First of all, I am developing an AppEngine application. As framework, I am using jQuery Mobile. I use GMail API too.
To connect with GMail, I need to work with OAuth 2.0. I have set the credentials into my application (I already have client_secret.json into my project).
My situation is: I am in a JSP page when I call to my Java code (server side) to get my Gmail Service. For this task, I need to get the permissions (Oauth 2.0) from my user. Later, we need to redirect to my application.
My problem is what I do not know what I have to write exactly in "AUTHORIZED JAVASCRIPTS ORIGINS" and "AUTHORIZED REDIRECT URI".
I am testing my application in local mode and the normal URL is: localhost:8888/mobile/index.jsp
Can you help me?
Best regards,
Diego.
Details here
AUTHORIZED JAVASCRIPTS ORIGINS -> Protocols (ie HTTP and HTTPS) and domains (my-app-id.appspot.com) that can use JS and OAuth calls. For local add
http://localhost:8888/
. You will need to add one for the production URL as well.
AUTHORIZED REDIRECT URI -> When doing OAtuh calls from the app it needs a handler setup to get responses from the OAuth server. Personally I use decorators, so my redirect URI is
http://localhost:8888/oauth2callback
. Yours will vary depending on how you handle the OAuth flow.
Related
I'm using an API that requires oAuth authorisation before it is usable for a React chrome extension.
The app requires me to allocate it an OAuth Domain. The oAuth Domain is described as to be used whenever a redirect occurs from authentication sessions the redirect must go through that domain.
This would be fine if I was using a hosted domain or localhost but I'm not able to use either of those because chrome extensions are held in the browser.
I've been able to navigate to the index.html file of my extension through chrome://extensions/extension ID/index.html, but when I provide that as my OAuth domain it rejects it and says that it must not have a protocol or port.
On the client side (my chrome extension code) I require a channelUrl which is used to for cross domain communication and should be a completely blank fast loading page that matches the OAuth domain.
My problem is that I can't find a way to provide a valid OAuth domain and therefore I can't use the API. Is there a method that would enable Chrome Extensions to work with OAuth redirects?
You need to look at the chrome.identity API.
It allows you to use a web OAuth flow (using launchWebAuthFlow) with a redirect to a URL of the form https://<app-id>.chromiumapp.org/*. The actual redirect to the URL will be intercepted by Chrome and instead pass the data to the extension.
Note that you need to "fix" the app ID of the extension for the URL to be consistent - likely by providing a "key" field in the manifest. Take a look at the docs to that effect - they talk about Google OAuth, which uses a different part of the chrome.identity API, but the concepts are the same.
I’ve created new application on App Engine (.net core app 2.1).
Authentication to my application is realized using Google's OAuth2.
When I go to my app I can see that the communication is secured using SSL. As far I know - communication to my app is going through load balancer (using HTTPS) and after it is forwarded to my application instance, it is using (HTTP- not secured protocol).
So If I would like to authenticate user in my application (by clicking to ‘Sign in with Google’) my app makes a request using http (not https). Because of that, when I go to https://accounts.google.com/signin/oauth... from my app, the ‘redirect uri’ is set automatically to http://mysite (not https). So after login, ‘google OAuth’ redirects me to http page.
From the user point of view, the request outgoes from https (secured), and after login he is on http page (not secured).
What can I do, to force my app to use https protocol also behind the load balancer?
Alternatively – can I go directly to my app skipping load balancer?
i am trying to login with my facebook but i am getting following error.How can i solve this
URL blocked: This redirect failed because the redirect URI is not white-listed in the app's client OAuth settings. Make sure that the client and web OAuth logins are on and add all your app domains as valid OAuth redirect URIs.
Instead of going accessing the webpage, you use the facebook API instead, they have an open API, where you get an API Key, so Facebook can verify, your application, and not block your request.
https://developers.facebook.com/
depending on your use case, they have several open endpoints, that you can access to get different data, about users, applications etc. For security measures, it is always considered the best practice to use an open API to fetch data, from a specific website.
I'm plan on deploy a Java application to Google AppEngine and use federated login (still experimental according to Google). The application is pretty simple Java EE application which expose RESTful interface for simple CRUD operations.
I then want to be able to authenticate to this application using Windows Client Application written in C#.
I think the application should be able to open a window with a browser in ti which will present the login page of my web application and after successful authentication I should be able to get the login token or a cookie to use in the rest of my HTTP requests.
Is it possible to do such thing using federated login? I've found a post explain how to do it using google proprietary login.
Thank you,
Ido.
I've manage to make this work much easier then I thought it would be.
When I send HTTP request to my web service I get 302 Found response with response header name Location which point to the login page.
I use WebBrowser control, register to it Navigated even and navigate to the URL in the Location header.
When the Navigated even fire I use the code from this answer to get the cookies container.
I check each cookie until I find one with the name ACSID and store it.
For every web request to my service I add cookie name ACSID with the value saved at step 4.
This is not the most secure way of doing this. I will add check for the domain of the cookie but this looks good.
We're writing a Desktop application that relies on Google Appengine to authenticate the user and retrieve and store data associated to it.
The way we'd like to authenticate the user is that on launching the application the browser is launched at the login url for our application. Then the user logins there, and then the application makes restful calls without any OAUTH object, but re-using the browser session. I'm questioned that this won't work, since we cannot so transparently use the browser session. Is that correct?
Any alternatives beside authenticating from within the app using the ClientLoginApi?
I'm aware of:
How do you access an authenticated Google App Engine service from a (non-web) python client?
The only way to do this is if you can capture the authentication cookie used by the browser, and send it yourself. Obviously, there's no browser- or platform- independent way to do this.
A better option would be to use OAuth, with OAuth for installed apps to obtain the original token.