Just starting to build my first Google Chrome Extension and I'm confused about how one could pass user credentials from an app, and log users into the extension.
I need to pass a user key. Can Chrome Storage be used for that?
I have tried another similar that signs users in with just a click to their app, if a user is logged in then it seems that Identity Token is somehow passed to the extension. How do you achieve this? Chrome storage? Oauth2?
PS: I'm not trying to log them in with Google Sign In but to my app, which accepts its own sign-in + Google and LinkedIn sign-in.
Thank you
Related
I'm running App Engine's local dev_appserver.py and trying to authenticate using the Paw app for Mac.
Here Paw correctly renders the login page:
However, every time I sign in, it asks me if I'd like to open the subsequent page in Chrome.
I would like Paw to store the login credentials but have no idea how to tell it to do that. Any help would be greatly appreciated.
I was able to find a hacky way around this by manually copying cookie values from Google Chrome. Here's how I did that:
Sign in to local app via Chrome
Open Developer Tools
Under Storage, expand Cookies and click on http://localhost:8080
Find the cookie named dev_appserver_login
Next, it's as simple as copying over each value into Paw's Cookie Sessions window.
Open the Cookie Sessions window
Copy over the Name, Value, Domain, and Path into a row in the cookies list
Going back to Paw and executing a request that requires auth, everything works:
Is it possible to show the Keep Me Signed In checkbox when logging a user into Active Directory via the login.microsoftonline.com/[tenantId].onmicrosoft.com/oauth2/authorize endpoints? When logging in via login.microsoftonline.com, the page will show the KMSI box, but it is missing on the oauth2 endpoints. See for example the two attached images.
Login endpoint
Authorize endpoint
Based on the test, the Keep me sign-in is only work for the web app. If you developing the web app it should shows like figure below:
This is expected because that Keep me signed in uses the cookies to store the sign-in user info and the native client is not using the broswer.
If you have problem to keep the users sign-in for a long time, you may share the secnario and detail code you were developing.
What URLs I need to enter in Google API credential page?
I created an Oauth2 credential for my Google App engine web app.
I entered callback as https://myapp.appspot.com/oauth2callback and it works fine.
Now I am developing V2 and am deploying the app to 2-dot-myapp, Oauth2 stopped working. Do you have to specify callbacks for all versions I am going to deploy?
Yep! Google (or any OAuth provider) will not allow people to log in unless the callback URL provided during authorization exactly matches one that configure on the credentials page.
I am trying to get the user who is logged in via. SAML Single Sign On.
I have already implemented SAML Single Sign On and it works.
The code I use for programmatic login is :
apps = gdata.apps.service.AppsService(email=username, domain=domain, password=password)
apps.ProgrammaticLogin()
logging.info("current user %s", users.get_current_user())
//Redirect to a Google mail page.
But users.get_current_user() returns None always even though correct username and password is provided. I have crosschecked it by redirecting the page to Google Mail page and it successfully redirects.
I have googled this issue for hours now nothing goes the right way.
Can anyone please guide me what I am doing wrong ?
There are three different things going on here, I just want to make sure are clear for my suggested answer to make sense:
Google App Engine users service: You, as the developer, delegate authentication and authorization responsibility to Google Accounts (or the selected OpenID provider). Google will act as the Identity Provider and you'll act as the Service Provider.
SAML single sign on: Google delegates to you the authentication and authorization responsibility, you'll act as the Identity Provider and Google will act as the Service Provider. You'll be using SAML SSO every time you try to login any Google service using you Google Apps account, that includes Google App Engine applications using the users service.
ClientLogin: It is one of the methods for authenticating to use a Google API by giving username and password. It's deprecated, it's hard to maintain and insecure since you are hard coding the credentials and the app could have access to everything. I'd recommend switching to OAuth instead. In the first two lines of code You are initializing the Google Apps provisioning API with gdata.apps.service.AppsService, if you are not going to retrieve or create users/groups/alias is useless to do that. If you are I'd also recommend switching to the Directory API part of the new AdminSDK
For your particular case I'd suggest checking if there is a current user logged in, if not redirect to the login URL using the GAE users service.
user = users.get_current_user()
if user:
logging.info("current user %s", user.email())
else:
return redirect(users.create_login_url(request.url))
In case you always require that the user is logged in you better set the handler as login: required
The user will be redirected to the SAML SSO page to log in to his Google Account in order to access the GAE app.
I am developing an app to be hosted on Google App Engine. Users will be able to use their Google IDs to login to the app. The app also has a client counterpart in the form of a Blackberry Application.
My question is - is there a suggested way for my app to collect the user's Google credentials so that I can authenticate it against Google using OpenID semantics? In Android, for example, I can use the Accounts API so that I don't need to explicitly ask the user to enter credentials. What's the way to do this in Blackberry?
I see 2 ways, neither of which is ideal:
Write my own form in my native Blackberry app where the user enters Google ID and password, which I then use to obtain the authenticator token and perform the rest of the authentication behind the scenes. But the point is - it is inappropriate to ask a user to trust my app with their Google credentials.
Use standard Google Open ID Authentication mechanism - which opens up the web browser and displays Google's Open ID login page. Although this is a one-time thing (after which I can save the authentication token so that future requests to GAE do not require any prompting for credentials), the user experience is still disruptive since it involves opening the browser in addition to my native BB app.
So, what's the suggested way forward?
Using the browser to authenticate is pretty much the only standard way to do this. A number of Android apps do this for OAuth or OpenID endpoints too. Depending on how the Blackberry's protocol handlers work, you should be able to set a continue URL that results in your app being called back by the browser when authentication completes.