How can I authenticate my api access to insert new events to my google calendar without OAuth? I'm writing a node script without any front end/website and everywhere seems to recommend using OAuth with a redirect to your website...
The best solution I have come up with is write a secondary application purely to listen for that redirect and save the auth code returned.
Any suggestions would be greatly appreciated!
I think it was designed that OAuth be used to handle authentication and authorization when you're using Google APIs. You can read that from the Using OAuth 2.0 to Access Google APIs.
Google APIs use the OAuth 2.0 protocol for authentication and
authorization. Google supports common OAuth 2.0 scenarios such as
those for web server, installed, and client-side applications.
If you're using NodeJS for Calendar API, you can try the Node.js Quickstart. You'll be needing the following:
Node.js installed.
The npm package management tool (comes with Node.js).
Access to the internet and a web browser.
A Google account with Google Calendar enabled.
Related
I am trying to login clients using their email and password through Auth0 with a Node.js backend on the Azure app service and a Xamarin.Forms client. The problem is that I can't create a custom authentication on Node.js since the tutorial I was following used a .NET backend. I also followed this tutorial for Node.js backend both by the awesome Adrian Hall, but it seems to override the already exisiting Facebook login system, and I can't find enough material on that problem. Is there any other tutorial on doing that or am I getting something wrong?
You are doing something wrong. You can use Auth0 with no problems - Auth0 will be used for all the providers, and their client SDKs will allow you to choose Facebook, Google, Username/Password or anything else you need.
The mechanism for the process is as documented - I think you just need to re-read the blog post and understand the transaction - you use the Auth0 libraries to get the Auth0 token, then submit your Auth0 token to your custom login API (/.auth/login/custom) to mint an App Service token that is used by the Azure Mobile Apps client SDK.
I would like to develop a system that can help any developer to create an application based to my API.
My problem is authentication.
I have see (for example) as work google with your services; I would like create an system of oauth (private) such as google (concept) that an developer, after sign to my portal, get APP ID and APP SECRET.
When developer self create these credentials, can use for call API based to https.
My API are developed by nodejs and express system.
I say which way is more stable for create an system robust for this scenario.
Thanks for any support. Any idea is appreciate
You can try http://passportjs.org/, it can work as a middleware with express.
I am developing a web server that
1) Provide normal cookie based sessions for desktop browsers
2) Provide JWT for mobile and REST api and some times we can use JWT for browser also
3) In future I have plans to provide OAuth functionality for this server.
Suggest me the way how to identify the request is coming from either desktop browser or native mobile web app or OAuth client
As for the desktop vs. mobile issue you can take a look # https://stackoverflow.com/a/3540295/358280 and https://stackoverflow.com/a/21758511/358280
And for the distinction between your jwt tokens and oauth i suggest you take a look at https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/#token-oauth (section 9).
I have to build an web-app for Google Apps market place where my app would enable Google Apps user to access and backup their Google Apps email to my server.
While I have a good knowledge with PHP and etc, with no prior knowledge to Google Apps development, I have been reading developers.google.com documentation since last couple of days and everything seems to start confusion with each-other now with SAML, Oauth2, OpenId, SSO etc, and Google Apps Mail and Gmail itself. So far, I have done helloworld app from the documentation that accesses the calendar and uses SSO for it.
I wish if you could point me to the right direction about how I should proceed to accessing the mail of the Google Apps user.
Since you wish to use the Google Apps Marketplace, you'll want to use 2-legged OAuth 1.0 with your application. OAuth 1.0 is officially deprecated but it's still the only supported authentication method to Google Accounts for the Marketplace.
Instructions for authenticating to Gmail IMAP via 2-legged OAuth 1.0 are available at:
https://developers.google.com/gmail/oauth_protocol
Seems like you are in the right place already - if you are going through the main developers.google.com documentation, that's where it should be.
I have had a look through their documentation, and found this though: Mail PHP API Overview
A quote from the above link/documentation:
App Engine applications can send email messages on behalf of the app's
administrators, and on behalf of users with Google Accounts. Apps can
receive email at various addresses. Apps send messages using the Mail
service and receive messages in the form of HTTP requests initiated by
App Engine and posted to the app.
More information:
Getting Started - Introduction - Google App Engine
Tutorial - Hello, World! - Google App Engine
Installing the PHP SDK - Google App Engine
EDIT
As I mentioned in the comments below, after further searching, I found this documentation for Google Data Apps APIs which should be helpful (the page currently 404s, but I've sent off a message to Google, so hopefully it should be fixed soon).
There is also a depreciated version of OAuth 1.0 that you could use to authenticate Gmail with IMAP/SMTP, using standard "three-legged" or non-standard "two-legged" OAuth.
I am making an API in NodeJS that 'll be used by a website and iPhone native app at the same time.
There is a chance that API URL will be exposed to user when used in javascript for website. I only want authorized access to the API. Don't want anyone call API via console. like user/delete/[user-id], anyone can use this URL to delete a user.
Check out http://passportjs.org/
There are plenty of authentication strategies to use. Don't reinvent the wheel here. ;)