I'd like to use Google AppEngine with Silverlight client. I'm hoping to use the Google login authentication mechanism within the Silverlight client. Is this possible? Does anyone have any example sites where a RIA client used in conjunction with Google AppEngine security?
Thanks.
You need to have your users log in via a regular HTML page, then send them to the page with the silverlight client. Anything else would be encouraging users to enter their credentials into a third-party site, which is a Bad Idea.
I really don't believe that is true, meaning if you have an installed application Google has a login that allows you to enter username and pwd in your application. I believe silverlight is closer to windows application. Here is the login mechanism
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html
Related
I'm new to web dev, and trying to build an application using google app engine's java standard environment, which will require user authentication. I'd like to provide authentication which requires only a username and password of the user, as opposed to a phone number or social account.
As I look through the options listed in app engine's auth tutorial, if I'm understanding them correctly, none of them allow login without a phone number or social account? https://cloud.google.com/appengine/docs/standard/java/oauth/
If so, are there alternatives available while still using app engine? I've read some about 'web container managed authentication' but I'm not sure if its something app engine will support, or if its a full solution.
Is it possible/feasible to roll fully custom authentication in the app engine standard environment? As I search for custom authentication tutorials I see a lot of articles recommending against this, but it's not clear to me what the alternative is.
Thanks for any information
As it's mention on the OpenID Connect documents of Google Cloud, it's important for you and your users security to authenticate using well proven and debugged code. Google offers Firebase Authentication which let's users log in with an Email and password.
If you still want to implement the authorize part on your own, you can use your preferred web framework and probably it will have an authorizing process.
For example, in python you can use Django authorize system to provide users for a custom way to log in.
But, as I said before, I highly recommend you to use the Google APIs for authorizing as they are OpenID certificated.
I am developing an app to be hosted on Google App Engine. Users will be able to use their Google IDs to login to the app. The app also has a client counterpart in the form of a Blackberry Application.
My question is - is there a suggested way for my app to collect the user's Google credentials so that I can authenticate it against Google using OpenID semantics? In Android, for example, I can use the Accounts API so that I don't need to explicitly ask the user to enter credentials. What's the way to do this in Blackberry?
I see 2 ways, neither of which is ideal:
Write my own form in my native Blackberry app where the user enters Google ID and password, which I then use to obtain the authenticator token and perform the rest of the authentication behind the scenes. But the point is - it is inappropriate to ask a user to trust my app with their Google credentials.
Use standard Google Open ID Authentication mechanism - which opens up the web browser and displays Google's Open ID login page. Although this is a one-time thing (after which I can save the authentication token so that future requests to GAE do not require any prompting for credentials), the user experience is still disruptive since it involves opening the browser in addition to my native BB app.
So, what's the suggested way forward?
Using the browser to authenticate is pretty much the only standard way to do this. A number of Android apps do this for OAuth or OpenID endpoints too. Depending on how the Blackberry's protocol handlers work, you should be able to set a continue URL that results in your app being called back by the browser when authentication completes.
I deployed a web application using Google accounts Authentication on the appengine server. If I log out the app with the link from create_logout_url(), my Gmail in the same browser is also logged out. Is that normal behavior? Thanks.
I think it is absolutely normal. My experience is the same as yours.
Many Google services use the same cookies I think, If you log into your Gmail, you can access Google Reader without logging in again.
It is for security purpose I think.
I m building a multi-tenant mvc application hosted in windows azure.
I would like to leverage access control service to allow user to get authenticated thanks to google, facebook, live id etc...
I managed to get a simple authentication working with a postback url that is configured in the Relying Party Application Settings.
but in my scenario it is more like that:
client1.mydomain.com/login or client1.com/login will go to the the providers pages select let's say google then he will sign in and then he will be redirected to client1.mydomain.com/Admin or client1.com/Admin
how can I achive that for any clients? should I add a relying party application for each client? can it be done by code? Is it ok with facebook?
I would like also the admin panel to be in silverlight, once the client is authenticated will he remain authenticated in the silverlight app?
Thank you by advance for any help or links that can help.
Fred
To answer your questions I would say yes to all. Each application would have to be set up as a relying party. So you would need to configure your app to use WIF and point to your Azure ACS.
All of these scenarios are covered in the Microsoft identity developer training kit.
Hopes this helps.
Discovered a problem with connecting all together - Facebook, GWT and App Engine.
I need to authenticate user on my web site hosted on App Engine (Java) that uses GWT. After authentication, some information should be passed to server from facebook - like profile information, user list, etc.
Currently am trying to use facebook4gwt and authentication works fine, and I can obtain all needed information on client side, but can not transfer facebook session to server, particularly, obtain Facebook cookies for session verification.
Could anyone suggest any good solution for this? Probably, it would make sense to get rid of facebook4gwt and do everything on server side.
I have been using the gwt-facebook library for one year to authenticate users of my application on App Engine. When a user is already logged into Facebook, and has already authorized my application, I can automatically get the access_token in GWT and send it to the server which can then do the hard work (data syncing) with facebook-java-api library.