I'm accessing the Google Contacts API using OAuth.
I see from the docs that I have an authorize URL (https://www.google.com/accounts/OAuthAuthorizeToken), used to get the access token, but not an authenticate URL, a thing other services implementing OAuth use to automatically redirect the user to my site when he has previously given me the permission to access his data.
Linkedin does it
https://www.linkedin.com/uas/oauth/authorize
https://www.linkedin.com/uas/oauth/authenticate
Twitter does it
https://twitter.com/oauth/authenticate
https://twitter.com/oauth/authorize
But I couldn't find a way to do this using the Google API.
Anyone knows if it's there?
Thanks
Google uses the same url for authentication and authorization, so just redirect your users to the authorize url with the appropriate parameters in the query string. Google then determines if the user needs to login, authorize your app, or both.
The flow would go something like this...
Get the request token
Redirect your users to the authorization link
https://www.google.com/accounts/OAuthAuthorizeToken?scope=http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds&oauth_token=REQUEST_TOKEN&oauth_callback=http%3A%2F%2Fwww.mysite.com%2Fcallback
User authorizes your app, then exchange the requst token for an access token.
Related
Is it possible that AWS Cognito redirects user to a http endpoint with user's access token if the user is authenticate user with Cognito? I need to implement this authorization flow in react web application. Basic idea is that user gives his credentials such as user's email address and password, then Cognito takes them to check if he is authenticate user or not. If he is, it should redirect user by passing the token to callback URL (in my case this is an http endpoint). After then the URL gets the token, it gives him access as final step.
This is possible. But you need to make sure your HTTP endpoint is able to redirect back to an UI page (Or React route) or render HTML after accessing the token retrieved in parameters.
Note: Simply having a HTTP backend URL won't work since the authentication flow requires to redirect the user to the application.
I am currently working on a project that requires a user to Login to the app using Google credentials but without redirection to the google authentication website. The user needs to enter his Gmail id and password in the app window and somehow I need to verify these credentials with Google (without redirecting). Is there a way to do this?
EDIT:
One approach I got is to send these credentials to google which would authenticate the credentials and return an authentication token. But the feasibility of this approach is questionable.
I'm implementing Facebook and Google SSO on my website using custom workflow (redirect urls, parsing on server side etc. - no javascript) and I got to the point I have access_token, token_type and expires_in and from Google also id_token and I am confused what to do next to authenticate the user.
I read a little about authorization vs authentication, and that Facebook and Google SSO is OAuth2 which provides authorization, but not authentication, from which I understand that this way my web application is authorized to do something on behalf of the user, but I cannot be sure the user is the one who I think he is? My main source is this: OAuth Authorization vs Authentication
So, my question is, what should I do to be able to can consider the user logged in.
Thank you
In your case google (and facebook) is authenticators. This services just tells your application that user who try to login to your system is the one who he wants to appear.
Assume you differentiate users by unique email.
Your application flow should be next:
The user try to login to application using google Application do all redirection google flow stuff and gives you tokens
Application need to store this tokens for future use
Application check if this user's email presented in database
If email is presented and google returns tokens (google authenticate your user successfully) you can login user in your app
If email isn't presented in database but google authenticate user successfully you can store this user (with email) to your database - sign it up - this is new user in your system
Same flow with Facebook. Surely you can extend this logic to be more your application specific.
SSO and OAuth are different. OAuth is authorization protocol.
You are dealing Google and Facebook oauth.
OAuth
In case of oauth, after successful authentication(google/facebook) you will get access token. You can use token for maintaining the user session.
With this token user is authorized, Now you should check whether the user is present in your database, if yes then authenticate the user and redirect to your application.
SSO
SSO is user authentication service. There are way to implementing SSO like kerberos SSO, ADFS SSO.
We should never use OAuth2 access token for authentication.
For details, please refer
https://oauth.net/articles/authentication/
The OpenIDConnect, built on top of OAuth2, can be used for authentication.
Google supports OpenIDConnect
https://developers.google.com/identity/protocols/OpenIDConnect
The basic idea is Google will issue the client app (your application) a ID Token after the user has login his Google account. You can then extract user information (e.g. email, unique user id) from this ID token and proceed your login flow.
I am making an app that uses Kinvey as a backend. I want to access the Github api. I need the user to authenticate with OAuth. Can I do that with Business Logic? As far as I can tell, every request needs to be authenticated as a user, when Github redirects to my Business logic it won't have those credentials. I feel like I am missing something simple(never worked with oauth before).
Can this be done with Kinvey alone?
The OAuth2 callback does not have to be to Kinvey. If the user is interacting with the system and authorizing the token via OAuth, the redirect should actually be back to your web server - this way the user is redirected away from the authorization page, and back to your site. From there, you can get the token from the callback URL query string, make a request to store that token in Kinvey, and redirect the user to the appropriate page on your site.
If you are doing the server-side OAuth flow, you can set your callback to be any collection (you can create a dummy collection for this purpose.) Endpoints will not work for this, because endpoints only currently accept POST requests, and the OAuth2 callback is a GET request. In this use case, you would create a pre-save endpoint that receives the callback, obtains the token from the query string, and then does whatever processing it needs to do.
Is there a way to pass login credentials from code instead of entering credentials everytime in the popup for login authorization?
You dont require login credentials every time for authorization,you'll get an access token and access secret upon successfull authorization by OAuth,use the later for further calls to the API.Oauth protocol works this way.
I guess Magento is using OAuth 1.0/1.0a,so everytime you'll authorize a user you get,
oauth_token - the Access Token that provides access to protected resources.
oauth_token_secret - the secret that is associated with the Access Token.
You will need to use OAUTH based authentication. Then pass the request token along with each request:
Refer: http://www.magentocommerce.com/api/rest/authentication/oauth_authentication.html