In my website which is built in Java EE, I want to add a feature so that the users can login into my webpage using their Facebook login details or Gmail login details.
You can go through Facebook APIs for JAVA developers and can use them in your application like, google calendar API, google-Picasa-web API etc. First you can access only publicly shared objects without credentials. If you want private objects access, you can implement these API calls by using OAuth. Please read below resources for your reference as per your project needs:
http://projects.spring.io/spring-social-facebook/
https://developers.facebook.com/docs/apis-and-sdks
Related
I am developing a web application for musicians to grow their fan base for their music.
I want that as a musician if i have a eventbrite account already.
I can directly sign in using the same EventBrite Account Credentials to create an account in my proposed web application.
I did find that Eventbrite provides an API
Link: https://www.eventbrite.com/platform/api
I just want to know will this API help to achieve what i want irrespective of my web app technology stack i am using.
Please help.
I'm building a web app using Clojure and ClojureScript and I need it to have authentication based on a white-list of organization. For example, let's say I've added University1.edu to my white-list, and when a student from that university wants to login to my web app, they would be redirected to their own universities login system. After that I would just a confirmation of whether or not they successfully logged in there and maybe create a session, cookies, or or something for them.
Is that possible and if so, how can I implement that?
Some common ways to implement this authentication schemes are OAuth2 and OpenID, which are commonly used in websites were you can log in with your social / Twitter / Facebook / Google account.
Using OAuth for instance, you register your website in some developer portal (depending on the service that you'll use to authenticate) and obtain a token that that you'll use during the login flow and after logging on their portal, users are redirected back to your site.
In order for this to work, every organization (eg. University1) needs to be a provider of this authentication scheme, so that's something you'll need to research.
In Clojure there is a couple of options: the buddy library seems to be a popular choice, but you could also use some Java libraries through interop.
I want users to my website to use Google Accounts to authenticate / sign in to my website. The primary use case being users will edit and generate content and we want to log ownership in a secure way. We are not interested in obtaining users Google data, we just want a means to authenticate users.
After googling, I came across some documentation, which seems to explain how to do this OpenID Connect (OAuth 2.0 for Login). But the documentation immediately says "Note: If you want to provide a “sign-in with Google” button for your website or app, we recommend using Google+ Sign-In, ...", which if you follow the link ultimately takes you to Google+ Sign-In.
What's the difference between these two pages of documentation? Why does the first tell you to go to the second while not saying the first is deprecated? Are both/either suitable for my use case? All it says is "we recommend" I want to know WHY, WHY do they recommend it?
UPDATE: I also found yet another link which seems to be documenting another approach https://developers.google.com/accounts/docs/OAuth2WebServer I think this is just for "Authorization" i.e. authorizing your app to make google api calls to get user data, so cannot be used for authenticating/sign-in.
BTW I'm building my website with a Scala Spray BE REST API & NG JS FE.
A comparison of the two is available here.
Google+ Sign-In with profile scope
Has Google client libraries for authenticating with OAuth 2.0, which includes support for Google+ and other Google services (like getting social information on a user). Also this can make implementing easier and requires less boiler plate code
Has the Google+ Sign-In button to simplify sign-in Has no pre-built widgets
Supports over-the-air Android installs
OAuth login is primarily just for authentication at a lower level, that is by making raw HTTP requests, no API.
OpenID Connect protocols (OAuth 2.0 login)
Google+ Sign-In supports OIDC interoperability if you configure with the openid scope and get the user profile using getOpenIdConnect.
OAuth 2.0 login supports OIDC directly. Use it for signing in users to apps that do not need social features and run on platforms not supported by Google+ Sign-In.
I m building a website and a mobile application where both of them uses common resources from my server using APIs. Is it possible to use Social Login like Facebook / Twitter / Gmail to authenticate users to use my application? This will benefit me by not creating my own security layer and rely entirely on their security mechanism to secure my APIs.
OAuth documentation states that Users grant access to their Protected Resources without sharing their credentials with the Consumer.
In my case, by giving Login via Facebook, I want these Facebook Users to login to my application and use the Protected Resources which are exposed by my APIs.
Let me know if I am on the right track or not ? How do I achieve this.
Of course you can use Facebook (or Google+) for a login mechanism on your website.
Facebook offers a button for this: https://developers.facebook.com/docs/reference/plugins/login/
Here´s more information about the Facebook login: https://developers.facebook.com/docs/concepts/login/
If you don´t want to use the Login Social Plugin, the best way is to use the JavaScript SDK: https://developers.facebook.com/docs/howtos/login/getting-started/
Google+ offers a login button too: https://developers.google.com/+/features/sign-in
I did not use the Google+ solution yet, but with the Facebook login it´s quite easy. You can just store the Facebook ID for registration and stuff.
I am using Twitter API for retrieving user information for specific name searches. The method I am using is users/search. You can find details of this method here: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-users-search.
Right now I am trying to use OAuth in my application as Twitter announced that they will no longer support basic authentication. The issue with using QAuth is that I don't require the users to connect to their Twitter account and so I can not generate user token. My application is using Twitter just for showing information about people, it's not posting/updating anything. I will really appreciate if anyone has any suggestions on using OAuth for Twitter without using Twitter user's login information.
I would suggest that you create an account for your application and use that account to perform user search if your application is a webapp.
If your application is an desktop app, I think it's understandable to user that they need to authorize your application to do the user search.