I'm looking for a way to add social sign-in to our website and I found the Google Identity Toolkit solution.
It looks great and easy to set-up, however I am wondering if there is a way to customize this Toolkit in order to add other third-party authentication provider (like Linkedin or Twitter)
I have found this thread which was talking of adding it to the v3, but apparently there is still nothing available?
You can use the Restapi Identity Toolkit.
verifyAssertion
So you can log in with your account: Google, Facebook, Twitter, Github. For example login with google will look like this:
POST ...verifyAssertion?key={{server_key}}
with body:
{
"postBody": "id_token=token_value&providerId=google.com",
"requestUri": "http://localhost",
"returnIdpCredential": true,
"returnSecureToken": true
}
where providerId is a provider type and id_token is a oauth2 token of google account in this case
Related
I have been trying now for a while to retrieve Google Calendar information from a google user in Xamarin.Forms.
I started my journey using Xamarin.Auth but I could not get past an issue where after a login the CustomTab in my Android App would not close. Seems to have been an ongoing problem for years now and several people proposed hacks to get around this problem. I gave up on Xamarin.Auth at this point
So I tried to use Xamarin.Forms Web Authenticator to retrieve the calendar information. The documentation does not mention how to authenticate with Google so I tried this
var authResult = await WebAuthenticator.AuthenticateAsync(
new Uri("https://accounts.google.com/o/oauth2/auth"), // auth url
new Uri("packageNameOfMyApp://"); // redirect url
I am getting an invalid request error
How do I have to choose the first parameter of AuthenticateAsync to properly authenticate with Google?
Do I have to somehow encode the ClientId from my app I obtained after configuring my application login via the Google Developer Console?
It is not possible to use WebAuthenticator with Google. Google requires a web browser to do the authentication and does not permit your app to authenticate by itself. For the same reason, an approach where you use WebView in your app to navigate to the Google authentication site will fail
I want to be able create calendar events in my Action that runs through Google Assistant.
Right now I was able to modify this Quickstart guide (https://developers.google.com/calendar/quickstart/nodejs) and use it in my current Dialogflow fulfillment. However, it's a little tedious to have the user have to copy and paste the authentication code after allowing Google Calendar access. Are there any better ways to do this that doesn't require the copy-paste flow? Thanks in advance!
Use Account linking with Google Sign-In
https://developers.google.com/actions/identity/google-sign-in
Then send a card to the user device with a link to authorise Google Calendar access. Store the authentication code securely against the user. Use the authentication code to make requests.
Broadly speaking, the approach you can take is to use Google Sign-In, as outlined in this SO answer: Google Home Authorization Code and Authentication with Google Account.
With this scheme, you use a website to get the user to authorize your use of the Calendar API scope, and you store the auth token against their UserID. Then you use Google Sign-In with the Assistant to get that ID. This works well if they go to your web page first, but not as well if they go to the Assistant first.
You can also setup an OAuth server that lets users sign-in using Google Sign-In on a web page (or use something like Auth0 and, as part of that sign-in, get authorization for the Calendar scope. Then use OAuth Account Linking in the Google Assistant to get an auth token which you can use to get the user's ID. You can then use this ID to lookup the authorization token.
I am trying to use google identity platform for my application by following the below link
Google Identity Platfrom
But on this page, no identity provider mentioned for LinkedIn and same is not searchable on web.
What I understood is Google's Identity platform is using Firebase underneath. I am just wondering, on Firebase portal it is mentioned that a custom implementation is required for LinkedIn whereas under the GCP account -> Add provider I can see LinkedIn.
What I would like to know is, if it is possible to add LinkedIn as provider out of the box under identity platform.
You can use LinkedIn.com provider directly via Identity Platform without using custom authentication. It is the same as using a generic OAuth provider like Microsoft or any other provider. Here is an web example:
const provider = new firebase.auth.OAuthProvider('linkedin.com');
firebase.auth().signInWithPopup(provider)
.then((userCredential) => {
// User signed in.
})
.catch((error) => {
// Error signing in.
});
However, this is currently not yet available in Firebase.
I want to implement frictionless sign in process for my web app.
After some searching, I have found that there are two solutions available :
Google Smart Lock.
Credential Managment API.
My question is, What is the difference between the two API's (if any) and what are the possible use cases for both of these.
From what I have understood, both allow us to save account related info. But the advantage with smart lock is, that saved credentials can be used in corresponding android apps as well.
Thanks !
Note:
I intend to support login from multiple sources (google, facebook, linkedin etc.) , not just google.
TL;DR the one-tap sign-up / auto sign-in library includes Credential Management. You should probably just use the library: https://developers.google.com/identity/one-tap/web/get-started
Details
The JavaScript library supports account creation with Google Accounts (via a streamlined inline UX that can be shown on content pages instead user having to navigate to a traditional button-based UX and figure out which which button/option to pick and interact with pop-up/redirect)
And for returning users, the library allows you to programmatically retrieve on page load both tokens for existing one-tap / traditional Google Sign-In users as well as passwords via the Credential Management API in browsers that support it. You can do this with code such as the following:
const retrievePromise = googleyolo.retrieve({
supportedAuthMethods: [
"https://accounts.google.com",
"googleyolo://id-and-password"
],
supportedIdTokenProviders: [
{
uri: "https://accounts.google.com",
clientId: "YOUR_GOOGLE_CLIENT_ID"
}
]
});
retrievePromise.then((credential) => {
if (credential.password) {
// An ID (usually email address) and password credential was retrieved.
// Sign in to your backend using the password.
signInWithEmailAndPassword(credential.id, credential.password);
} else {
// A Google Account is retrieved. Since Google supports ID token responses,
// you can use the token to sign in instead of initiating the Google sign-in
// flow.
useGoogleIdTokenForAuth(credential.idToken);
}
}
See the documentation for details. The library does not currently support non-Google/password forms of identity, you'd have to implement sign-in flow with other mentioned identity providers SDKs yourself at the moment.
Also note that any sign-ins associated with a Google Account (OAuth token-based or stored and sync'ed password) will be available across Android and Chrome (and the rest of the for token-based accounts).
Please leave comments for any follow up questions.
I am currently setting up an external login (Google) into my AngularJS WebApp which is talking to a Web API, all locally, however I am having issues.
I have followed the steps in http://www.asp.net/web-api/overview/security/external-authentication-services on how to set up google authentication, which involves in just adding app.UseGoogleAuthentication(); without appId or clientSecret like other providers like Facebook.
Now going to my API I query and get all providers using following GET /api/Account/ExternalLogins?returnUrl=%2F&generateState=true , which return [{"Name":"Google","Url":"/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11942%2F&state=E2eXxoZ02yUg39-DrwZTXHnrV5FrOhUe-k-zz-oD6uE1","State":"E2eXxoZ02yUg39-DrwZTXHnrV5FrOhUe-k-zz-oD6uE1"}]
and from reading in the internet I stripped the URL /api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11942%2F&state=E2eXxoZ02yUg39-DrwZTXHnrV5FrOhUe-k-zz-oD6uE1 and added into a anchor tag, so I suppose this should have redirected me to google authentication, however I receive a error message
Does anyone know why? Also when adding the link into an anchor tag I am adding the link for my API http://localhost:11942/ at the start.
Thank you
The method you are using to authenticate with google (Open ID) is deprecated, refer to:
http://blogs.msdn.com/b/webdev/archive/2014/07/02/changes-to-google-oauth-2-0-and-updates-in-google-middleware-for-3-0-0-rc-release.aspx
You need to use Google OAuth, try to follow the following article to configure Google authentication:
http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on#goog