I want to implement a "Share" button similar to Facebook´s "Like" button.
Is it possible to build an API on Google App Engine and allow users to login through 3rd party websites(after clicking on the "Share" button) to submit information to the API?
I want to prompt the user to select from multiple sign-in accounts when clicking on the "Share" button. Is there a way to prompt the user with the OpenID selector on a 3rd party website? What other options are there to prompt the user with multiple sign-in accounts?
Thanks!
1) Yes and its well documented.
Start here http://code.google.com/appengine/docs/python/users/overview.html#Authentication_Options
App Engine does not provide a user interface API for OpenID sign-in. Your OpenID sign-in user interface must allow the user to enter a URL that serves as an OpenID identifier. You might also include a pop-up menu listing the domain names of popular OpenID providers, along with a box for the user to type the unique part of the URL. For more information on the user interface for OpenID sign-in, see User Experience summary for Federated Login.
2) In the text I quoted they mention that your site need to ask the user for a an URL that serves as an OpenID identifier. That is exactly what you could use openid-selector for. The selector is a Javascript tool and runs on the client, not third party servers. You could have your share button bind the "onclick" event to open the selector.
Related
I'm using okta to sign-in to my react based web application. There is an edit action within the app that requires the user to re-enter his password. I've checked the docs and couldn't find anything similar. The closest I got to was the 're-authenticate' user part. However, that's only based on time. I want to achieve similar functionality based on an event(say, button click). Can I do this using refresh tokens? (I'm not clear about the whole idea of refresh token). Is there a workaround or a specific okta API that allows me to do this?
I have contacted Okta support and they advised me to use the Okta MFA factors(OTP to email/phone, Google Auth etc.) and not to prompt the user to enter a password.
MFA Factors API: https://developer.okta.com/docs/reference/api/factors/
I implement G+ sign-in function in my site, document here. The problem is google show sign-in dialog by popup. This way make my site break in iOS if I bookmark it home screen. It cannot close the popup. Does it has some options to open sign-in by another way?
There is another way, but it's slightly more complicated.
You can follow the instructions in the Google OpenID Connect documentation. Broadly, it involves directing the user to an authorization endpoint from which you get back a code. You then exchange that code at the token endpoint for access, ID, and refresh tokens.
The best way to learn how this flow works in an interactive way is using the OAuth Playground. Try entering profile email openid in the "input your own scopes" box, then tap Authorize APIs. Here's an example auth URL.
The docs for verifying the ID Token detail how to use the ID Token to authenticate the user, by extracting the sub value.
i have a few site developed with zend framework 1 and zend framework 2,i wanna users register in main site and in other sites i want to have a login button ,if user click on login:
1- if user logged in in main site ago , user login without enter any information.
2- if user not logged in in main site a popup open and ask his username/password of main site ,then login to site.
i don't understand is that possible with OpenId or OAuth.
in OpenId user must generate a OpenId Id for example:
http://www.example.com/USERNAME
but i prefer user don't enter any additional information.
for example in the Stackoverflow you can use Google or Yahoo account.
if you wanna use yahoo account it asked your OpenId,but i don't know what system Google use that it not asked for any id and just user enter his email and password if is not logged in to his Google account,
I prefer Google System that user do not enter any Url to login.
sincerely
Clicking the Google button on the Stackoverflow login screen secretly fills the URL
https://www.google.com/accounts/o8/id
as OpenID URL. This is an XRDS file which tells the OpenID library where the auth server can be found.
The OpenID spec defines this in section 7.3.1:
If the end user entered an OP Identifier, there is no Claimed Identifier. For the purposes of making OpenID Authentication requests, the value "http://specs.openid.net/auth/2.0/identifier_select" MUST be used as both the Claimed Identifier and the OP-Local Identifier when an OP Identifier is entered.
While implementing the Facebook Connect to a web application , its possible to show Facebook Sign up page in a pop up and once logging in and Granting permissions are complete, its possible to Authenticate Again in PHP and to get the necessary details of the user, - id, email etc.
I believe, thats secure because, the User Insertion is not based on the Ajax Request Parameters.
Is it possible to do the same with Google Plus Login also ?
Means - Logging in to Google - Using Javascript SDK, asking permissions, Authenticating all done in a Pop Up Window. and then, Creating a new user with the Help of google-api-php-client ??
Yes, what you're trying to do is outlined with https://developers.google.com/+/web/signin/server-side-flow which includes some PHP code samples to help you do this. In general, the steps at authentication time are:
User clicks the "Sign in with Google" button which may pop-up a new window at Google prompting them to log in and authorize your webapp.
After they do so, a one-time code is sent to a JavaScript callback you specify.
Your Javascript method sends this code to your PHP server.
Your PHP server uses the client library to contact Google's server and exchange this one-time code for an access token and refresh token, which you keep and use to perform actions on the user's behalf.
I am adding the ability for a user to link their foursquare account with their account on my website. Foursquare's oauth account authorization takes the user to foursquare's website, and after authorizing my website it redirects the user back to a url.
I want to avoid breaking the user's context on my website when they decide to add foursquare functionality to their account, so I'm planning on doing foursquare's account authorization in a new window using
var foursquare_popup = window.open("foursquare_url_to_authenticate_user");
and redirecting the popup to a static success page once the authorization has been completed.
I've seen oauth popups done in a couple places like Wired's tweet button.
Is this a good way to handle oauth with things like twitter/facebook/foursquare?
i would recommend against opening a popup window as part of the oauth signin process, purely because some browsers do not support popup windows - particularly browsers on mobile phones. also, the browser may support popups but the user may have a popup blocker turned on.
a better way would be to redirect the user from your website to the service provider all in the same window.
i am currently working on a way to do this with an invisible iframe on the page of my website. this way, if the user is already logged in to the service provider then they would not need to be directed away from my website. however, i am half way through this functionality so i cannot confirm that it will work yet.
You can specify display=webpopup if you want to use a pop-up window (see https://developer.foursquare.com/overview/auth#display).
Also, you can specify additional parameters in your callback URL, which will be preserved by the oauth flow. So if you passed "&state=settings/accounts" or something as parameter of your redirect_uri, you can parse it out upon success and resume your session with the user appropriately.