I need to send emails through my java web app and found this post which does the same. However, it requires to enter the password directly to the source code which I do not want to do.
I also want to commit and push the code on github. I could remove my password from the code before commiting but I would have to do that every time I commit.
I looked into Google Gmail API and OAuth for a secure way but couldn't understand their documentation.
Please suggest any secure way to enter password? or a quickstart to use Gmail API for sending emails through a web app would also be appreciated.
Related
I am making a desktop application for Reddit in Java. I want to let users log in to their Reddit account via my application so that they can do things on Reddit. I know that I need to get access tokens and whatnot but I don't know how to go through the process of doing that. Whenever I have accessed the API previously, it has been in Python using PRAW, so I would manually enter in the client id and client secret - obviously I can't be doing this for a professional application. I'd appreciate it if anyone would guide me through the process of authenticating the user and how to receive and use the access token.
You have to use oauth apis. There is a sample integration for reddit. https://www.e4developer.com/2018/11/04/reddit-api-authentication-with-java-spring/
also there are developer guide for oauth in reddit page
https://reddit.com/dev/api/oauth
Reddit github page have good documentation
https://github.com/reddit-archive/reddit/wiki/OAuth2
Please inform what security measures need to be implemented before I can deploy an android app (which will collect personal information) for public usage in google play store. I am a newbie and dont have much experience with security procedures.
Already implemented SSL to establish encrypted secure data link between client and server by converting http to https. Is this good enough for data communication between client and server link?
Will be implementing sending email from app securely using OAuth2. Is this a valid approach? Should more be done. I plan to write this code at the server side and not from the client side? Is this ok?
3) I just do a simple retrieval of username and password and check if they match but password retrieval is done using https (SSL). Is this enough?
4) Should I encrypt the passwords in the database? If yes, how should it be done like should I store them encrypted in the database and which retrieval decrypt them? Please inform.
5) Will be composing a privacy policy as per guidelines of google play as the app will be requesting personal information and displaying on the app menu and while first sign up before entering the app?
6) Also using google API's etc...Just requesting, getting JSON, parsing the json and displaying in the app good enough or something needs to be done. This is all done using api key as per the provided guidelines. Anything more needs to be done to secure it?
7) What else am I missing to make the app absolutely secure?
Your inputs will be greatly helpful.
Thank you!!!
I'm developing an app in java/sacala to provide to differents clients use their google analytics info. But the only way I found to connect to get the info is using .p12 certificate or client_secret.json.
Is it possible to connect just with user and password like a regular login in google. (maybe with the regular login you can get the .p12 or the json without enter to analytics console)
Because I saw in some apps like tableau this feature but I didnĀ“t find documentation about that in google.
Thanks
Follow the steps in the Java Install Application Hello World example. When the user runs your application they will be prompted to sign in and authorize your application to access their data.
It also helps to take a look at the the OAuth scenarios.
If you are trying to hard code the username and password into an application, this will not work for obvious security reasons. If that is your intent you should use a service account.
I have a web base email client that uses a java app to connect to IMAP and POP3 servers to download email. There is an issue that if a user usually logs in form the US that the java app will not have access to collect emails until that user logs in from the same county the java app is running.
I was told to overcome this to use google oAuth in order for the account user to give permission to my app to collect emails. Is this correct? Once this has been accomplished I would also like to the the API to import contacts, but for now authorization/authentication is sufficient.
The problem I am facing is that after trying to make heads a or tails of the google oAuth api documentation im really confused and did not yet manage to make a working example. Documentation often has links to a depreciated API and there is no example with a dowload link to both the API needed and exaple source code, as a result I think im using incorrect libraries for my examples.
Its also not clear to me what/how to accomplish what is needed do I use client authentication via javascript to create a popup whereby the user grants access?
Or do I use installed app client with a token and secret, this is what I tried but the 'command line' example I tried requires Java EE and this is a native app so I dont see why and I dont want to import all Java EE libraries to my small email downloader app.
Where can I find more intuitive documentation and working examples on this?
If you stay away from OpenID 2 and OAuth 1, I think the docs are pretty orderly these days. The best place to start is https://developers.google.com/accounts/docs/OAuth2
Hey all, i want to integrate my Blackberry App with Twitter, and found that the way to do it is with OAuth. The problem I have is that i would like to do the verification of this from my server as to put less strain on the device, but I have no idea how to get the OAuth PIN from the server to be displayed on the device so the user can enter it, any ideas as to how i can do this? or an alternative ?
You can't. OAuth was designed such that only the service provider can provide authentication (so that the developers don't have to store their client passwords on their database servers and if the client changes their passwords, then it would have to be managed also on the developers side too). There is only one source of authentication and that's from the service provider (Twitter, in this case). Sharing of passwords is therefore eliminated.
OAuth doesn't work on PINs but rather using Request/Access Token. Follow the Beginners' Guide to OAuth and Twitter Developer's Auth Page to see how you can incorporate OAuth to Twitter. Just to give you an heads up, you will have to register your application to Twitter.
Update For Mobile and Desktop applications, rather go through Twitter's xAuth. Here's a documentation on how to register and use your application to use xAuth.
Twitter OAuth FAQ.