This might be a duplicate of Google Oauth - Where to sign in users, backend/frontend, but I would like this discussion to be more elaborate. I am developing both the backend and the frontend of an application and I would like to know where to integrate with Google.
According to some answers to the question, using the login on the frontend (React Native) is less secure, is this really valid? According to the most voted comment, it is a recommended alternative when you only want to use the login and nothing else.
When using some applications that make use of the login with Google I noticed that there are two possible "screens" of login. The first is similar to opening a page in the browser and when you want to add a new account on your Android device. That screen also shows the name of app as LINK, similar to google login using Firebase Auth.
The second shows the accounts that already exist on the device in the form of a popup. Some even show the application icon.
Thinking about "screens", what makes them different is the google login on the frontend or the backend? If not, how do I get my application to login in the form of a popup?
Related
The goal is to build a Facebook USSD platform. Completely server side. Allowing the user to log in and then create a facebook post, see their feed, etc.
I know there are companies in the world that is doing this and its working fine (u2opia mobile being one of them). However how on earth to log a user into Facebook and get an access token for them without OAuth? I cannot seem to find any help online to log a user in completely on server side with NodeJS. Do these companies have a special arrangement with Facebook in order to log in users without OAuth and Internet?
Is it at all possible in 2018 to log in a User into Facebook completely server side? I am just finding a lot of old posts from 2012 and 2014.
Yes, it is possible to log a user in completely server side. You can build an implementation manually with browser redirects. Facebook has a tutorial on this. Their page states:
if you need to implement browser-based login for an app without using our SDKs, such as in a webview for a native desktop app (for example Windows 8), or a login flow using entirely server-side code, you can build a Login flow for yourself by using browser redirects.
Here is the tutorial: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
I'm writing a client in NodeJS that is meant to replace using a website, and it isn't my website. It uses Facebook to log in. Is it possible to log in via a Facebook username/password? It seems modules like passport-facebook are intended for use with a website that you own, which is not the case in my scenario.
I suspect that I can't login with a username and password, so I'd have to sniff web traffic of me browsing the normal website for my token for the website, and then somehow use that in Node, but I hope this isn't the case.
Thanks for your help.
I'm faced with the current dilemma. My application flow is as follows:
Admin logs in
Has to select a list of clients
The selected Client data is then loaded in
Admin should now be able to Link Facebook, for example, to that
client's account with their credentials on a click of a button. Same
would apply for other social media accounts that the user has. The
reason that's important is the app then goes and fetches data from
their social media, such as Facebook Insights.
Is there a way I could achieve is ? I was thinking maybe Auth0 but I had a look on their documentation and it seems I could do it but only if Admin was the one linking his own social media account to his account. Can't really see a way where he could link other accounts to the Client's account currently selected.
I'm working with a React-Redux, Express and MongoDB app.
Even a push in the direct direction would be greatly appreciated.
This is certainly achievable using Auth0 - take a look at the Link Accounts API (User) - you want to use the second option using an API v2 token
See sample here that illustrates how this might work using Node.js.
You could possibly rework this to your technology stack pretty easily. Since you are using a Management Token you'd want that to remain server side (Express) and the react/redux app could make ajax calls via the Express Server side component - which in turn calls out to the Auth0 endpoint to perform the user search / linking actions.
You all know this page.. Is there ANY way to customize this page somehow?
I thought using an iframe and custom the HTML but Google won't let
me embed their websites..
I thought using a Google Site and inserting a login gadget but there
is no login gadget.
What I want is a custom page where my clients can login to their gmail, drive....
What I want it's not impossible, this guys http://www.cloudcodes.com/custom-login-page.html offers you the possibility to custom the login page and even redirect you to another page after you've logged in.
Directly editing the native login page at accounts.google.com is not possible.
However, for Google Apps accounts, you have the option to set up the Single Sign On service, which allows you to authenticate through a third party provider (Or yourself, if you have the ability). What GControl are offering is this service, although they've labeled it misleadingly, to make you believe your actually editing the login page, rather than redirecting your users to a secure login.
They do it very well though, leveraging the Google Apps APIs to allow you to write and setup the service in their own console.
Source: I installed the service and tried their free trial, and they simply used the APIs to enable SSO on my domain.
Edit for clarity: SSO setup is not available for consumer Gmail.com accounts.
I am developing a chrome plugin which allows the users to email any web content from a html page. For that, I need to use the google authenticator api to allow users to log into their google accounts for sending emails. The OAuth2.0 specs require the redirect_ui parameter which is the url to be called after google authenticates the user. My question is whether it is possible to skip this parameter. I don't want the plugin to be hosted anywhere. I am thinking that it would be hosted locally on the user's machine.
Thanks in Advance.
Google has made a library specifically for using OAuth in Chrome extensions. You can check out the tutorial here.
In case someone stumbles upon this answer in 2017+, extensions (in Chrome and FF) now have a chrome.identity API.
It takes care of the OAuth dance for you, and provides you with a virtual redirect address https://<your-extension-id>.chromiumapp.org/ that will be intercepted by the browser. That way, you can provide a redirect URL without hosting anything.