I have the following goal - I want to integrate my application users with Coinbase. All users should be able to connect their own Coinbase accounts with my application so I can grant read permissions. In order to do that I have to use oauth api, but the problem is, I do not want to ask users to first create oauth application through the Coinbase UI themselves and then provide me the application ID and secret so I can initiate a coinbase oatuh integration. I need a seamless, one click integration. Do you have any suggestions how to achieve that?
Thanks....
The whole point of oAuth to not need the api key.
this is the documentation that says how to do it. future questions need to be programming specific or stack overflow will eat you up for dinner.
https://docs.cloud.coinbase.com/sign-in-with-coinbase/docs/sign-in-with-coinbase-integration
Related
I'm building an app using which the users registered(from the IAM page) for the project can access the resources of that project. I need the authentication when the URL is hit. Is there a way to achieve this?
Is it possible to provide IAM roles specific for a user request (assuming that the user will login using his email id) to access the resources based on IAM level permissions?
In the early days of AppEngine it was pretty easy to do some basic auth/access-control, but lately they're moving it to something called IAP.
From your wording I am assuming you are trying to abstract administrative tasks of a GCP project to lesser privileged administrators.
Questions 1 and 2 can be quickly solved by defining privileges in IAM using a pre-built roles or creating a custom role if you need to be more specific. Hereby you can use GSuite, GMail, Google Group accounts and let them sign into console.cloud.google.com. They will consequently only be able to see and act upon what you've assigned to them to in IAM.
If you still want to go through with building it yourself, every product does provide an API including authentication. Best practice for your use case is to instead of assigning an individual user access to a resource, you rather create a service account and then allow the user to call that service account. For this GCP has the Service Account Actor Role described well in the official documentation and also Salmaan Rashid provides a good practical insight on medium.
So what I'm trying to do is sign into a Gmail account programmatically and not using 0Auth2 to sign into the user's account. What I'm trying to do is sign into the account I set and then display a link which is in that email's inbox. I've looked a lot and I can't seem to find a way to do this without showing anything or without using 0Auth2. I have installed Google's Gmail API into my Xcode project. Here are some of the places I have looked.
https://developers.google.com/gmail/api/quickstart/ios
https://developers.google.com/gmail/api/v1/reference/users
Searching on stackoverflow questions
other places
I think there is no way to use this without Oauth, and it is stated in the Gmail API documentation that all requests to the Gmail API must be authorized by an authenticated user and Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to user data. For more information, check this thread.
If you are trying to create an application that will use special account only to login to gmail, it can't be done without oauth2, but you can take a look at oauth2 scenarios here google oauth2 scenarios
In your case, in my opinion, server-to-server scenario can be a solution
I'm coding a Python - Google App Engine application. There are 2 important things this app must do:
Write in user's calendar.
Write in user's profile (working with users in a Google Apps domain)
First operation is easy. If I understood OAuth, this is the classical 3-legged scenario. The scenario for which OAuth was originally developed. The logged user provides credentials to the client (my app) to access the user's data (calendar) on his/her behalf. So, this can be done just with the logged user's credentials.
Second operation is not so easy. It can't be done with just the logged user's credentials. This is a 2-legged OAuth scenario. So, I need to delegate in a Google Apps domain admin's account to access the users's profiles using Google Profiles API (via google data library). So far, I hardcode admin user/password in a json file, and my app loads that file. But that sounds kind of dirty for me.
At the end, my app needs to handle the classical 3-legged OAuth scenario (no problem, just need the logged user's credentials) plus a 2-legged OAuth scenario (need administrator credentials).
Is there any official or more elegant way to handle both scenarios in Google App Engine, working with Google Apps domain, that hardcoding admin credentials?
Many thanks in advance
AFAIK there is no way to authorize a write operation to Google Contacts Data API using 2-legged OAuth.
Google's documentation specifies which APIs are accessible via 2-legged OAuth, but it seems that someone at Google's forgot to specify that some of them are read-only :-S
Some people had the same problem here and here.
I look forward someone at Google to fix this. Until then, harcoding admin-level credentials is the only option I know that it works. I don't like it at all: it's dirty but effective. If someone knows a more elegant zen-level way, please illuminate us!
We would like to connect a salesforce user to another salesforce user in another org without any user intervention from a service.
We have tried SAML Bearer Flow (using Remote Access Application) to connect to salesforce to retreive Access Token for one of our product. We are referring to the follwoing article.
http://help.salesforce.com/help/doc/en/remoteaccess_oauth_SAML_bearer_flow.htm
As referred by the SF article for this flow, it uses a previous user authorization to connect and retreive Token. In case the user (for whom Token is requested) has not already authorized the App, SF takes you to the Authorization page first and app will get the access token once app is authorized. This is working fine too. However it has this painful step of users authorizing the app before we can use this flow for the product. It would be good and simplified if this step can be done once for an org and the article does mentions that either User or Admin can authorize the app. However I am not able to find how an Admin can authorize the remote access application.
Does anyone knows and can guide how can an Admin authorize an App or is thre any other way we can achieve our requirement. Any thoughts will be really appreciated.
OAuth1 and OAuth2 require user intervention by design. Anything you do to defeat this would be circumspect and not best practice. You could make it easy on the user, but you will always have the initial "Authorize this app" message.
If you are trying to make it easy for the user to login to either org, then you may want to consider a hub-and-spoke SSO solution. See this doc.
If you are trying to pass information between two Salesforce instances, then you may want to consider Salesforce2Salesforce, or outbound workflow. However, this is done at system context, not user context.
If you want to maintain user context and security, you should consider the new Salesforce Canvas API. Canvas allows you to call an outbound service, and pass credentials to the service so that it can communicate back. There is no reason the foreign service could not be a Salesforce instance.
Is there a way to use Google accounts to authenticate my own personal website? I understand Google provides an API for authentication but it requires redirection. Is there anyway to have a customized login process without being redirected to Google?
By the way I'm a total noob when it comes to user authentication. I did try to find a preexisting thread but was unable to find one.
For exactly the reason given by Kris, Google (along with similar OAuth providers) doesn't allow you to authenticate users directly.
It's a security measure to protect both themselves and their users from the Web equivalent of ATM card skimmers.
I have a usability answer rather than a technical one.
I am unsure if this is doable but, even if it is doable, I would highly suggest NOT doing it. Think of it this way: you want a user to use their Google account to login to your website. If you were that user, would you feel more comfortable entering your login information on a Google website or someone else's website that has nothing to do with Google?