I have integrated my application with Google apps marketplace with old version of OpenID and getting the data from Google calendar by using Google calendar version 2 API. Now I need to integrate every thing to new version. I have confused a little bit as Google is providing various authentication and authorization process. I looked in to OpenID connect, JWT (JSON Web Token), Google calendar version 3 service account. May any one please help me out from this issue like that should I use to authenticate as well as for authorization. Thanks in advance.
https://developers.google.com/accounts/docs/OAuth2 gives a good overview on various ways to authenticate with Google APIs and when to use them. For instance JWT is useful when your application uses Google APIs to store/retrieve its own data i.e. not to access data of your application's user.
Also see https://developers.google.com/google-apps/calendar/auth
Related
I am building a reservation system in Google App Engine using Go. I need 2 forms of authentication in my program.
Public Form -- form built in Angular that is on our public website. I want my front-end to have some sort of credentials.json file to use when requesting the book and getOpenDates endpoints in my RESTful API running in Go on Google App Engine.
Private Companion App -- protected by username and password that the user supplies in my app built in Flutter. The app is requesting many endpoints in App Engine. I would like to use JWT to authenticate this portion, but I'm not 100% sure JWT is what I need.
I'm not sure if this tutorial on Identity Platform is what I want. I'm very new to App Engine and authentication in general, so I am a bit lost.
Please describe how I could implement these authentication methods in my RESTful API in Go running on Google's App Engine. I think I may be able to implement the username/password method using a tutorial like this but I'm very lost on the 1st form of authentication with just a credentials file as authentication. If I'm going in the complete wrong direction to accomplish what I want please tell me, but what I'm looking for is code or a tutorial describing how to authenticate using these 2 methods. Thanks for any help.
From what I understand, you want to have a golang backend API in App Engine that serves both your web frontend (1.) and your users app (2.).
I am going to suppose that any user with username/password can use both your frontends: the web app and the mobile app with these credentials.
The credentials.jsons are not designed to authenticate users of your services, but rather server to server communication.
With that in mind, I have found the guide Session based authentication in golang, that could help you to set up your backend to accept only authenticated requests over HTTPS. The web browser will automatically save the cookie, however you need to store the cookie in your mobile app.
For much more complicated scenarios for authenticating from different webpages, it is required to use OAuth2 as you can see in this thread. If you don't find any of your requirements listed in here it is probably overkill to use Auth0 nor OAuth2.
I'm new to web dev, and trying to build an application using google app engine's java standard environment, which will require user authentication. I'd like to provide authentication which requires only a username and password of the user, as opposed to a phone number or social account.
As I look through the options listed in app engine's auth tutorial, if I'm understanding them correctly, none of them allow login without a phone number or social account? https://cloud.google.com/appengine/docs/standard/java/oauth/
If so, are there alternatives available while still using app engine? I've read some about 'web container managed authentication' but I'm not sure if its something app engine will support, or if its a full solution.
Is it possible/feasible to roll fully custom authentication in the app engine standard environment? As I search for custom authentication tutorials I see a lot of articles recommending against this, but it's not clear to me what the alternative is.
Thanks for any information
As it's mention on the OpenID Connect documents of Google Cloud, it's important for you and your users security to authenticate using well proven and debugged code. Google offers Firebase Authentication which let's users log in with an Email and password.
If you still want to implement the authorize part on your own, you can use your preferred web framework and probably it will have an authorizing process.
For example, in python you can use Django authorize system to provide users for a custom way to log in.
But, as I said before, I highly recommend you to use the Google APIs for authorizing as they are OpenID certificated.
We have an HTML5 client accessing a Google Cloud Endpoints backend. We want to offer users a reasonable range of sign-in methods, e.g.: sign-in with an existing OpenID, or alternatively sign-up with an email and password. These seem like basic requirements to us! If there is a better alternative that does not restrict our audience, then we'd consider it.
We're encountering two problems: (1) it seems the Endpoints service will only authenticate Google accounts, and (2) we don't know how to support "sign-up with email and password" together with Endpoints.
Edited: We found that our requirements can work together with Endpoints, but we did not find any Python examples to help, or to support an OpenID provider. We created our own "email/password" authentication option and enable it in parallel with Google OAuth. Overall the documentation on authentication when using Cloud Endpoints is minimal. Documentation and examples are stronger for the newer "Mobile Backend" project.
You are right, at this point you can build an oAuth provider using the lib provided in app-engine but that requires your users to have an Google account. So to protect my API I had to build my own custom oAuth2 provider. I did this by using the python oAuthLib library (oAuthLib). They have an awesome doc that will guide you through. I also made a rough document on how I made it app engine specific. If interested please take a look at the link Blog page
I hope this helps.
I am trying to develop an a business application. I intend to host it on Google App Engine and use Google DataStore as a backend database. How can my users register with the application using their Google, Yahoo and Facebook accounts apart from the naive conventional sign up method? When ever the user registers using the aforementioned third party services how does my DataStore gets updated with the users details? help me to plan the logic
I hope this help.
You can use Federated Login(OpenId) for that.
Each provider has its own particular data structure(name, userName, country, language, etc).
Regards.
I've searched for solutions, but everything I can find seems mostly outdated.
We're using the Python API for GAE and creating login urls in the following manner:
users.create_login_url(continue_url, "Yahoo", "http://yahoo.com/"),
Which works fine for sites such as Google, Yahoo, Aol, Blogger, Flickr, etc... but we're aware that Facebook and Twitter don't work in this manner.
Can anyone show any examples of how to authenticate users on App Engine using Facebook, Twitter, and LinkedIn?
Thanks!
First, one has to register their application on Facebook and get an Application ID. Details:
Register here Facebook authentication overview
Then, I used the facebook python SDK, along with the facebook javascript api (which is the canonical way to do authentication with facebook). Here's a working example of authenticaion I used.
Direct link to the Facebook python SDK
Direct link to the Facebook Javascript SDK
If the service you want to sign in with doesn't support OpenID, you need to do it the same way you would on any other service: Set up your own sessions library, handle logins in a site-specific manner, and keep track of signed in user sessions using the session library.