Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
By looking at the minified source code at http://www.gstatic.com/authtoolkit/js/gitkit.js
...I found the following methods for which there is no documentation
at https://developers.google.com/identity/toolkit/web/setup-frontend
google.identitytoolkit.signIn()
google.identitytoolkit.signOut()
google.identitytoolkit.manageAccount()
google.identitytoolkit.start()
google.identitytoolkit.setConfig()
While some of the names are self-explanatory it would be useful to have:
1) A documentation of their parameters and callbacks.
2) And what are the setConfig/start methods for?
3) Is there a callback once the API found and rendered an old but valid gtoken cookie?
Thank you
This page covers the most commonly used ways of invoking the web api for the majority of applications: https://developers.google.com/identity/toolkit/web/setup-frontend
Here is a quick summary to help you get going:
google.identitytoolkit.signInButton(element, config): This will either render the toolkit navbar: the sign in button if the user is not logged in or the user card if the user is logged in. The element provided will be the container of that object. The config object contains the configuration as described in the documentation. If in sign in mode, the button is clicked, it will redirect to the widget url page where the start method below is triggered.
google.identitytoolkit.start(element, config, opt_postBody): This will render the toolkit widget in the element provided. This will be used in the widget url page. The configuration will need to be provided as described in the doc above. The optional post body is used to complete sign in for some identity providers like Yahoo. On sign in success, this will either redirect to static sign in success url in config or call a sign in success call back function if provided. If a sign in success url parameter is provided in the widget url. On successful sign in, it will override the value of the static sign in success url.
google.identitytoolkit.setConfig(config): this will set dynamically the config field. Keep in mind the start and signInButton are run on load so this may be more useful with the methods below which are run on demand.
google.identitytoolkit.signOut(): this is triggered dynamically to sign out the user, using the config supplied in setConfig or as set in signInButton. This will redirect to the sign out url as provided in config or call the sign out callback function if provided in config. Useful if you are providing your own sign out button.
google.identitytoolkit.signIn(): same as signOut but for signing in a user dynamically. Useful if you are using your own sign in button. This will redirect to the widget page url with mode set to select as set in config.
google.identitytoolkit.manageAccount(): This is used when the user is logged in and they want to manage their account (change email or password). It will redirect to the widget url in manage account mode. The widget url in config will be used. Useful if you are providing your own manage account button.
As for your 3rd question, if I understand this correctly, you are asking how to detect that a user is logged in. You can check the id token string saved in the browser cookie (default name is gtoken). You can then use the gitkit client libraries on github to verify the token. Check the doc site for those links. For example, if you are using python on your backend, you can call the method:
gitkit_user = gitkit_instance.VerifyGitkitToken(self.request.cookies['gtoken'])
If successful, this will return a user object.
Related
I am developing an application that posts comments into Merge Requests on Gitlab. It works by authenticating with a given user, and then after some setup will register a webhook on the relevant project to be informed when a Merge Request update happens. When a new Merge Request is detected I want to post a comment on the Merge Request asking for some specific detail to be sent over.
However, when we post the comment on the Merge Request we can only ever seem to do it as the user that we have the OAuth token for (which of course makes sense). My question is what should we do/could we have done in order to post the note as a 'bot user' without having to register a full user into the repository? Or is this just impossible?
You can create a reporter user and use its access token. The problem my arise when the user doesn't have enough access control.
You can create a project scoped token, a bot user will automatically be created for such a token
Ref: https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
I am going over to a Wordpress and my WP plugin is asking me about "Authentication Code" And I have no idea where to find it.
Without the plugin name it is hard for me to determine what specific authentication code is needed, so I'll assume that you mean the OAuth Client ID. Please, forgive me if I am mistaken. You can generate a new OAuth Client ID following this steps:
Open Google Cloud Console and select your project.
Go to Navigation menu ⮞ APIs & Services ⮞ Credentials.
Select +Create credentials ⮞ OAuth client ID at the top.
You'll be prompted to select an application type. In case of a Wordpress plugin you need to choose Web application and give it a descriptive name.
Click on +ADD URI and include your webpage URL. This action will whitelist your webpage to authorize this OAuth client.
Tick Create to finish the process and annotate your client ID and secret.
With this procedure you would have created an OAuth client ID and its secret. Now we can take this client/secret pair and use it to request an authorization code over some Calendar API scopes.
After getting an authorization code, you can ask Google to exchange it for a pair of refresh and access tokens that you can use on every call to the Calendar API.
Following these steps you would have created every authentication code possible, you just need to determine which one is the required for that specific plugin. Please, don't hesitate to ask me any additional doubts.
Given a backend wrote in nodejs that returns a page that should either link to login (if the user is not logged in) or a link to logout (if the users is already logged in).
Considering I'm using firebase as authentication tool, how can I know in the first request, when the user is accessing the website, if is he authenticated to then
set the ejs template to respond with the correct link ?
Is there some header, or token that can I use ?
The only solution I found was use ajax after the server response, but I don't like this solution because apparently there is a delay in the link renderization.
As far as I know there is no way to know if the user is authentication on the initial request. From a quick inspection no data is sent along with that request. That kinda makes sense, given that upon this request it is not even known if you're using authentication to being with.
Update
I actually just ran into this blog post from one of the Firebase engineers, which seems promising: Introducing session cookies for server-side web apps. I haven't fully read it yet, but the title sounds like it may be exactly what you want.
I'm new to WP-REST API and Wordpress in general. I've tried to get the posts list using the endpoint wp-json/wp/v2/posts but I get the classic 403 error.
I'd like to ask if there is a way to disable authentication for GET requests like posts, categories and so on since I want to create a web application in which a user can navigate and see them freely, with no need for authentication.
Thank you all for the answers.
You actually don't need to have authorization to merely GET posts or categories, so long as they aren't password protected.
If someone has implemented a modifier to rest_authentication_errors, that might be your problem: https://developer.wordpress.org/rest-api/using-the-rest-api/frequently-asked-questions/#require-authentication-for-all-requests
To see the available endpoints you have, visit yourwordpressurl.com/wp-json
I am trying to integrate PayuMoney payment gateway into my Meteor App. The process involves sending a POST request to a external url(payu url) and also redirecting the user to it. The user completes the payment on PayUmoney's site and once done, the PayUmoney site redirects back to a url(provided by me) with parameters passed as POST.
What I have done currently,
To post the form, I have allowed the default behavior of the form. I have defined the method as POST, with the target URL and all input parameters as hidden.
However, I am unsure on how to accept the variables after the tranasaction. I tried this method: How do I access HTTP POST data from meteor? but, this didn't work.
Technical Integration Document (Pay U Money): https://s3.amazonaws.com/uploads.uservoice.com/assets/074/080/407/original/PayUMoney_Technical_Integration_Document.pdf?AWSAccessKeyId=AKIAJF4UXUF6KJMEJFQQ&Expires=1519543396&Signature=ASnFquJkmCwQSMfx93w913MjZPk%3D
Any help will be appreciated. Thanks!
Assuming you're talking about accepting the response from PayUMoney, meteorhacks:picker is a great library for setting up an API. If you follow along with this guide, you'll get taken through all the steps of setting an endpoint up that can accept a cross-origin POST request.