Is it a valid practice to associate the AccessToken retrieved from Google Client API (Service Account)
and use it in GData API ?
The reason is that Google Client API uses OAuth 2.0 and GData API uses the older version of OAuth 1.0.
So will it work ?
The GData API can also use OAuth2. See the revelant doc for two very common GData APIs :
Contacts
Spreadsheet
Related
I am building a speech to text application for browser. Right now I am recording and sending the voice from frontend to backend, from backend calling the google api for converstion. Now the problem is processing time is high.
what I need is to call the google api from frontend itself. problem with this step is api key is getting exposed to user and leads to security issue.
So can I generate a session based auth token for speech to text api, which will be valid for client for some duration of time. any tutorial link will also do.
Just about everything Google creates supports OAuth 2.0. Text to Speech certainly does.
Authenticating is easy. Here is a link on how to use OAuth 2.0 with Google APIs.
Using OAuth 2.0 to Access Google APIs
Here is link on how to integrate Google Sign-In to your Web App:
Add Google Sign-In to Your Web App
And a link for adding OAuth 2 to your backend server in PHP:
Using OAuth 2.0 for Web Server Applications
I would use Google Accounts to start. Google Sign-In makes this easy to implement for the client. Either implement OAuth 2.0 on the backend (recommended) or on the client.
Once you complete the OAuth 2 flow, you will have a token that consists of an Access Token, Refresh Token and Client ID Token. You will use the Access Token to authorize API calls. You will use the Refresh Token to refresh the Access Token as it expires every 60 minutes. The Client ID Token will provide you with their identity information.
I am new to wso2 api, I have created api using api publisher,I am generated api client_id and client_secrete,It works fine fine wso2 api rest client,my question is How to call rest service using restful client?(to use wso2 client_id and client_secret)
Thanks,
Ram
Generally we don't use client_id and client_secret for calling REST APIs. Those are used to generate an OAuth token to invoke REST APIs. What you have to do is get the generated OAuth token in API Store and invoke the API. For that you need to set "Authorization" header in your HTTP request as below.
"Authorization" : "Bearer Generated_OAuth_Token"
This is just a basic OAuth scenario. I strongly recommend you to research more on OAuth protocol.
According to the Google Translate API docs, https://cloud.google.com/translate/v2/using_rest, you can authenticate with OAuth 2.0 or an API key.
All of the examples online I've seen simply provide an API key.
Do you know how to run a Google Translate API call with an OAuth 2.0 access token?
I am working on SPA and HTML5 Mobile application that's consume my server application via rest api. Server app connects to Google Adwords Api and then sending data to client app. My question is: is it possible to use google oauth login as login for my server api. And how?
Do I need to use FOSOAuthServerBundle?
Best,
Antonio
This is the flow for this use case: https://developers.google.com/identity/sign-in/web/server-side-flow
And after this you can use google token as your api token, or build your own oauth and use your own token.
Also it is possible to use FOSOAuthServerBundle with custom grant
I am looking for any article or forum thread, where I could find information how to make oauth 2.0 authentication. Especially I have MVC 3 application and WCF Restfull API. And I have to call API methods from web app with using oauth 2.0 protocol authentication. But I could not find any information about it. After googling I see only results how to develop clients for facebook, linkedin, google etc.. Any help would be helpful. Thank you.
You could have a look at DotNetOpenAuth. It has a client library which you can easily install from NuGet here.
Using DotNetOpenAuth all the OAuth plumbing is handled behind the scenes.
DotNetOpenAuth:
When you install the NuGet Package: https://www.nuget.org/packages/DotNetOpenAuth.Ultimate/4.3.3.13295
You can setup an OAuth client like this:
var authorizationServerDescription = new AuthorizationServerDescription
{
ProtocolVersion = ProtocolVersion.V20,
TokenEndpoint = new Uri("https://yourUrl/token"),
AuthorizationEndpoint = new Uri("https://yourUrl/authorize")
};
var client = new WebServerClient(authorizationServerDescription, "ClientIdentifier", "ClientSecret");
Then you can request a IAuthorizationState like this:
// Resource Owner Password Flow
client.ExchangeUserCredentialForToken("userName", "password");
// Client Credential Flow
client.GetClientAccessToken();
The IAuthorizationState contains the AccessToken you can use to Authorize against your Api. If a RefreshToken is provided you can also refresh your authorization using:
client.RefreshAuthorization(AuthorizationState);
ThinkTecture:
Alternatively you could use Thinktecture.IdentityModel. If you chose to use Thinktectures IdentityModel be sure to check out this post: Introducing OAuth2 Code Flow and Refresh Token Support in Thinktecture IdentityServer. Which not only explains how to set up an OAuth Token Server using Thinktecture, but how to use the client as well including a code sample. Ofcourse you can use this client to validate against another OAuth 2.0 server as long as the parameters are implemented according to the OAuth specifications.
OAuth 2.0 Playground
If you want to have a better look at the OAuth 2.0 flow, be sure to check out Google's OAuth 2.0 Playground. I think that a lot of people don't know that it is possible to test your own server with it. Just push the 'settings' icon in the top right and set:
OAuth endpoints: Custom
And you're good to go.