why do we need authsub when we have oauth?
You don't. OAuth is newer. It didn't exist when AuthSub was developed. Google still supports AuthSub, however.
Google uses AuthSub as well as OAuth. But OAuth is used by many web service providers like Amazon, Facebook, Twitter, etc.
You can find more about OAuth : http://hueniverse.com/oauth/
http://www.socialtechnologyreview.com/articles/oauth-pros-and-cons-oauth
Related
I am curious about how Google's Authentication works. Does it use OAuth2.0 for Authorization? Or SAML for authentication? I tried intercepting the requests and responses, but I cannot determine how their authentication/authorization flow works.
Thanks in advance!
Signing in with a Google Account is based on OpenID Connect (OIDC). Google produces wrappers (libraries..) that do a lot of useful things on top of plain protocol. From Google's OIDC page:
If you want to provide a "Sign-in with Google" button for your website or app, we recommend using Google Sign-In, our sign-in client library that is built on the OpenID Connect protocol and provides OpenID Connect formatted ID Tokens.
G Suite also supports SAML for SSO to 3rd party apps. (You still authenticate with your Google Account)
I'm a little bit lost... Too many google documentation, I can't find my way.
We have an app on the google apps marketplace. This app use google's APIs to retrieve drive content, calendar information, ... for all users of our client domain.
Currently we are using 2-legged OAuth 1.0A.
According to the google documentation, OAuth 1.0 is deprecated.
But I cannot find any documentation for using 2-legged OAuth 2.0.
Did I miss something ?
How are we supposed to replace the existing ? 2-legged OAuth 2.0, or anything else ?
Do we have to do any modification on our google marketplace vendor profile ?
Thanks,
Jonathan
The 2-legged form of OAuth2 is described in "OAuth2 for server-to-server applications": https://developers.google.com/accounts/docs/OAuth2ServiceAccount ; that document explains how the 2-legged OAuth2 flows work, but not how an administrator grants the application the privileges it needs to access the data: This is done via the Admin console settings, where the administrator authorizes the app to impersonate users in the domain. The details are described in https://developers.google.com/drive/web/delegation#delegate_domain-wide_authority_to_your_service_account
I think that the correct process is described here :
https://developers.google.com/apps-marketplace/v1migratev2
I am gonna develop a voting system and I don't want to create a unique DB and a login page.. i am expecting users to login in through Gmail / Other sites namely Company site.. to see the voting pages.. Is it possible?
You can use the google API to your purpose, to learn more about it you can read here:
https://developers.google.com/accounts/
Another major site is Facebook:
https://developers.facebook.com/docs/facebook-login/
Yes, you can use OAuth standard protocol, used by Google, Facebook, etc...
yes, that s the purpose of OAuth and OpenID. Many apps supports this.
Based on your language, you can find OAuth Providers and APIs
The OAuth2 PHP client code is awesome. It gives great examples on how to use OAuth 2 with Google APIs. The problem is that I only want to use OAuth 2 for authentication NOT for authorization. I've looked around in the API for something that just authenticates but I can't find the right class.
How do I configure the Google PHP client to only authenticate via OAuth?
I considered just authenticating the client (i.e. `$client->authenticate($_GET['token'])) but that's not ideal because the user is still asked to authorize access to different resources. I don't want to see their email, picture, etc. I just want Google to verify that they are who they say they are.
Well, OAuth is an open standard for authorization and not for authentication!
Most providers however give you the chance to query a users profile, so you can authenticate the user. Without the access to his profile data, especially his user id, you can not achieve this.
See Google's documentation for obtaining the user's profile information for login.
If you only want to use authetication you have to use: OpenID / Federated Login.
See: https://developers.google.com/accounts/docs/OpenID
Im using Janrain at the moment and dont know much about OAuth.
Could someone explain the differences between these two?
Janrain is using OpenID, so the user must get an identity with an OpenID provider. You already know how it work: User interacts with a provider that prompt for credentials. OpenID is a good solution if you want a Sign-In system that accept existing accounts from OpenID providers.
In the case of OAuth, it can be completely transparent to the end-user. OAuth works with Tokens and each token grants access to a specific site or resources, it's all about "authorization". You can also configure a token to expire after a defined duration. OAuth can also be used for Login, that's how Facebook works.
Example with OAuth:
Your website use Janrain for authentication, and now, you want to allow users to import photos from Facebook, but the user provider is Google (for example). You will redirect the user to Facebook for authentication and the user will be asked if he want to grant access to your website. If the user agree, he will be sent back to your website and in background, you'll get a Token from Facebook which must be used in future communication to validate actions. At no point the user shared username and password with your site.
I recommend you to read on OAuth. You can see a really good guide here, for both OAuth 1.0 and 2.0.
Janrain Engage is a set of widgets and backend technology to support a variety of identity providers who may be authenticating through various flavors of openid and oauth. Shielding you from implementing the protocols required to support the over 20 identity providers that Janrain supports.
There is no difference between Janrain and OAuth. Janrain is not a particular protocol for social sign in. Janrain creates a set of API's that work with both OpenID and OAuth - so you don't have to know the difference.
like Kevin said, Janrain's Social Login is back-end technology that supports a variety of identity providers who may be authenticating through various flavors of openid and oauth.
So there really is no difference between Janrain and OAuth, it's just that Janrain uses whichever technology the provider is using in their social API - OpenID and/or OAuth.