How does Google Glass authentication work? - authentication

I am trying to create a sample test application that authenticates a user wearing Google Glass.
I have read the following page
https://developers.google.com/glass/develop/gdk/authentication
I need to know how will the authentication actually work. Now lets say I have an app "XYZ" uploaded onto MyGlass. User turns on the app via MyGlass and then automatically gets redirected to a web page say, for example,
http://www.example.com/glass/authenticate.html
In this web page, he has to sign in using a username and password. Once he clicks submit will he be redirected to another webpage on the browser or will the Glass application get activated. Where will the userToken be obtained. Will it be on Glass?
I am really confused. Please can someone help me out.
What exactly is the flow for authentication on Glass?

Assuming you're doing 3rd part authentication (i.e. your own users, not google accounts).
Once you click Submit on your login page:
Server-side: If the user is valid, call the Mirror API to insert the account, including your authToken and the userToken. The userToken will be a query parameter added to your login url by the glassware store.
Close the page using window.close(). The Glassware will then be installed on the user's device.
When the user launches your glassware, retrieve the account from the Mirror API, and then retrieve the authToken that you inserted in step 1. for that particular account.

Related

Why is Salesforce redirecting all my community users to the same user while using an external Identity identity provider?

There is a Salesforce application with community users who have a landing page URL for which access needs to be provided to endusers through email which cannot be done. The requirement is for the enduser to make use of their phone number or employee id as they cannot have fresh email addresses.
When i try to connect the SFDC to my external IDP, it is able to go with the IDP for authentication and finally login to the application. However the user that is logged in always reverts back to a single user in the application though i make use of seperate logins for each time.
Ex: User login is alex12 and i login, it will take me through to the landing page in the community page.
user login is mike23 and when i login, it will pass through fine but the landing page in the community page will still show alex12 instead of mike23.
What should i do to get all the users in community user to login and land on the community page successfully for each user?
Any help is appreciated as i need to deploy for a client and this on the escalation track.

How to use best use Google/Facebook signin using expo AuthSession to authenticate with a custom backend API

I am working on creating an mobile app using Expo (managed workflow). I have a backend server which this app will connect to. The backend server has its own authentication with username and password and all other endpoints are protected based on a token that you would receive by signing in to the API using a /authenticate endpoint.
Now, I would like to add a 'Sign in with Google' feature to my app. From the Expo's AuthSession documentations, it looks like somehow the app can authenticate with Google. I want to use this identity to authenticate with my backend API.
I created a /api/auth/google endpoint in my API that uses passport google-oauth, redirects user to google and get authorization code sent to /api/auth/google/callback. I then use the authorization code to access Google's people API, to get the email to validate the user and respond back with a access token for my API if the Google sign in was successful. This works fine when using in a browser.
I want to do something similar for the react-native app. When I use the Google example in Expo's AuthSession, it gives me back a access_token. I have no idea how it gets an access_token because the app does not know my client secret. But still, I don't know how to use it to login to my API and get my API's token.
I have thought about using AuthSession to directly open my API's /api/auth/google, so it would redirect correctly and my backend can then send my API's token to the app. The problem with this is, when someone clicks on the 'Sign in with Google' button in the app, apple will tell you 'App name wants to use myapi.com to sign in' or something along those lines instead of Google.com. Additionally when I add more sign in options like Sign in with Facebook and Sign in with Something else, the user's phone will always say that the app wants to use myapi.com to sign in and then in turn be redirected to Google/Facebook or something else. I am not sure if this is allowed and would count as misleading the user and get rejected form the app store. I tried logging into some of the apps on my phone and clicking on 'Sign in with Google' tells the app is trying to sign in with Google.com and 'Sign in with Facebook' tells that the app is trying to sign in with Facebook.com correctly. But then I also know that the app eventually authenticates with its own API somehow. I don't know what is the right way to do that.
Can someone help? Thanks.

How to tie an account from a backend server to a google assistant user

I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.

How to achieve "Remember Me" functionality for both local and remote login pages?

I have a requirement in my application for iOS and Android, developed using IBM Worklight, to remember the user ID if the user selected this option.
I can achieve this by using localStorage, but the issue is that I have two login pages:
One is placed within the application, and the
Second is hosted on a remote server
Depending on the conditions the application will meet, either the remote login page will be displayed or the local login page will be displayed.
If I use localStorage on local page it is not accessible for server side login page. So I want to use some storage/file on the mobile to store my user id which is accessible for both local and server login page. Is this is possible using worklight/phonegap storage?
More explanation:
Remote login page is hosted on some www.xxx.com domain. My requirement is on launch of application the local login page is shown to the user, there user can enter user id and password and selects remember me option and submits form. Then user logs in and navigated to some xxx.com/yyy server page. From there when user clicks on log out it navigates to remote login page which is hosted on www.xxx.com server. As user already checked remember me option in local page the remote login page has to pre populate the user id text box. And same scenario should happen when user enters credentials in remote login page and selects remember me check box. So when user kills the application from background and relaunches the application user will get local login page where I need to pre populate the user id last time he entered.
Short answer: in my opinion, no.
Longer answer: I will explain what I think using your scenario:
Remote login page is hosted on some www.xxx.com domain. My requirement
is on launch of application the local login page is shown to the user,
there user can enter user id and password and selects remember me
option and submits form.
So far so good. You can store it in either Web Storage or JSONStore or use Cordova File API. Catch: all of these are available ONLY for the specific application.
Then user logs in and navigated to some xxx.com/yyy server page. From
there when user clicks on log out it navigates to remote login page
which is hosted on www.xxx.com server. As user already checked
remember me option in local page the remote login page has to pre
populate the user id text box.
Still plausible. Lets say the user selected 'Remember Me', so you can adjust the URL pointing to the remote login page and send with it as parameters the username and password. Assuming that there will a mechanism to handle those on the remote page.
This does not come for free, though.
This is not meant to work out-of-the-box. It's worth noting that whether Web Storage (localStorage...) is used or any other type of storage- the application and the Cordova InAppBrowser do not share the same localStorage, and the same is true if you open a new WebView.
And same scenario should happen when user enters credentials in remote
login page and selects remember me check box. So when user kills the
application from background and relaunches the application user will
get local login page where I need to pre populate the user id last
time he entered.
This is also a problem IMO, because any application is sandboxed - be it the browser app or the Worklight app, each of them is sandboxed. so you can't just go to website X, and create some localStorage for it and expect that data to be available for another WebView belonging to another app. That's the whole point of sandboxing, in order to protect the app.
And in this case, where the remote "page" will save the data, only Web Storage is available anyway, as JSONStore requires the Worklight API, which is not available when you load external websites.
Notes:
Since you want to save both username and password, you'd probably want to encrypt them in some way, so JSONStore and WL.EncryptedCache are your options, rather than plain Web Storage.

Redirect to own site when user logs in via Facebook app

I am building an app with the functionality to publish
messages to users walls while specific actions runs on
my website.
What I have done is (briefly):
Registered my own app on Facebook
Added a login button on my website with permission
to publish:
Log in on Facebook
Downloaded facebook-php-sdk library
It is now I start having problems. I do not know how
to do what I want to do now.
What I want to do:
When a user logs on to facebook via my website. I want
a file on my site to be called, where I can update the
user's data in my own database as well.
Because that is not what the canvas url is meant to do? How it
is no, seems no file at all is called on my site when
I click on Login.
Since you are using the Facebook PHP-SDK you noticed that there are two options for the users to login:
Using the XFBML button, which will:
Open a login dialog (pop-up) asking for permissions..etc
When a successful authentication/authorization is complete the dialog will close, the auth.login event will be triggered and based on that the page will get reloaded window.location.reload();
The PHP in the top of the page will get into business and $session = $facebook->getSession(); will actually retrieve a session! $user = $facebook->getUser(); will retrieve the current user
Using the Login URL generated by the Library $loginUrl = $facebook->getLoginUrl(); this URL will get you through the same flow and if you noticed there's a next redirect_uri parameter which will redirect you back after a successful process to that URL (mainly the same URL you are at), where you can change that parameter if you like.
The canvas URL is the URL Facebook uses when it displays your application from within Facebook. You would use this functionality if you expect users to use your application while in Facebook itself.
When authenticating using Facebook's API (assuming graph API usage here), you provide a redirect_uri as part of the authentication URL. Once Facebook has authorized your application, it will redirect the user's web browser to the URI you specified. This URI can be any link you desire on your site. You should use the link as the determination of when the user is logged in successfully, e.g., https://mywebsite/facebook/loggedin.