, sorry.
We have developed an OAUTH2 extension that should work with Google (and GitHub). It is available on GS 2.9.2 and 2.10.
Docs here
Related
There seems to be very little information about getting started with Google's Drive REST API, besides the Quickstarts section (https://developers.google.com/drive/api/v3/about-sdk). I am trying to use their API in AutoIt, but I can't seem to find out how to generate an access token without using one of the available quickstart libraries. I am aware of the REST API docs (https://developers.google.com/drive/api/v3/reference/), but still, can't find anything about generating the access token. I have already generated a Client ID and a Client Secret though. Any help is appreciated.
Google's OAuth endpoints can be used with any library (or you could roll your own, but there are plenty of quality libraries). There is plenty of documentation of OAuth2 at Google, and there is the OAuth2 Playground where you can experiment with OAuth and the Google APIs.
If you have a library, Google's OAuth endpoints are available in the OpenIdConnect discovery doc at https://accounts.google.com/.well-known/openid-configuration
I want users to my website to use Google Accounts to authenticate / sign in to my website. The primary use case being users will edit and generate content and we want to log ownership in a secure way. We are not interested in obtaining users Google data, we just want a means to authenticate users.
After googling, I came across some documentation, which seems to explain how to do this OpenID Connect (OAuth 2.0 for Login). But the documentation immediately says "Note: If you want to provide a “sign-in with Google” button for your website or app, we recommend using Google+ Sign-In, ...", which if you follow the link ultimately takes you to Google+ Sign-In.
What's the difference between these two pages of documentation? Why does the first tell you to go to the second while not saying the first is deprecated? Are both/either suitable for my use case? All it says is "we recommend" I want to know WHY, WHY do they recommend it?
UPDATE: I also found yet another link which seems to be documenting another approach https://developers.google.com/accounts/docs/OAuth2WebServer I think this is just for "Authorization" i.e. authorizing your app to make google api calls to get user data, so cannot be used for authenticating/sign-in.
BTW I'm building my website with a Scala Spray BE REST API & NG JS FE.
A comparison of the two is available here.
Google+ Sign-In with profile scope
Has Google client libraries for authenticating with OAuth 2.0, which includes support for Google+ and other Google services (like getting social information on a user). Also this can make implementing easier and requires less boiler plate code
Has the Google+ Sign-In button to simplify sign-in Has no pre-built widgets
Supports over-the-air Android installs
OAuth login is primarily just for authentication at a lower level, that is by making raw HTTP requests, no API.
OpenID Connect protocols (OAuth 2.0 login)
Google+ Sign-In supports OIDC interoperability if you configure with the openid scope and get the user profile using getOpenIdConnect.
OAuth 2.0 login supports OIDC directly. Use it for signing in users to apps that do not need social features and run on platforms not supported by Google+ Sign-In.
I'm trying to figure out what I need to do in order to achieve seamless SSO sign up.
When an administrator of a domain installs my google app, all of the users on his/her domain, should be able to sign-in through SSO without seeing any confirmation prompts. I'm looking into documentation on how to set this up:
Instead of displaying a confirmation page, your application should
match the value of the openid.realm parameter in the OpenID request
against the value declared in the application's manifest.
Is there an example of this? Also, I think Google stopped using XML manifest files once they switched from OpendID to OAuth 2.0. If so, how does this whitelist process work with OAuth 2.0?
Should I be utilizing Google Admin SDK?
Since google is moving away from OpenId, white listing instructions are obsolete. Found a blog post about Domain-wide delegation with Oauth 2.0. Google recommends the following:
the recommended authorization mechanism is now to use OAuth 2.0 and
service accounts. Google Apps domain administrators can delegate domain-wide authority to the service account’s credentials for a set of APIs. This results in allowing the application, by using the service account’s credentials, to act on behalf of the Google Apps domain’s users.
instructions on how to set up domain wide delegation - https://developers.google.com/drive/web/delegation
you can find detailed step to achieve seamless SSO sign up at the following url
http://david-codes.blogspot.com/2014/07/how-to-provide-seamless-single-sign-on.html
I'm a little bit lost... Too many google documentation, I can't find my way.
We have an app on the google apps marketplace. This app use google's APIs to retrieve drive content, calendar information, ... for all users of our client domain.
Currently we are using 2-legged OAuth 1.0A.
According to the google documentation, OAuth 1.0 is deprecated.
But I cannot find any documentation for using 2-legged OAuth 2.0.
Did I miss something ?
How are we supposed to replace the existing ? 2-legged OAuth 2.0, or anything else ?
Do we have to do any modification on our google marketplace vendor profile ?
Thanks,
Jonathan
The 2-legged form of OAuth2 is described in "OAuth2 for server-to-server applications": https://developers.google.com/accounts/docs/OAuth2ServiceAccount ; that document explains how the 2-legged OAuth2 flows work, but not how an administrator grants the application the privileges it needs to access the data: This is done via the Admin console settings, where the administrator authorizes the app to impersonate users in the domain. The details are described in https://developers.google.com/drive/web/delegation#delegate_domain-wide_authority_to_your_service_account
I think that the correct process is described here :
https://developers.google.com/apps-marketplace/v1migratev2
I want my Nancy site to accept Google/Facebook/OpenID authentication.
Are there any existing solutions for this?
There are work in progress by myself and members of our community. I am working on implementing the OAuth 2.x specification and then we're ironing out the implementations for Facebook/Twitter (not sure if anyone looked at Google) authentication.