I am using the Flutter google_sign_in package to sign the user in with Google (only requesting the basic scope permissions) and then in another spot in my app I need to check if the user has granted my application a certain scope (google photos access) so I can change my user interface to add a button to connect to their google photos if they have not granted access yet. The package does not seem to expose this functionality? How are other people handling this situation?
Related
I am doing an azure active directory login with this plugin https://pub.dev/packages/aad_oauth.
However the plugin uses the webview plugin and the following error occurs because of that.
“You can’t sign in from this screen because this app doesn’t comply with Google’s secure browser policy”
Error 403 dissallowed_useragent
How do I get around this problem?
Google allows sign-in with Google Account only in normal browsers, it restricts it in web-views due to security reasons and recommends Google SDKs for iOS and Android for this purpose.
A similar behaviour exists for Facebook login.
In general, these services recognize the default WebView user agent, so to make it work, you could just set a custom user agent value.
You can use my flutter_inappwebview plugin to implement this logic.
I have created a project example that implements it and it's available at https://github.com/pichillilorenzo/flutter_inappwebview_examples/tree/main/third_party_oauth_user_sign_in
I have a website providing functionality for Google Sign In. There is a server side authentication taking place after getting idToken on client side.
Now I am making an app(in FLUTTER) for the same website. In Google API console, I have to create new credentials under the same project and that generates new client id.
I read about cross client identity (Link: https://developers.google.com/identity/protocols/oauth2/cross-client-identity). I want to know how can I implement this so that a user is asked for approval only once.
Do I really need two client ids?
This will work even if the web app and mobile (Flutter) app do not have the same client ID. This is stated in the documentation here:
Google considers that when a user has granted access to a particular scope to any client ID in a project, the grant indicates the user's trust in the whole application [i.e., all clients in the project] for that scope.
You should make a project that contains multiple clients. Your Web app will be one and the Flutter app will be another. These will end up with different client IDs, but that's OK. Later, when the user authorizes (consents to) a scope from the Web app, they will still authenticate in the Flutter app but not have to reauthorize this second client to use the same scope. The reverse is also the case -- if the user authorizes a scope in the Flutter app first, they will later have to authenticate in the Web app, but they won't have to consent to the scope.
I'm trying to make a chatbot with Dialogflow for Google Home. It requires the user to input a URL. Now it will definitely be a long and complicated URL which I can't recreate and I can't have the user speak into the google home.
The idea I had was that the user would input the URL on an agent on messenger. I store this on a Firebase database and then access it with a second agent.
Now the issue I have is authentication, I was hoping to use account linking on my google action with facebook. But I can't login to Facebook with google home. Or if I can, I can't find any documentation specific to that case. Facebook doesn't provide the necessary client ID and secret(as far as I can see).
I managed amazon and Gmail account linking with Alexa and an Amazon Echo. In those cases, you would have to login to google or amazon on the Alexa app or webpage. Then this will be integrated with your Echo and the skill will become usable.
Anyone have an idea of how I can make the link happen, if not then anyone have an idea as to how I can solve the overall problem?
This question has been left unanswered on other forums, but I was hoping to either get it solved or find an alternative.
There are three approaches to solving your overall problem - getting the URL manually entered and available to your Action. Two of them tackle it the way you've suggested - involving authenticating to Facebook and tying that to the Assistant account somehow. One solves it entirely inside the Assistant.
Account linking to the Facebook account
You've tagged firebase-authentication, so I'm going to assume that you're using it to do the auth and you've enabled Facebook login through it. This means your user has a "Firebase Account", but they log into that account using Facebook.
I will assume you have a way to get the URL from messenger once they're logged in.
The trick in this case is to setup Account Linking between their Firebase account and their Assistant account. This is done by setting up an OAuth2 server that has access to the Firebase accounts and will create authorization and refresh tokens that are given to the Assistant.
In the Action, you'll send the user to the Sign In helper, which will redirect them to your login page and send back a one-time auth code to the Assistant. The assistant will then use your OAuth2 server to exchange this code for auth and refresh tokens. Periodically it will use the refresh token to get new auth tokens.
When the user returns to the conversation through the Assistant, you'll be handed an auth token and you can use this to lookup the user. Since you also know their Facebook account, you can get the URL via however you planned to do so.
There are drawbacks to this method - it is very complicated, and setting up your own OAuth2 server is not for the faint of heart. You may be able to use something like Auth0 instead of Firebase Authentication to accomplish the same thing, but then you don't have the ease of access to the Firebase database.
Account linking to both Facebook and Google
In your Firebase account, however, you don't need to limit them to just logging into Facebook. You can have them use Firebase to record both the Facebook and Google accounts that they're using. This would "link" the two accounts together in your system.
With this, you don't need to setup an OAuth2 server. Instead, you can have the Assistant use Google Sign In for authentication. If the Google Cloud Project that Firebase is using and the Assistant are using are the same project, then once the user has logged in to your project's web page with their Google account, you'll get an identity token on the Assistant which will contain their Google ID. You can use this to match up with their Firebase account and get the Facebook ID and proceed from there.
But this is still a lot of work and kinda messy, jumping between systems.
Using just the Google Assistant (and maybe a web page)
If you're willing to make some assumptions about the devices your users are using, then you may be able to do it all just using the Assistant. The Assistant doesn't just run on the Google Home and other smart speakers, it also works on most current Android and iOS devices.
So you can detect if they have such a device available and, if they do and they're not currently on it, direct them to switch to that device when you need the URL.
If they don't have such a device available (perhaps because their version of Android is older), and you think this may be a common scenario, you may need to make another entry source available. This could be one of the solutions above, or you may want to just have a simple web page (done via Firebase Hosting and Firebase Functions, perhaps) where they log in using their Google account (so you get their ID) and you let them enter the URL. If you just need a URL - going through Dialogflow may be more complexity than you need.
I have been making Google Home apps, but now I want to make apps that are connected to Firebase server and DialogFlow API. How is it possible to integrate user authentication in an ios app to identify that user who is using Google Home with that login state?
For example, if I make a restaurant ordering app, I want any user to make a request through Google Home and the user can check his/her ordering history on an ios app.
A user logs in through an app and then how does google home detect that user as a logged in user? I have been searching how to implement this, but nothing hits.
You will need to implement account linking for Actions on Google. This will require two server-side components that you'll need to build:
You'll need to create an OAuth server that will allow the user to authenticate to your service (and use Firebase auth as a component of this) and authorize the Google Assistant to access your service. It does this by generating tokens that it hands to the Assistant.
Your Dialogflow fulfillment webhook will get this token passed to it as part of the conversation. It uses this token to determine which user is making the request and confirm it is valid.
There are OAuth services that are available that work with Google's auth that you should be able to fit in here, or you can write your own using Firebase Hosting and Firebase Cloud Functions. The Dialogflow webhook can, of course, be done using Firebase Cloud Functions.
I'll be needing some help regarding the Facebook permissions. Actually, I have defined a permission set on my facebook developer account under permissions and setup an application as well. I would like my ios application to pull permissions (On Login) that are specified under my account. I know I can use iOS or FB SDK 3.5.1 in my application (which I am using) but I don't want to specify permissions set on device, Just want to save version submissions of my application on store, don't want to keep this on client side. I know how to achieve permissions etc on iOS device as well which I have been using since Facebook 2.0.
So, is there a way using which application should pull permissions from the application ID (developer account) instead of specifying the permission set on the client (iOS).
Many Thanks,
Reno Jones
I think you are trying to think in reverse direction but this is not possible to achieve.
Permissions are never attached to any app, we specify permission so we can use those explore more using that appID.
Means there is nothing as such permissions for appID, appID & permissions are both different thing.
For Eg: I have created an app to see my details on Facebook. In order to achieve it we are not required to configure my appId on facebook. So its only us(the developers) who know what user can do with Facebook using that FBID.
So we just ask permissions separatly.