I want to make an application witch involves logging into google. It is basically a small application to always have your gmail with you without always having to go to the web browser and log in. Basically what I want to do is, when the person signs into their google account (or the page url changes) I want the webbrowser to refresh and go to a new point in the form and create an animation using a timer. I dont need help with the animation, I just need to know how to link it together with the person signing into google. And also, If it's possible I would like to have the person log in without the actual google web interface, but with 2 textboxes and a button. I am using Visual Studio 2008 and help with my application would be greatly appreciated!
One of the great things about GMail is that it gives you Pop3 access to the mailbox. Your application should be able to use Pop3 to login to the mailbox directly and not require the user to use the google web page (or any web page) at all.
This would be much more secure and fault tolerant than highjacking a browser session or scraping a web page for emails (as your application would break as soon as google updated the gmail app or the user changed their preferences).
You should be able to find numerous Pop3 tutorials, libraries and samples on the net (and most probably here on SO).
If you still insist to use the web browser control, you should investigate crafting your own HTTP-Post query to the page that takes the GMail login. Once you craft the correct message (including the user's username and password as the appropriate POST variables) you should be able to login directly.
Finally, you might want to have a look around on code.google.com as I'm certain this has been done before and you will most likely be able to find some sample code (whichever way you go).
Good Luck!
Related
Is there any way to embed a private report (i.e. Link-Sharing set to OFF) in a site where the user does not have to be signed in to a Google account which has view permissions on the report? I understand from this piece of documentation that a private report can be viewed in an iframe only if the viewer is currently signed into a Google account which the report has been shared with.
This is not a feasible option in this case, and it comes down to two factors:
The client requires complete security of their reports.
The client, due to security reasons within their company, cannot create or use a Google account.
This means the only solution is for a 'service' type Google account to be created which authenticates with Google from within the application side of things, without relying on user input.
I guess that the document that loads within the iframe looks for a Google authentication cookie in the browser session of the user in order to authenticate access, so this seems like something that cannot be injected by the server or automated on the client (correct me if I'm wrong). Plus any kind of attempt to script a login through the iframe will result in some cross domain issues.
So, if there is some sort of official authentication technique which can achieve what I'm looking for, and have managed to overlook, it would be great if somebody could point that out! If not, if anyone has any ideas on a less neat and tidy way of doing this, I'd be equally as grateful!
Thanks
(coming late to the party, I'm aware, but stumbled upon this myself just now and believe I found an answer:)
When embedding a report, you are able to send a token via their community connectors to give specific viewing rights depending on who that is on the platform. I guess this wasn't available at the time posting this question, but sounds like a viable option now - read more: https://developers.google.com/datastudio/solution/viewers-cred-with-3p-credentials
You can not share an active/live dashboard but you can deliver a password protected version of you report via PDF. To the farthest left of the "Edit" button you´ll see the "Download Report" feature.
I have this question in mind and I wanted to get other developer's opinion on this issue.
For creating a user (like in Facebook or creating an account in Gmail), some people suggested to have an public/private (means we don't tell developers how to use it) action in API for it. I, however, think it is a security risk as even if it is not documented, a hacker can simple see the calls and http requests when our front-end app is using that api action to create a new user (using a web debugger like fiddler) and can find the url to that action so simple ! like this POST ~/api/user/create
and then he/she can send thousands of requests to create user, users needs to be verified but still he/she is adding a lot of junk users in our database and puts a lot of pressure on our servers.
So the question is how do we handle this? Allow this only on our website or what?
Thanks
You can use CAPTCHA to verify that's a real user.
I am well aware of the security implications of this, so much so that I'm betting it doesn't exist, so before you call me crazy, that's why I'm asking.
I got really tired of having only my phone on me and installing a new app/whatever and finding myself needing to suddenly create a new application-specific password on the fly, and having to navigate Google's decidedly non-mobile-friendly security page to do that. I want to create an app of some kind that allows me to generate an application-specific password, whether by text or an Android app itself or something else. As I see it, there are two options here:
Use some Google Account Security API (if it exists) to create the application-specific password
Do scraping-type behavior (with proper credentials, of course) to automate its creation. I really don't want to do this.
Does anyone know (a) if this type of API exists, or (b) if there are any other ways to go about doing this? This app would be published on Github for self-hosting, obviously.
There is no official API to generate application-specific passwords.
I've solved this myself by doing a couple of things:
1) printing out the QR Code for the account that can be scanned by the Authenticator app in order to generate codes. I keep it secured in my desk. This allows me to reformat my phone without needing to turn two-step off each time.
2) use the browser sign-in for my Android device. When adding a Google account to an Android phone, just before the screen where you enter your username and password, click the menu button (or 3 dots on the screen if you have no menu button) and choose Browser sign-in. This allows you to login to an Android device with your username, real password and verification code rather than an application specific password.
This saves me from needing to generate application-specific passwords 95% of the time.
Jay
I was reading through the windows live developers doc here. In that I saw they are having an authentication method something like this.
GET https://oauth.live.com/authorize?client_id=CLIENT_ID&scope=SCOPES&
response_type=RESPONSE_TYPE&redirect_uri=REDIRECT_URL
I understood everything except for where do I give the username and password of the user?
I am planning to create an app(first one in my life) to learn the working.
I also have never used or coded something over REST.
When using OAuth, your application never receives the user's username or password. Rather, the user logs in to Windows Live on the Windows Live servers and authorizes your application for access to their information. After they have authorized your application, you receive an access token from Windows Live on behalf of the user. You then use that access token with the Live API to retrieve user information.
Coding something using REST protocols isn't anything too terribly complicated. It has been my experience that you're just specifying parameters to the API using GET or POST as your request method. Adding OAuth on to your requests is a matter of specifying additional parameters.
You're task is to learn two things here since you've never done REST or OAUTH before. Spend time looking at both.
Oauth is hard to get and hard to implement.
You should choose an off-the-shelf Oauth library they exists for most languages.
(Then you do not have to worry about the details. OTOH: You should know how it works to know how to set up and fix if something goes wrong.)
http://oauth.net/code/
Everything I have tried requires the end user to sign in to yahoo...this won't work because the end user doesn't know the password or the username. This should be automated otherwise flickr wont work
You probably won't get this to work the way you want. OAuth requires the end user to authenticate with the service (Flickr) and physically authorize your application. So at the very least, you're going to have to interact with their server as a user if you want to authorize your application for use.
As a side note, you may want to investigate whether or not you can POST the required variables to Yahoo via some sort of script. Use Firefox and the Live HTTP Headers extension to view the POST information. This may or may not work, as my previous experience with some Yahoo forms require cookies designed to foil robotic submissions.