I posted a question here 8 days ago with no reply. I'll try to ask better:
I'm trying to integrate a Gmail login feature into my desktop java program. Upon the very first launch, the user will be required to login/create an account. The option to "remember me" should be available afterwards. Users need to login so that the app can search their inbox for emails containing attachments, and then download one or more attachments. No emails are ever sent.
OAuth 2.0 seems like a reliable API, but I'm confused about 3 things:
1) Pricing: The link here seems to mention there's no charge for the OAuto 2.0 API, regardless of whether it's used for commercial purposes or not. Do you know if this is correct or how I can verify it?
2) Legality: Is it legal to make money from software that uses Google's OAuth 2.0 API? Like I said, the app will only be logging into a user's email to download an attachment from a particular email.
3) Implemenation: Is the OAuth API the most reliable/efficient method? My rationale was to allow Google to handle the privacy and security issues so to avoid storing encrypted login data on user's PC. This is what I'm aiming for visually:
Related
I'm a beginner learning android app development.
I have a requirement for a user to be able to Read messages (just the body content - text only) from a Gmail account (Read-only mail extraction?) and save the email content within the app.
I don't need to retrieve messages when the user is not actively using the app.
The app and SQLite database I am building sits on the phones internal local storage. I do not have a backend server.
I have looked at the Gmail API tutorial here: https://developers.google.com/gmail/api/guides/
As I understand, I need to use the Gmail API and ensure that a user of my app can authenticate as a Gmail user.
Is anyone able to advise:
1) if this is feasible to do without a back end server?
2) any tutorials as to how to approach this, or would you recommend just working through the material I listed above?
3) (I understand this is highly subjective) how substantial a task this is to undertake for a learner (This is an educational project, so I am limited by time - if it takes me more than 3-4 days I will run out of time!) An idea as to how long it might take someone who is experienced would help me to grasp the scale of the task.
Google uses Oauth2 to authenticate and track applications connected with a user's account. You will need to get a security key for app from google. Because you do not have server, you will want to get a client only key and not the service key. You can get the client key by going to the Google API Console. For help about how to let the user sign-in to their account you can look at this Android tutorials here. After you get the google sign-in working you can continue on to getting the Gmail messages.
It may seem like a complicated process, but you should be able to have in working in a short amount of time if you go through the tutorials on Google's developer's site. I got a similar app working in only about an hour. To add a nice user interface will take longer, but thats up to you.
I was just wondering is there any philosophical differences between GAE Java User API and Google+ social plugin sign-on?
Both seems to served the core purpose, which is to authenticate a user against his/her Google account.
Hope someone can enlighten me.
Referneces :
https://developers.google.com/+/web/
https://cloud.google.com/appengine/docs/java/users/
GAE Users service can be used pretty much only for login to a specific GAE application, while Google+ sign in can be used to interact with any Google API. For example, if you need to know even a basic detail such as the user's full name, the Users service can't help you there.
The Users service is more "transparently coupled" to the user's session in Google - once the user has signed in, assuming they checked "remember me", they will keep being signed in as long as they don't delete the cookie, and you as a developer don't need to do any special check. With Google+ sign in you need to check whether the user is signed in on each visit and handle expired tokens yourself (though client libraries help with it).
Using an (Linux, not Android, based) embedded device, I attempt to access data on a Google Drive. Following the guidance of "Using OAuth 2.0 for Installed Applications", this almost works. The remaining problem is that the renewal token itself expires after 6 month. It is my understanding that since this is an embedded device, there's no user present to ask to provide consent, hence no way to get a new authorization code and consequently no way to get a new renewal token.
I just learned that for google accounts using two-factor authentication, one can obtain application specific "App passwords", which (I believe) don't expire. I haven't seen much in terms of documentation of such though (other than how to acquire them). How would I use them in my application? Can I use such an password to instantiate a com.google.api.client.auth.oauth2.Credential?
I have a web base email client that uses a java app to connect to IMAP and POP3 servers to download email. There is an issue that if a user usually logs in form the US that the java app will not have access to collect emails until that user logs in from the same county the java app is running.
I was told to overcome this to use google oAuth in order for the account user to give permission to my app to collect emails. Is this correct? Once this has been accomplished I would also like to the the API to import contacts, but for now authorization/authentication is sufficient.
The problem I am facing is that after trying to make heads a or tails of the google oAuth api documentation im really confused and did not yet manage to make a working example. Documentation often has links to a depreciated API and there is no example with a dowload link to both the API needed and exaple source code, as a result I think im using incorrect libraries for my examples.
Its also not clear to me what/how to accomplish what is needed do I use client authentication via javascript to create a popup whereby the user grants access?
Or do I use installed app client with a token and secret, this is what I tried but the 'command line' example I tried requires Java EE and this is a native app so I dont see why and I dont want to import all Java EE libraries to my small email downloader app.
Where can I find more intuitive documentation and working examples on this?
If you stay away from OpenID 2 and OAuth 1, I think the docs are pretty orderly these days. The best place to start is https://developers.google.com/accounts/docs/OAuth2
Hey all, i want to integrate my Blackberry App with Twitter, and found that the way to do it is with OAuth. The problem I have is that i would like to do the verification of this from my server as to put less strain on the device, but I have no idea how to get the OAuth PIN from the server to be displayed on the device so the user can enter it, any ideas as to how i can do this? or an alternative ?
You can't. OAuth was designed such that only the service provider can provide authentication (so that the developers don't have to store their client passwords on their database servers and if the client changes their passwords, then it would have to be managed also on the developers side too). There is only one source of authentication and that's from the service provider (Twitter, in this case). Sharing of passwords is therefore eliminated.
OAuth doesn't work on PINs but rather using Request/Access Token. Follow the Beginners' Guide to OAuth and Twitter Developer's Auth Page to see how you can incorporate OAuth to Twitter. Just to give you an heads up, you will have to register your application to Twitter.
Update For Mobile and Desktop applications, rather go through Twitter's xAuth. Here's a documentation on how to register and use your application to use xAuth.
Twitter OAuth FAQ.