I need to get an access token from differente providers from the client side.
The idea is that I need the user to authenticate with these providers from javascript, and then retrieve an access token to be used to authenticate against another web service...
So far now, we managed to do it on twitter using twitter-anywhere, in facebook using the javascript SDK and in google using it's api-javascript-client
I was wondering if there's a similar solution for yahoo, linked and github. Or even better, a more general solution that could handle different providers...
Surely, there is one for Linkedin.
http://developer.linkedin.com/javascript
http://developer.linkedin.com/documents/javascript-api-reference-0
Not sure if this was around when the question was asked. For github, the comment by #Ivan Zuzak would suffice.
This link has a workaround with a little server support - http://blog.vjeux.com/2012/javascript/github-oauth-login-browser-side.html
Related
I am new to titanium and am trying to make a directory of contacts using Google Contact API. I have read up on it yet aren't seeing too many helpful examples. I know I need authentication yet I can't seem to figure out where to start. Any help is appreciated.
You may know some of this already but here's the broad strokes overview for others and an answer to your question (Any help is appreciated).
You need to create an (Google) account and register your project/application first in order to make requests for non-public user data. The request must include an access token. The token also identifies your application to Google.
In order to authenticate a user/application: You will need to Use OAuth 2.0 to authorize requests. You must register your project in the Google API Console and enable the Contacts API service in order to use OAuth 2.0.
To implement the OAuth protocol in a Titanium app you can follow along with the sample/tutorial in this blog post:
OAuth Login for Titanium
I've been researching PASTEBIN type API's that would enable storage of code snippets for a project I'm working on. The problem is that most if the API's I've found do not support edit/update of existing pastes.
I found that the Snipt.org API does support snippet updates. However, authentication for the snipt.org API is done using your Twitter account. The snipt.org API docs (https://code.google.com/p/snipt-org/wiki/REST_API_Docs?tm=6#Authorization) suggest using a GET '/auth' call (providing a Twitter uname/password in the URL) to obtain an API token to access the API. Is it just me or does this seem like a good way to compromise your Twitter credentials?
I have used other sites that authenticate via Twitter, but I get authenticated on the Twitter site first which in turn sends a token to the authorized app.
Well, obviously this API has some serious flaws.
But if you use https, the URLs of GET requests will get encrypted along the way. (But still get logged in the cache of your browser. do clear it.)
So if you really like snipt, you could use a new twitter account created simply for the purpose of authenticating to snipt.
It won't feel particularly good. And I have some serious doubts about the rest of their security code based on this part of the API. But I do not see how exactly your credentials could be stolen using this part of it by others than the snipt maintainers who already have access to your snipts. So if you protect only snipts with the credentials, and no tweets, you should be alright.
I want to implement OAuth/OpenID for Website One and use it in Website Two.
I create Sign Up, Sign In, Sign Out, Profile functionality/Pages for Website One and want to use authentication in Website Two like Facebook or Twitter authentication.
As an additional information if you got interest you can visit trial websites of Website One and Website Two. Please do not expect full or correct functionality because as I said above they are just trials yet.
P.S.
I decided to use OAuth. Forget about OpenID.
I had a look at your sites. It's not working this way.
You want STOZE to use the authentication from TIKSN? Well, you have to configure STOZE as an "oAuth resource server", so it keeps the protected resources, and configured to work only with token he gets from TIKSN, which will be configured as an "oAuth identity provider".
Read a little bit about oAuth...
OpenID is a different story - then, you will have to configure TIKSN as "OpenID provider", and configure STOZE to enable it to work with OpenID providers (so TIKSN will be one of them, but you will be able to use also Google, Yahoo, etc)
Read a little bit about OpenID...
HTH
I want to use google/yahoo ids to be used to login to my website.
As its done in stackoverflow.
Can any one provide me a starting point.
That authentication method is called OpenID. You can get details at the open id website.
If your webiste uses PHP on the server, here's a resource to get you started with OpenID and PHP
UPDATE
Since I've posted this, the world of open federated authentication has evolved quite a bit. If you're interested in this you may wish to look up OAuth v2 online, or check out these links: www.oauth.net and the Google resources on OAuth2 available here.
OAuth builds upon the concepts of OpenID and it expands the functionality quite a bit, in particular in the areas of not just providing authentication but also providing authorization for applications using a centralized provider of the user's choice (i.e. Google, Facebook, Twitter or your own :) )
I have been using JanRain for the same thing. It is free and integrates with loads of different login providers, such as, Facebook, Twitter, Google, OpenId (generally), yahoo, msn, and many more.
There is code that lets you integrate it with almost any programming language/platform you want.
try this sample in CodeProject.
http://www.codeproject.com/KB/web-security/OpenIdFormsAuth.aspx
It worked fine with me.
I am working on designing an api/application structure to mimick facebook's for a project of mine. I am wondering what the best way of going about authenticating users is.
For an app how do I give them the nessecaru credentials and how do I authenticate those credentials?
I would investigate these technologies before I started down the road:
OpenSocial this is basically the "open source" facebook platform. You can set up your site as a container, or an application (or some funky combo of both).
OpenID if you just want to be able to authenticate people using their login credentials from another trusted site
OAuth if your looking for a API style authentication framework
All of these techs have reference implementations in the usual suspects and are supposed to be more "open" than anything facebook is doing. We will see what happens in the long run...
Well the facebook api actually has an open source implementation so that's fine. But I'm wondering how does facebook actually authenticate everything? Like how do they pass user data to you?