Google Accounts customization in GAE - google-app-engine

Well, this question is regarding the authentication system of an app in GAE. I've read several posts and found out the best way to manage the user authentication stuff is using the Google Accounts service. I've read several suggestion (here is one of them) but they don't really give a solution to the problem.
Here is what I want to do: I am going to use the Google Accounts service and I want to know if there is a way to change the login and create account page, so that I don not have to redirect the user to the Google Sign-in form, but rather redirect the user to my own login form and then forward those data to Google Servers. I would like to do the same exact thing with the register form. In conclusion I need that the user feels she is using the login of my application, but is really using the Google Accounts service.
Here is an example of something I want to do: This webpage uses Google Accounts Service, but the login form, is a custom form that then (I imagine) forwards the data to Google Servers and then logs the user in.

Related

How to provide user authentication option to users in a React app?

I am creating a web app that allows users to user their own social network services (Instagram, facebook, spotify, etc.) and display the information like photos, posts, playlists from the SNS.
I know we need each users to authenticate their SNS account first to make the API accessible.
I have no experience with authentication, so I want to get some TIPs of how to do this.
My idea is to provide buttons called Authenticate for each SNS. When the user clicks this, I want to open a window for the user to login to their SNS and when the login is successful, it will give a list of whatever information that is related to the SNS (photos, playlists, etc.).
I want to know what I need to know to do this. I know that we need access tokens to access the user's API. Is there a way to use the access token that the user earns by authenticating his account to access the API?
Any advice will be great. Thanks.
Try firebase authentication. A lot of work is involved in what you want to do, and they have done much of this work for us...

Setup a third party node.js authentication server

I have two separate applications (app1 and app2 based on MEAN stack) running on my server. I want to add a new application that manages the authentication for both applications. I mean if I try to log in from app1, it redirects me to a login form in auth application, and after login I come back to the previous url in app1. After that, if I go to app2, I'm still logged in.
I'm looking to implement something like similar to the google accounts/ServiceLogin: I can log in one time, and the session remains for almost all google products.
Something important is that I use subdomains for each app: app1.mydomain.com and app2.mydomain.com.
How can I do that using node and express?
Currently I use vhost to manage each subdomain.
You're looking for a single sign on solution.
I'm only familiar with one solution that Stormpath provides, which is called 'ID site'. It's basically a hosted authentication site that handles auth for you, then passes logged in users between your subdomains.
The way it works is like this:
User visits www.yousite.com.
User clicks 'login'.
User is re-directed to login.yoursite.com.
User then logs in.
User is then redirected to dashboard.yoursite.com and is fully authenticated (SSO).
You can implement this quite easily using express-stormpath, here's the relevant docs: https://docs.stormpath.com/nodejs/express/product.html#use-hosted-login

Do all my future users need a google account to access my web app hostet via GAE?

Total GAE beginner here.
Maybe total obvious answer. Maybe so obvious that I was not able to get a clear information via search because nobody spend even a single thought on it.
I just uploaded my first test app into GAE and in order to access it I need to login with my google account.
Why is that? If I want a login logic for my app, I will implement one by myself?
And if I do implement a custom auth mechanism: What is the user experience? Do a user need to first login into his google account and then into my app?
Do all my future users need a google account to access my web app hostet via GAE?
Clarification would be much appreciated.
EDIT:
Switch to "Federated Authentication" shown here to deactivate the google login screen.
This is clearly shown in the google gae documentation. Even a google search about 'google appengine user authentication' shows in the 1st result: https://developers.google.com/appengine/articles/auth

Custom login page in Java for GAE accounts

I have a Java application, and GAE application. Here is what I want to do:
I want GAE account users to authorize in my Java application, and I don't want to use "Sign In with..." solution. Instead I want the users to login from my Java application login page ( e.g providing username and password) and forward this login information to Google Servers.
In other words I want exactly this thing in this page. This webpage uses Google Accounts Service, but the login form, is a custom form that then (I imagine) forwards the data to Google Servers and then logs the user in.
How can I achieve that? What protocols should I use( OAuth, OpenID, GAE services... )?
You can't create a custom login page to Google Accounts. The whole purpose of Google-provided login page is that users trust the page when entering their password. Otherwise anybody could create a login page and start collecting users passwords.
If you need a managed/limited access to users account (with their consent), you should look into OAuth. But in any case this will not give you an option of making a custom login page.

Python GAE app using 2-legged OAuth and 3-legged OAuth at same time

I'm coding a Python - Google App Engine application. There are 2 important things this app must do:
Write in user's calendar.
Write in user's profile (working with users in a Google Apps domain)
First operation is easy. If I understood OAuth, this is the classical 3-legged scenario. The scenario for which OAuth was originally developed. The logged user provides credentials to the client (my app) to access the user's data (calendar) on his/her behalf. So, this can be done just with the logged user's credentials.
Second operation is not so easy. It can't be done with just the logged user's credentials. This is a 2-legged OAuth scenario. So, I need to delegate in a Google Apps domain admin's account to access the users's profiles using Google Profiles API (via google data library). So far, I hardcode admin user/password in a json file, and my app loads that file. But that sounds kind of dirty for me.
At the end, my app needs to handle the classical 3-legged OAuth scenario (no problem, just need the logged user's credentials) plus a 2-legged OAuth scenario (need administrator credentials).
Is there any official or more elegant way to handle both scenarios in Google App Engine, working with Google Apps domain, that hardcoding admin credentials?
Many thanks in advance
AFAIK there is no way to authorize a write operation to Google Contacts Data API using 2-legged OAuth.
Google's documentation specifies which APIs are accessible via 2-legged OAuth, but it seems that someone at Google's forgot to specify that some of them are read-only :-S
Some people had the same problem here and here.
I look forward someone at Google to fix this. Until then, harcoding admin-level credentials is the only option I know that it works. I don't like it at all: it's dirty but effective. If someone knows a more elegant zen-level way, please illuminate us!

Resources