Is there a way to use Google accounts to authenticate my own personal website? I understand Google provides an API for authentication but it requires redirection. Is there anyway to have a customized login process without being redirected to Google?
By the way I'm a total noob when it comes to user authentication. I did try to find a preexisting thread but was unable to find one.
For exactly the reason given by Kris, Google (along with similar OAuth providers) doesn't allow you to authenticate users directly.
It's a security measure to protect both themselves and their users from the Web equivalent of ATM card skimmers.
I have a usability answer rather than a technical one.
I am unsure if this is doable but, even if it is doable, I would highly suggest NOT doing it. Think of it this way: you want a user to use their Google account to login to your website. If you were that user, would you feel more comfortable entering your login information on a Google website or someone else's website that has nothing to do with Google?
Related
I'm using Azure Authentication in a mobile app, using the azure-activedirectory-library-for-cordova plugin.
Recently some user have trouble logging in. Some are even receiving SMS to confirm their mobile number, still without actually being able to complete the login.
They can still log in like normal on other services (such as their computer at work) - but when using this login for our app is causing problems.
It's not consistent - some users are having troubles and receiving SMS, while others are not.
Any suggestions what may cause this, and how to prevent it?
It appears like some users that are trying to sign into your application have Multi-Factor Authentication set up.
Please take a look at the following Article: Multi-Factor Authentication
I am not an expert in the MFA scenarios, but it appears that there are custom SDKs that you might need to integrate with your application to fully support signing in those users: Multi-Factor Authentication SDK
Let me know if this helps, or if you have a more specific question, let me know and I can try and find the right person to help you.
I am building an AngularJS application with a Laravel API. I am looking for authentication for a couple of days, but I am stuck.
I found OAuth 2.0 as a kind of default authentication, also used by Facebook and Twitter and so more. A lot of tutorials I found are about using OAuth 2.0 with Facebook and Twitter or Google. But, I do not want to authenticatie a user with Facebook, but I want to build my own authentication, using the user credentials in my own database. So I guess, I need my own OAuth provider.
The authentication has to be very secure and easy to connect for other companies, who want to use our data (it is a web application for primary schools).
I believe there are a lot of answers possible on this question. But, I also believe a lot of people have the same question ;)
Who can explain me how to use OAuth 2.0 or a similar authentication method?
You are right - if you want to implement OAuth 2.0 you need to be your own provider (or authorization server). Being your own provider also means you can actually skip some parts of the process (e.g. the screen with a confirmation if the user really wants to grant this application the right to that etc...)
If you decide to go with OAuth 2.0, there's a widely used package called oauth2-server-laravel that helps with the whole process.
However you could also develop you're own token-based authentication system. Actually the basics are pretty simple:
Login
Verify credentials
Generate token
Store token in database
And then on request you check if the token is in the database (and hasn't expired yet)
Dead simple right? Well.. as you may already know, that's too easy to be true.
Especially where security is of high importance, You have to consider every case and you should really know what you're doing. That's why I recommend you use the OAuth standard. Yes, it may be a bit of an overkill but I believe it's worth it.
Hope I could help :)
Total GAE beginner here.
Maybe total obvious answer. Maybe so obvious that I was not able to get a clear information via search because nobody spend even a single thought on it.
I just uploaded my first test app into GAE and in order to access it I need to login with my google account.
Why is that? If I want a login logic for my app, I will implement one by myself?
And if I do implement a custom auth mechanism: What is the user experience? Do a user need to first login into his google account and then into my app?
Do all my future users need a google account to access my web app hostet via GAE?
Clarification would be much appreciated.
EDIT:
Switch to "Federated Authentication" shown here to deactivate the google login screen.
This is clearly shown in the google gae documentation. Even a google search about 'google appengine user authentication' shows in the 1st result: https://developers.google.com/appengine/articles/auth
I'm coding a Python - Google App Engine application. There are 2 important things this app must do:
Write in user's calendar.
Write in user's profile (working with users in a Google Apps domain)
First operation is easy. If I understood OAuth, this is the classical 3-legged scenario. The scenario for which OAuth was originally developed. The logged user provides credentials to the client (my app) to access the user's data (calendar) on his/her behalf. So, this can be done just with the logged user's credentials.
Second operation is not so easy. It can't be done with just the logged user's credentials. This is a 2-legged OAuth scenario. So, I need to delegate in a Google Apps domain admin's account to access the users's profiles using Google Profiles API (via google data library). So far, I hardcode admin user/password in a json file, and my app loads that file. But that sounds kind of dirty for me.
At the end, my app needs to handle the classical 3-legged OAuth scenario (no problem, just need the logged user's credentials) plus a 2-legged OAuth scenario (need administrator credentials).
Is there any official or more elegant way to handle both scenarios in Google App Engine, working with Google Apps domain, that hardcoding admin credentials?
Many thanks in advance
AFAIK there is no way to authorize a write operation to Google Contacts Data API using 2-legged OAuth.
Google's documentation specifies which APIs are accessible via 2-legged OAuth, but it seems that someone at Google's forgot to specify that some of them are read-only :-S
Some people had the same problem here and here.
I look forward someone at Google to fix this. Until then, harcoding admin-level credentials is the only option I know that it works. I don't like it at all: it's dirty but effective. If someone knows a more elegant zen-level way, please illuminate us!
I'm building a web application using CakePHP (which I'm new to). The app is going to require some sort of login where I'm going to use Facebook Connect. I've got a table for storing names, emails etc (for newsletter purposes etc) but not any password.
My question is: do/should I use CakePHP Auth combined with the Facebook Connect plugin (http://www.webtechnick.com/blogs/view/229/CakePHP_Facebook_Plugin_Auth_Facebook_and_more) or should I just use the plugin without any CakePHP auth? What makes the most sense?
I don't think there is a straight answer to this, but I guess it depends on your users. Some people still feel uneasy logging in with their facebook accounts, worrying about what you will do with their valuable facebook data. If you're not worried about that, just use facebook connect, if you are, use both native and facebook connect.
If you choose to use both, you can generate a random password for the facebook connected accounts, which they will never use, since the login with facebook.
Hope this helps.