I am developing a website, where users will can login using their Google account. When i was about to develop this feature i came to know about two things
Gmail api
Google+ api(social)
I want to know want is the difference between these two apis, why google is providing two different apis for authentication. I tried using google+ api, and if the user doesn't have an account in Google+ then google is forcing user to register into google plus and then login to my website.
Which one is better to use for authentication into our website google or google+?
If you will use Google plus Api for authentication process then user need to have google plus account and If user is not having google plus account then He need to create it
I suggest you to use Google api for authentication because you can get basic information with it but if you want to get all social media data of google plus then you have to use google Api
Simple - API calls do not access any private user data
Authorized - API calls can read and write private user data, or the applications own data - API key plus OAuth 2.0 credentials (different for different application types)
Related
I'm very new to using APIs and I'm struggling to figure out the authentication. With my email I can log in to a corporate analytics page and view the information. My account is only at a 'user' level. How do I get access tokens so I can scrape the data from the page using the Google API? Do I need the admins of the page to get these tokens? I tried using the generate access token but I don't know the service account email. Any advice would be appreciated because I'm so confused.
Answer: how do I get access tokens without being an Admin
As long as your personal account has read access you can use Oauht2 to authorize your application and then be able to access the data that way you do not need to be admin.
All your other questions 😊
How do I get access tokens so I can scrape the data from the page using the Google API?
First off if you use Oauth2 in your application and login with your own user you you will be able to use the Google Analytics api as you have read access thats all you need for the Google analytics api in order to request data.
Do I need the admins of the page to get these tokens?
No anyone with read access can authorize an application to access the google analytics api.
I tried using the generate access token but I don't know the service account email.
Service accounts are completely different than normal Oauth2. A service account is a dummy user which needs to be preauthorized to access the data it has nothing to do with your personal access. To preauthorize a service account to access the google analytics api you will need to have admin access to the google analytics account and take the service ac count email address and add it as a user on the google analytics account. It will then have access to read the data.
Any advice would be appreciated because I'm so confused.
Decide if your application should be allowing users to login to it and access the data on their own google analytics accounts. If so then you should be using Oauth2 and not a service account.
If you are only trying to access this single google analytics account then you should be using a service account. However you will need to contact the admin to have them grant your service account access to the data.
Within our application we would like to provide automation features for Instagram Business users. The Instagram API is migrating to Facebook graph, so we have implemented authentication through that. The problem is that we don't want ALL Facebook users to be able to authenticate, only Instagram Business accounts.
Is there a way we can configure the OAuth setup so that it only lets in the user type that we want?
Otherwise it seems we would be left to do this within application code after the authentication process is complete, which would be a pretty poor user experience (eject the user after they've authenticated).
We're currently using Firebase to perform the OAuth integration, but would be open to implementing manually if it provides a better user experience.
Is there a way of passing username/ password to Google Apps IDP and get a response as to whether a username/ password pair is correct?
I know I can use OAuth for authorization and access user data but note that I want to check if his credentials itself are valid. OAuth for sure will not work for me. I need a way to directly query Google Apps' IDP particularly not to use it and access something else.
I wish to use this to customize the Google's standard login page itself. OAuth doesn't allow me to do that.
Short answer: no.
Google actively tries to prevent the scenario that you describe because it would mean that Google users hand over their Google credentials to your application, aka. phishing.
That precludes branding of the Google login pages as well since it would make it harder for users to verify that they actually type in their credentials on a login page provided by Google.
As said in the other answer, Google Signin with OpenID Connect (built on top of OAuth 2.0) is the standardized way to offer users login to your application with their Google account.
Google (Apps) accounts can be used as an OpenID identity provider. By implementing your app as as a relying party, you could authenticate your users based on their Google accounts. Much like stackoverlow Google login: http://code.google.com/googleapps/domain/sso/openid_reference_implementation.html
With SAML SSO, Google acts as a relying party. While its possible to use provisioning API and clientLogin, this is not supported and is possibly against Google Apps ToS.
Simplified background:
Website that allows users to upload and comment some content, let's say images (classic CRUD web application).
Three ways to sing in into the system: classic username/password form, Facebook Conntect, OpenID (Google).
Public API that allows to read data from the system and create content (authenticated users).
Mobile (iOS/Android) application that uses API.
Problem:
Just like the website, the mobile application should provide FBConnect/OpenID authentication. However, I have absolutley no idea how to authenticate such an user in the website's public API.
How to create a secure authentication mechanism for mobile application that uses FB/Google for its authentication and on the same time uses my API for authenticated users?
I have a web application that's going to be available for all users on my google domain.
Is there a way of allowing the application to manage user's emails, calendar, etc without requiring the user authorization using the fact that all users are part of the domain?
You will need to have a look into Google Apps 2-Legged OAuth APIs, they will allow you to access/manipulate users data without their authorization.
You can find the list of available 2-Legged OAuth APIs here.
Unfortunately you will see that you cannot do as much with the 2-Legged API as you can with the 3-Legged API. However, 3-Legged OAuth requires the users consent at least once.