I'm using https://github.com/devfd/react-native-google-signin to get OAuth2 into my application. From this, i'm requesting a server token for "offline" access.
In testing this, I didn't have my server fully put together to save access tokens/refresh tokens etc. The second time of trying to claim the token I (of course) got an error saying the serverAuthCode was already claimed. Now when I re-authorize google sign-in it does not return a serverAuthCode.
Is there a way to force google to give a new serverAuthCode?
Could it be that the google sign-in library i'm using just isn't requesting/returning it?
I realized that this was the library caching my user data. I simply revoked my app in the google connected apps management console and called the .signOut() method of my lib which seemed to fix it.
Related
I have completed an example of making a washing machine with a smart home in Google colab. This time I want to make a login function with non-fakeauth and non-faketoken methods. I'm having difficulty figuring out what to put in Authorization URL, Token URL and Fulfillment URL. There is documentation, but I don't know how to apply it. How to start?
Google identity
Google actions console
In google identity, I have completed receiving a refresh token by exchanging codes. However, in the actions console, instead of sending to https://accounts.google.com/o/oauth2/v2/auth?. I have to authenticate with https://myservice.example.com/auth, so I can't start. I would like to know how to create myservice.example.com/auth. After that, I think I can get a token by exchanging codes in the same way.
Currently, I am using the Token Authentication Flow to connect MS Graph OneDrive API to my application. (Link to documentation) It works, yet I have to use Postman to get a new authentication token after 30min-2h (I'm not sure about the exact timeframe). I need to be able to access the OneDrive API for a longer period of time (multiple months) without having to authenticate again and again.
In the documentation, the also speak about the Code Flow (Link to Documentation). Yet I don't receive a refresh token nor do I know how to set it up for longterm access.
I wrote an application in python that uploads files from OneDrive to another application.
Any help is appreciated!
Perhaps not a direct answer but it could help you arrive to solution via another route. In my case, I was following the process presented here, which really then lets user choose if they would like be remembered on the device. Then token gets stored and the method attempts silent authentication before requiring interactive login. So basically you get to use Graph API seamlessly.
Obviously, the authentication still needs to happen but perhaps you could reuse the token for direct requests?
I am using Dropbox API v2. User of my app wants to logout from Dropbox with all his devices. I think this is equivalent to revoke all access tokens for my app.
I know how to revoke a known access token (and my app provides a logout which does this).
I also know that the user can unlink my app from his dropbox on the dropbox website (but this is a bit cumbersome).
For convenience, I would like to add a feature allowing him to do this from my app.
Another reason is, that processing of the callback-URL may fail. Then the generated access token remains valid, even if it is never used.
As Dropbox access tokens never expire, users might feel bad if there are unknown or unused access tokens flying around.
No, the Dropbox API doesn't offer a way to programmatically unlink/revoke all access tokens for an app. We'll consider this a feature request.
I used to redirect to logout page, which invalidate the token as well as "ask for permissions" for app on the next login ... it is not aesthetic, but worked.
if (this.isAuth()) {
this.authToken = '';
window.open('https://www.dropbox.com/logout', '_blank');
}
I have searched long and far for this on Google Identity documentation but my question seems to be out of it's scope (https://developers.google.com/identity/protocols/OAuth2).
This is what I have:
I have an app that is using Google's PHP Client library to authenticate a user via oAuth2. My application stores the retrieved token & refresh token from a user. I am able to use this token and refresh token to pull in information from various Google API's (Drive, Calendar, Mail, etc). I am also storing a cookie in browser to keep the user logged in to the application when the user closes the browser. I have created a simple way for users to login to the application via a QR code that matches up their stored token and refresh token. After the first login they are able to simply use a badge to login to the application.
This is what I want but don't know how to do
When a user logs into the application with their QR badge everything work perfectly (I am still able to pull in anything via the PHP Client Library/Google API's), however when a user goes to Gmail, Drive, or other Google service, Google is asking them to login (it's because they are not technically authenticated with accounts.google.com (only my application)). Is there a way to programmatically authenticate a user to accounts.google.com via a stored token/refresh token?
I was searching for a proper way to implement authentication of users with Google accounts into an app I'm developing. One thing led to another and I found this:
https://github.com/thephpleague/oauth2-google
They have a few implementations depending on how you may wish to implement OAuth2 (via separate repositories). I believe this directly answers your question, albeit 3.4 years later. Hopefully it will help someone else who is looking for this info.
I have spent the last couple of nights bashing my head against the wall amongst a see of conflicting out of date documentation and semi-helpful blog posts that were/are appropriate to what I am trying to do.
Essentially I want to write a wee personal app do download my images from PicasaWeb/Google+ and store them on my local hard disk.
I have managed to do the following:
Figured out the GData API for the appropriate request to get private album data (works fine in my 'google-logged-in' chrome browser)
Got the correct private data back from my GData URL with the token generated by the OAuth playground.
Managed to get an OAuth2 token back from https://www.googleapis.com/oauth2/v3/token using JWT.
However - when I try my access token I generate myself I get back a forbidden response with the message 'Not authorized to view access private'.
I am pretty stumped - my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff like google+ photos. When I look in there I can see the OAuth playground has access. How do I give my app access - and do I need to in this scenario?
Thanks in advance,
Robert
"my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff".
Totally correct.
I guess I see 2-3 questions per month on SO where people have made the false assumption that a Service Account is some kind of proxy to their Google Account. It isn't. It's a completely new and independent account.
The two approaches you can take are:-
Share the items to the Service Account so it has permission to access them.
Give your app direct access to your Picassa account. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for the steps involved.