I'm creating the flow in my application to sign up new users who come from the Intuit App Store. In a presentation (and other places in the documentation) it talks about getting OpenID information after the user completes the Try It process (simulated with Test subscribe to app from Intuit App Center (OpenID)).
When I do "Test subscribe to app from Intuit App Center (OpenID)" I don't get any OpenID info. And after going throught he Direct Connect javascript/oauth process I only get back OAuth credentials, no OpenID.
How are we suppossed to connect the OpenID to the account we create using the OAuth info gathered from the "Test subscribe to app from Intuit App Center (OpenID)" and Direct Connect process?
The IPP documentation for this part of the process needs major help.
Ok, figured it out:
You need to do the whole OpenID process on the page that is hit from Intuit Sign In, Try It, or Test subscribe to app from Intuit App Center (OpenID) links.
From the documentation is sounds like OpenID info is passed to you from the process on the Intuit side before it hits your app. But this is not true. You have to go explicitly do OpenID after your app is hit.
Intuit: Please improve your documentation of this, it's not clear at all.
Related
I have a website providing functionality for Google Sign In. There is a server side authentication taking place after getting idToken on client side.
Now I am making an app(in FLUTTER) for the same website. In Google API console, I have to create new credentials under the same project and that generates new client id.
I read about cross client identity (Link: https://developers.google.com/identity/protocols/oauth2/cross-client-identity). I want to know how can I implement this so that a user is asked for approval only once.
Do I really need two client ids?
This will work even if the web app and mobile (Flutter) app do not have the same client ID. This is stated in the documentation here:
Google considers that when a user has granted access to a particular scope to any client ID in a project, the grant indicates the user's trust in the whole application [i.e., all clients in the project] for that scope.
You should make a project that contains multiple clients. Your Web app will be one and the Flutter app will be another. These will end up with different client IDs, but that's OK. Later, when the user authorizes (consents to) a scope from the Web app, they will still authenticate in the Flutter app but not have to reauthorize this second client to use the same scope. The reverse is also the case -- if the user authorizes a scope in the Flutter app first, they will later have to authenticate in the Web app, but they won't have to consent to the scope.
I'm trying to make a chatbot with Dialogflow for Google Home. It requires the user to input a URL. Now it will definitely be a long and complicated URL which I can't recreate and I can't have the user speak into the google home.
The idea I had was that the user would input the URL on an agent on messenger. I store this on a Firebase database and then access it with a second agent.
Now the issue I have is authentication, I was hoping to use account linking on my google action with facebook. But I can't login to Facebook with google home. Or if I can, I can't find any documentation specific to that case. Facebook doesn't provide the necessary client ID and secret(as far as I can see).
I managed amazon and Gmail account linking with Alexa and an Amazon Echo. In those cases, you would have to login to google or amazon on the Alexa app or webpage. Then this will be integrated with your Echo and the skill will become usable.
Anyone have an idea of how I can make the link happen, if not then anyone have an idea as to how I can solve the overall problem?
This question has been left unanswered on other forums, but I was hoping to either get it solved or find an alternative.
There are three approaches to solving your overall problem - getting the URL manually entered and available to your Action. Two of them tackle it the way you've suggested - involving authenticating to Facebook and tying that to the Assistant account somehow. One solves it entirely inside the Assistant.
Account linking to the Facebook account
You've tagged firebase-authentication, so I'm going to assume that you're using it to do the auth and you've enabled Facebook login through it. This means your user has a "Firebase Account", but they log into that account using Facebook.
I will assume you have a way to get the URL from messenger once they're logged in.
The trick in this case is to setup Account Linking between their Firebase account and their Assistant account. This is done by setting up an OAuth2 server that has access to the Firebase accounts and will create authorization and refresh tokens that are given to the Assistant.
In the Action, you'll send the user to the Sign In helper, which will redirect them to your login page and send back a one-time auth code to the Assistant. The assistant will then use your OAuth2 server to exchange this code for auth and refresh tokens. Periodically it will use the refresh token to get new auth tokens.
When the user returns to the conversation through the Assistant, you'll be handed an auth token and you can use this to lookup the user. Since you also know their Facebook account, you can get the URL via however you planned to do so.
There are drawbacks to this method - it is very complicated, and setting up your own OAuth2 server is not for the faint of heart. You may be able to use something like Auth0 instead of Firebase Authentication to accomplish the same thing, but then you don't have the ease of access to the Firebase database.
Account linking to both Facebook and Google
In your Firebase account, however, you don't need to limit them to just logging into Facebook. You can have them use Firebase to record both the Facebook and Google accounts that they're using. This would "link" the two accounts together in your system.
With this, you don't need to setup an OAuth2 server. Instead, you can have the Assistant use Google Sign In for authentication. If the Google Cloud Project that Firebase is using and the Assistant are using are the same project, then once the user has logged in to your project's web page with their Google account, you'll get an identity token on the Assistant which will contain their Google ID. You can use this to match up with their Firebase account and get the Facebook ID and proceed from there.
But this is still a lot of work and kinda messy, jumping between systems.
Using just the Google Assistant (and maybe a web page)
If you're willing to make some assumptions about the devices your users are using, then you may be able to do it all just using the Assistant. The Assistant doesn't just run on the Google Home and other smart speakers, it also works on most current Android and iOS devices.
So you can detect if they have such a device available and, if they do and they're not currently on it, direct them to switch to that device when you need the URL.
If they don't have such a device available (perhaps because their version of Android is older), and you think this may be a common scenario, you may need to make another entry source available. This could be one of the solutions above, or you may want to just have a simple web page (done via Firebase Hosting and Firebase Functions, perhaps) where they log in using their Google account (so you get their ID) and you let them enter the URL. If you just need a URL - going through Dialogflow may be more complexity than you need.
I am successfully using OpenID and OAuth in development mode. Once I am ready to move to Production will the process change in a way that the authentication/authorization process will not require manual intervention? Today I click on the "signin" button to authenticate using OpenID. I then click on the "Authorize Quickbooks" button to authorize using OAuth. During these two processes I am redirected to Intuit where I click on buttons to allow authentication/authorization. Will I be able to achieve this process through code? I am working on a SaaS application and need to authenticate/authorize in code because the manual steps will not work with the application I am working on.
Your app should work the same way in development as in production.
Make sure you have gone through the requirements checklist - http://docs.developer.intuit.com/0025_Intuit_Anywhere/0010_Getting_Started/0040_Publishing_Your_App/0010_Reviewing_the_Requirements_Checklist
There are different requirements if you are just doing the Connect to QuickBooks flow or you are also wanting to be listed on Appcenter.
Do the free trial on a couple of the apps in the app center to see what they are doing. I tried out eBillity, their app picks up OpenID and OAuth without user interaction during the subscription process.
Based on that, yes, I think you can achieve it all in code. Personally I have not been able to get the OAuth tokens without user intervention.
Update: Use this JS method to do the OAuth authorization during the subscription process:
http://docs.developer.intuit.com/0025_Intuit_Anywhere/0060_Reference/JavaScript_Functions/directConnectToIntuit
Several WP7 apps (like the official FB application) provide their own login dialog and after filling it you get connected to facebook.
Further you are automatically logged in when you call the application later.
In general it's no problem to store the credentials encrypted on the device.
My question - has anyone an idea how to achive what the "offical FB app" does?
I searche around - but found nothing more then "must use the dialog / there is no other way...".
But for sure there is a way - since apps do this.
The "official fb app" also requires authentication.
the "Built in facebook support" works by connecting your LiveID to your facebook, and you still gave it your credentails when you connected it the first time.
There is nothing that exposes the "built in" credentials for any of the accounts (twitter, linked in, etc)
Can you imagine what would happen if ANY app could just automatically log in to any of those apps and do whatever they want?
I have an app that can be accessed on mobile phones, both iOS and Android. The app has a social component to it, so people are sending data to and from my server.
I also have an interface for this app that will be accessible through Facebook.
When logging into the app via mobile device, using the native app for that device, one can just log in with standard username and password.
However, obviously if a user accesses the app in Facebook, they will expect to already be logged in since they are already logged into Facebook.
So I need to make it so that my app can take a log in from Facebook, pretty much automatically (?) for users who are coming at it from within Facebook.
Further, it's possible (dare I say "likely"?) a user might access the interface from both Facebook and one of the mobile versions of the app. In which case I need to be able to ensure that the username/password authentication they use on the device points to the same account associated with their Facebook login.
So... all that said... what kind of Facebook authentication should I be studying and implementing.? I'm looking at their documentation right now, and like all documentation, it's not easy to grasp. There is server-side (authentication code flow?) and client-side (implicit flow?), and authentication tokens, and I'm already a bit lost.
Also, I assume Facebook's approach is to want to take over my login in process completely, not live side by side with my mobile-device-only login, but I'd like to make sure users have the option of not using Facebook authentication if they don't want.
Can someone point me in the right direction for how to do this? Basically let me know which part of the documentation I should be focusing on.
And are there any gotchas I should watch out for?
Your server will receive a signed request when your app on facebook.com is loaded; from this you can find the FB uid of the user.
If you obtain the FB uid for users of your mobile device clients you'll be able to match your app's accounts between mobile device & facebook.com clients.
The bottom of the main authentication docs page gives links to further documentation for different client types. The main mobile authentication page has side-bar links to tutorials & SDKs for iOS & Android. Alternatively you could use the server-side OAuth flow as your devices have browsers that support this.
Once you've completed authentication on the mobile device it's simple to obtain the uid.
You can also use the Facebook authentication flow instead of your own username/password authentication.