could you tell me if when somebody is on my application on Facebook, then I can know what ID number this user has or what email this user uses to login on Facebook? It is important for me, because i would like to know if i can authorize my apps user without oAuth2.0.
you need to get the permission befoer you get the id / email.
As of today, if you don't want to use OAuth 2.0, simply handle that via the legacy authentication flow
Related
I'm using okta to sign-in to my react based web application. There is an edit action within the app that requires the user to re-enter his password. I've checked the docs and couldn't find anything similar. The closest I got to was the 're-authenticate' user part. However, that's only based on time. I want to achieve similar functionality based on an event(say, button click). Can I do this using refresh tokens? (I'm not clear about the whole idea of refresh token). Is there a workaround or a specific okta API that allows me to do this?
I have contacted Okta support and they advised me to use the Okta MFA factors(OTP to email/phone, Google Auth etc.) and not to prompt the user to enter a password.
MFA Factors API: https://developer.okta.com/docs/reference/api/factors/
I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.
I'm creating a web app and decided to use google authentication for its ease of use.
Thing is, I want to only let certain emails login. All other emails should not be able to login!
How do I do that?
I'm aware that I can send the auth token to the backend, verify it with google's library, and then filter the emails but... there should be an easier way, I hope?
You need to consider how Open id and oauth work. You are technically forwarding a user over to googles login page. They login and approve any apis on Googles site you have no way of knowing who they are until they are redirected back to you.
Nor is there any way to limit the users who can login to your client directly in Googles Developer console for your project. TBH i think that would be really hard for them to administrate.
Your best bet is going to be checking the users email when they return and decide that that time if they may login or not. It would be also be a good idea to do a revoke on any credentials google returns to you if you dont want them to have access.
I have searched long and far for this on Google Identity documentation but my question seems to be out of it's scope (https://developers.google.com/identity/protocols/OAuth2).
This is what I have:
I have an app that is using Google's PHP Client library to authenticate a user via oAuth2. My application stores the retrieved token & refresh token from a user. I am able to use this token and refresh token to pull in information from various Google API's (Drive, Calendar, Mail, etc). I am also storing a cookie in browser to keep the user logged in to the application when the user closes the browser. I have created a simple way for users to login to the application via a QR code that matches up their stored token and refresh token. After the first login they are able to simply use a badge to login to the application.
This is what I want but don't know how to do
When a user logs into the application with their QR badge everything work perfectly (I am still able to pull in anything via the PHP Client Library/Google API's), however when a user goes to Gmail, Drive, or other Google service, Google is asking them to login (it's because they are not technically authenticated with accounts.google.com (only my application)). Is there a way to programmatically authenticate a user to accounts.google.com via a stored token/refresh token?
I was searching for a proper way to implement authentication of users with Google accounts into an app I'm developing. One thing led to another and I found this:
https://github.com/thephpleague/oauth2-google
They have a few implementations depending on how you may wish to implement OAuth2 (via separate repositories). I believe this directly answers your question, albeit 3.4 years later. Hopefully it will help someone else who is looking for this info.
I really like Trello's login style-- after i'm logged into Gmail, calendars, anything, i'm automatically logged in when i get to their site.
What i can't find is a complete example of how to go about this sort of "automatic login"-- in any language. While i'd prefer something in .NET, I'm open to whatever.
Any help on resources that detail how to go about this?
They are not using OAuth system rather than they are using OpenID protocol and once you approve the authentication as per this you will again not asked to approve it again.
More over for the first time when you go there it present a check-box to remember the approval
What you looking is similar to what SO is providing, once you have register with SO anytime you to google login page and if you are logged in you will automatically get logged in a part of OpenID
for .net here is the one SO itself using
DotNetOpenAuth