Google One-Tap Sign In / YOLO project status - google-identity-toolkit

we are trying to enable the One Tap sign-up from Google. It seems there was some security concern (reading online not officially by google) and the official document has been taken out by Google.
Is that API still working, can we integrate it or should we wait for it?

You can find related functionality in Smart Lock for Passwords section here
Looks like original SDK was removed in favor of more common browser Credentials Management API (draft of w3c) in Сhrome 51 and then reworked in Chrome 60.
Also, they have a codelabs tutorial to learn it step by step.

Related

Unity & Firebase - Google and Facebook Login/SignIn/Authentication Tutorials

For the last couple of days, I have faced an issue with my Unity project regarding adding Google and Facebook authentication for my users, using Firebase. The thing is that there exist a couple of youtube tutorials for each of those two implementations but they are quite misleading and rushed.
Apart from that those tutorials refer to the creation of a new project which implies that the Firebase Auth package is not yet installed. And I mention this because I've seen plenty of people in the comments that are struggling with the Plugins and Parse folders that get overwritten whenever both Firebase Auth and Google or Facebook packages are installed. So there does not exist a rule of thumb on how to proceed in cases where projects already had other methods of authentication such as Email/Password.
Of course, the documentation for both Google and Facebook is unclear on how to get the access token.
Facebook SignIn doc: https://firebase.google.com/docs/auth/unity/facebook-login?hl=en&authuser=0
Google SignIn doc:
https://firebase.google.com/docs/auth/unity/google-signin?hl=en&authuser=0
I've made this post in order to find a step-by-step solution to my problem and hopefully help the community find a solution to a problem that concerns many developers.
[Edit]: My question is. How exactly do I implement the Google & Facebook Sign-In, based on the documentation, that is unclear, especially on the step
Follow instructions for Android and iOS+ to get an access token for the signed-in Facebook user.
And I am speaking for a project that already has imported Firebase.Authentication, which means that folders such as Plugins and Parse are already in the Assets and get overloaded from the packages requested by the 'tutorials' (Because the docs do not even mention what package to use and how).
[Edit]: As of right now I've managed to set up the code in a way that has no errors. When I run it though I get:
[Android]: Exception: Field currentActivity or type signature not found.
[iOS]: EntryPointNotFoundException: GoogleSignIn_Create
After some googling, they proposed testing it after I build it which I think is way too much time-consuming.
This is the answer I've got from Firebase support.
First of all, we need to note that Firebase only has three native authentication providers: email, phone, and anonymous authentication. For the other methods, Firebase needs to trust how their respective third-party providers handle their authentication flow. That's why Firebase can't offer a way to get the access token. This is not its responsibility.
So, to sign in with a Federated provider (FP) you must follow the following steps.
Think about which will be your target mobile platform. Not all the FP provide the same authentication flow on iOS or Android. For example Google offers a more handy way to authenticate Android devices by using Google Play Game Services
Authenticate in Unity Using Google Play Games Services | Firebase
Search on his FP's official GitHub repository for the official plugins to get access to the FP's SDK on Unity. For example, Google offer a useful plugin to authenticate user in both platforms
GitHub - googlesamples/google-signin-unity: Google Sign-In API plugin for Unity game engine. Works with Android and iOS.
Last plugin's release: https://github.com/googlesamples/google-signin-unity/releases/tag/v1.0.4
Examples - Unity SDK - Documentation - Meta for Developers
Create the FP credentials according to its own requirements. For example, Google login requires the use of web_client_id, which can be obtained from the google-services.json or GoogleService-Info.plist files needed to build the application on the target platform.
https://github.com/googlesamples/google-signin-unity#get-a-google-sign-in-configuration-file
https://github.com/googlesamples/google-signin-unity#using-this-plugin-with-firebase-auth
Once you've built the FP's credential into your project, it's time to check out our Firebase documentation for using the FP credential in our authentication flow. I recommend having the Firebase reference along with the documentation as it will help to know what arguments the required method needs.
The best way to test your new authentication provider is by implementing the Firebase Authentication Unity Quickstart. Please clone the Unity Quickstart repository here and deploy the Unity project found in the auth folder. Follow the steps mentioned in the README.md file and build the app on your target platform.
I recommend that you add the FP's SDK right in the same step as adding the Firebase SDK plugins to avoid some build issues. Since these errors are more related to Unity than Firebase, I recommend reaching out to our communities on StackOverflow, Google Groups, and Slack for help with these issues as they have more knowledge than I on those topics.
So, in conclusion, getting credentials from third-party providers is a task delegated to them and not to Firebase since this one is not responsible for any third-party authentication flow.

Google One-tap project status

Does anyone know what is the status of Google One-tap AKA YOLO project?
It seems like all the official documentation on One-tap is gone. The cached version states:
The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.
There are quite some websites which are still using this technology, either because they were in Beta and/or whitelisted by Google.
There is a new version that addresses the feedback and issues from the beta, it's available as of 2020 Q1: https://developers.google.com/identity/one-tap/web
All of the prior URLs regarding one tap are all 404 errors now. Seems like it was totally canned and they are deferring to the more generic sign in integration from a website login page.
The offical document of the project has been updated. Please see the latest status there.
this time stuff gonna be the opposite > 2. Headings:
reword//06{GUIDEDLATEVIEW||2022 blank

Your app contains an Intent Redirection vulnerability

I launched a game to the Google Play store recently and it was going good until now. I just received an email from Google that says that "One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk " and tells me I need to fix it by August 13.
I personally don't collect or demand any user data or info. However, I used Google Admob ads with Facebook mediation and Unity ads in my game which may be the cause of this problem. So, my question is how to overcome this problem? They also said in the email to make changes in the manifest file. If any one has a similar problem and knows the solution for it, your help would be appreciated.
Here is the email:
"One or more of your apps contains an Intent Redirection vulnerability that puts user data at risk. On August 13, 2019, any apps that contain unfixed security vulnerabilities beyond the dates listed on your Play Console alerts will be removed from Google Play.
Action required
Sign in to your Play Console.
Select Alerts to see which apps contain a security vulnerability, and review the guidance on how to resolve the vulnerability.
Update your affected apps to fix the vulnerabilities.
Submit the updated versions of your affected apps.
Upon resubmission, your app will be reviewed again. This process can take several hours. If the app passes review and is published successfully then no further action is required. If the app fails review then the new app version will not be published and you will receive notification via email."
I was having the same issue "intent redirection your app(s) are vulnerable to intent redirection" and I added exported="false" in every activity, but still got rejected, then I realized the problem was in one of the payment libraries I was using, all I had to do is update the library and the new app update got live.
my issue was in RazorPay payment gateway, I updated it from 1.6.3 to 1.6.6 (latest)
implementation 'com.razorpay:checkout:1.6.6'
they already mentioned this issue here, check it out https://github.com/razorpay/razorpay-android-sample-app/issues/202
I have a same issue, actually Latest Unity Add Xiaomi SDK by default which cause this issue.
Simple remove Xiaomi from your Unity it will fix the issue.
We had received a similar email, In the Play Console/Alert tab, we found this
for us, the reason is "com.androidnative.features.social.common.SocialProxyActivity.StartActivity"
which come from Android Native asset[Ultimate Mobile] - Unity3D.
We used that asset for Advertisements, In-app purchase and play game services instead of using the original SDK. So the possible solution is to remove that asset from our game and use the original SDK.
Here is the Screenshot of my alert.
There are several points to keep in mind to resolve that issue:
The most confusing: you must rollout affected application fixed APK/AAB to 100% on all tracks where it had place to be. Important note is that among others you must rollout production track release to 100% in order to Google to reconstruct your issue.
In the new version of Play Console there is no way to find out any specific information about the issue so you should email Google Support to ask for details. As a respone you may possibly get obfuscated method or class signature, so you need to deobfuscate it.
Read carefully through official document to address issues and resolve them. Our application got rejected because SMS BroadcastReceiver did not apply any permission restraints.
Ihsan Ali
The problem is in the UnityChannel.aar file, you need to open it with the help of the archiver and open the AndroidManifest.XML. I in the line android:exported="true" wrote a false as indicated in the article in Google. Now publish the version and if the error will no longer be reported.
I had the same issue. Just remove xiaomi app game centre from your unity>>game build option. Disabling it will surely clear out the issue.

Social networking on smart phones?

I have to implement application that can post to the selected network I can select from the application drop down.
There are Objective-C frameworks for Facebook (Three20) and Twitter (Twitter-OAuth-Library & MGTwitterEngine).
A quick trip to Google find facebook-android-sdk for connecting to Facebook on Android.
As far as Twitter goes, you can find a whole list of APIs for various languages/platforms on Twitter's developer website.
EDIT
A second trip to Google finds this on developer.myspace.com for adding MySpace to an iOS app. Also, see this page and this page on LinkedIn's Developer Network.
Basically, LinkedIn is just using a JSON encoded API with OAuth. You should be able to handle that with any OAuth library.
EDIT2:
It seems that I've found another great library. Check out ShareKit, which helps with alot of what you're trying to do.
#appaspect and #moshe, this is an old thread so the question my no longer be relevant, but here's a new open-source SDK and social api service: Socialize http://www.GetSocialize.com . Full feature set at http://go.GetSocialize.com/features
DROdio

Is it possible to build an application for the LinkedIn platform?

Do you know if it's possible to build an application for the LinkedIn platform?
Yes, they have API at http://developer.linkedin.com/index.jspa, allowing access to the profile, connections, messaging and more.
While LinkedIn has promised a public API for a very long time now, they have yet to deliver.
No, there is no public LinkedIn API yet.
IMO, their widgets (which there are only two of at the moment, which are very limited) don't count.
They say that they are open to being contacted with specific uses for their API and they may give access to parts as needed - but that is if they accept your ideas for integration. They have been very picky with this - and have not accepted my attempts to integrate with LinkedIn yet, they tell me I have to wait with everyone else, apparently my applications are not "high-profile" enough.
Sure, you'll find many Google results talking about their "promised" API, but they are empty promises and won't be of much help.
Yes, Linkedin has an API:
http://www.programmableweb.com/api/linkedin
http://blog.linkedin.com/blog/2007/12/the-intelligent.html
So you could build an application that uses it.
Update: (from second link)
We’ll be phasing all of this in over the coming months and to get involved with the Intelligent Application Platform either for APIs, widgets, or hosted applications, send us an e-mail to developers#linkedin.com telling us what you want to build and what you need to build it.
Since there are published Mashups using LinkedIn I would assume that means you can use the API even if the documentation isn't readily available.
As a tip, in the future include links to what you found that didn't work, so we know not to give it to you again.
I poked around a bit more and I found some more on their widgets which appears to be the main focus of their API.

Resources