I was just wondering is there any philosophical differences between GAE Java User API and Google+ social plugin sign-on?
Both seems to served the core purpose, which is to authenticate a user against his/her Google account.
Hope someone can enlighten me.
Referneces :
https://developers.google.com/+/web/
https://cloud.google.com/appengine/docs/java/users/
GAE Users service can be used pretty much only for login to a specific GAE application, while Google+ sign in can be used to interact with any Google API. For example, if you need to know even a basic detail such as the user's full name, the Users service can't help you there.
The Users service is more "transparently coupled" to the user's session in Google - once the user has signed in, assuming they checked "remember me", they will keep being signed in as long as they don't delete the cookie, and you as a developer don't need to do any special check. With Google+ sign in you need to check whether the user is signed in on each visit and handle expired tokens yourself (though client libraries help with it).
Related
I'm using angular, google app engine and JAVA on the backend server.
User can authenticate without problem with an opendId connect URL where code is passed back to my server to authenticate.
Now what I wan't to do is send mail to user (refresh password, confirm account mail) and to myself (server error message) with my account myaccount#gmail.com.
Also I have sheets I need user to write and read datas to/from. Magically I've made it worked as an installed offline app (only 1 api at a time, I never made the two worked together).
I've tried service account but from a last post somebody explained me that in order to make gmail work I needed a g suite account which I don't have and suggest me to go through oAuth2 authentification. Now the question is how can I implement that in java with a single authentification, I explain, I wan't to authorize app to have access to certain scopes but it should be only be authorized once because I don't want user to have a consent screen popup and even if they had they couldn't authenticate as it is on the behalf of my personnal account. I don't think I can use installed app for a google app engine app but maybe I'm wrong.
just to let you know I have tried lot's of different manners and spent about 3/4 days trying to find a solution without clearly understanding/finding what to do.
Any help is greatly appreciated please let me know if you need more explanations or code.
I think you are missing a few key concepts here.
DATA
There are two types of data private user data and public data. Private user data is owned by a user and there for you must have permission or concent to access it. Public data is data that is owned by anyone.
Oauth2
Oauth2 is the protocol we use to request connect from a user for our applications to access their data. A user can grant you access to their gmail account and their google drive account granting you access to the sheets on their account.
Service accounts
Service accounts are preapproved dummy users. As a developers we can create service accounts and grant them access directly to our drive account then the service account will then be able to access to the data without being requiring consent as it already has pre approved access. (not all google apis support service accounts. gmail (with the exception of gsuite) and YouTube are two that dont)
What you are trying to do
However i do not understand why you want to use the users gmail account to send them an email. If you want to send them an email i would think you would be using your own email system.
If what you are trying to do is use your gmail account to send users of your application emails from YOU. Then you should consider going directly though the SMTP server to your own account. Having an application that uses the gmail api is one of the scopes that will be flagged by google when you try to get your application approved. You are going to be going though a lot of red tape with them to show why you need access to a users gmail account.
I'm a bit confused on how I can implement a user system into my application.
For a small overview, the mobile application needs to allow users to login or register, follow other users, and favorite/like items.
I've checkout out the documentation on Google Cloud Platform for implementing User Auth:
https://developers.google.com/identity/protocols/OpenIDConnect
https://cloud.google.com/appengine/docs/standard/java/users/
https://cloud.google.com/appengine/docs/standard/java/oauth/
I've used Parse in the past, and would expect the Firebase User Auth system to offer a similar experience, however due to Firebase conflicts with App Engine, that route is a no-go.
I understand there is also the User API, which can be used for things like restricting Cloud Endpoints calls to logged in users.
How can I roll a user auth system for my application? The best solution that comes to mind would be to just store user emails and passwords in Google Cloud Datastore, and check if the combination exists when a user logs in. However, I'm fairly unfamiliar with creating user systems and this seems like it would come with some sort of security issues.
you can use Firebase Authentication with Google App Engine. Your information that you have to use manual scaling instance is not correct. This was a bug and were fixed. Please see the following post for more informations
Verify Firebase Token at Google App Engine
I posted a question here 8 days ago with no reply. I'll try to ask better:
I'm trying to integrate a Gmail login feature into my desktop java program. Upon the very first launch, the user will be required to login/create an account. The option to "remember me" should be available afterwards. Users need to login so that the app can search their inbox for emails containing attachments, and then download one or more attachments. No emails are ever sent.
OAuth 2.0 seems like a reliable API, but I'm confused about 3 things:
1) Pricing: The link here seems to mention there's no charge for the OAuto 2.0 API, regardless of whether it's used for commercial purposes or not. Do you know if this is correct or how I can verify it?
2) Legality: Is it legal to make money from software that uses Google's OAuth 2.0 API? Like I said, the app will only be logging into a user's email to download an attachment from a particular email.
3) Implemenation: Is the OAuth API the most reliable/efficient method? My rationale was to allow Google to handle the privacy and security issues so to avoid storing encrypted login data on user's PC. This is what I'm aiming for visually:
Hey all, i want to integrate my Blackberry App with Twitter, and found that the way to do it is with OAuth. The problem I have is that i would like to do the verification of this from my server as to put less strain on the device, but I have no idea how to get the OAuth PIN from the server to be displayed on the device so the user can enter it, any ideas as to how i can do this? or an alternative ?
You can't. OAuth was designed such that only the service provider can provide authentication (so that the developers don't have to store their client passwords on their database servers and if the client changes their passwords, then it would have to be managed also on the developers side too). There is only one source of authentication and that's from the service provider (Twitter, in this case). Sharing of passwords is therefore eliminated.
OAuth doesn't work on PINs but rather using Request/Access Token. Follow the Beginners' Guide to OAuth and Twitter Developer's Auth Page to see how you can incorporate OAuth to Twitter. Just to give you an heads up, you will have to register your application to Twitter.
Update For Mobile and Desktop applications, rather go through Twitter's xAuth. Here's a documentation on how to register and use your application to use xAuth.
Twitter OAuth FAQ.
Hi I am developing an Android App where I require a user to authenticate his session before using the app. One way is to store a user name and password by asking him to register on the app and then use that to authenticate him. But i was looking to do something else, maybe use an OpenId account to authenticate or Opensoial or something like Facebook Connect. Any Suggestions and comments? thanks for you help.
First, please do not whine about not getting answers after only an hour, particularly when it's Sunday in much of the world. If you want responses in less than an hour on a weekend, hire an expensive consultant.
Hi I am developing an Android App
where I require a user to authenticate
his session before using the app.
Why?
Any Suggestions and comments?
Most Android applications do not require authentication for local use. They may require authentication for access to online content (e.g., Web service), in which case the authentication is handled by the Web service and uses technology dictated by the Web service.
Bear in mind that any online authentication process (e.g., OAuth, Facebook Connect) means your application cannot be used in offline mode.
If your goal is to use authentication as some means of helping to combat piracy, you might consider using the new LVL system that Google released this week.