I have an google chrome extension write in JS which comes into play when the user is inside Gmail.
I am using chrome.identity.getAuthToken to get the token of user but the problem is that I get always same user token for who install the extension ,for example:
The chrome user profile is a...#gmail.com. So when I login to the gmail as a..#gmail.com, and go to the event page, and make a chrome.identity. getAuthToken, I get the token for a...#gmail.com, that is fine.
Now I login into the Gmail as b...#gmail.com. Now if I make a chrome.identity.getAuthToken, I still get the token for a...#gmail.com and I can't create request to Gmail API.
So,I try another way and success to get the id token using this Is it possible to get an Id token with Chrome App Indentity Api? qustion , but it's still the same problem that it's on the user who install the extnsion.
I try to follow this 2 similiar question here:
Get access to multiple gmail accounts in a chrome extension
Login to Chrome extension with a Google user other than the one in use by Chrome
But i am not really understand it , I need to create my own OAuth2 ?but how I can do it with chrome extension? I think maybe I need to send some request to 'https://accounts.google.com/o/oauth2/auth' + ..... to get the token but I am not sure about the parameters , and if it's right...
Hope you could help me , Thanks !
Related
How can I get a user access token using NodeJS ? I have tried mulitple approaches and I can't it to work using any of them
I tried facebook-node-sdk but, it seems it does require to have access-token beforehand.
I also tried facebook-passport but I need to get that from backend to call Facebook APIs after that
Edit
am trying to do the login, and after that publishing posts automatically, I don't have a use who will approve on the facebook popup.
A simple approach:
Use the JavaScript SDK: https://developers.facebook.com/docs/javascript/
After getting a User Token with FB.login, transfer the Token to the server with AJAX and use it on the server - either with some SDK, or with axios/fetch/whatever.
Alternatively, you can build your own login flow: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
I'm using Python and trying to login to basecamp to consume their API but i'm having some trouble with OAuth2 authentication...
How do I login without interacting with browser? I'm making a post request but it returns a 422 message...
I checked out the headers and they seem ok. I'm confused and dont know where the mistake is.
OAuth2 requires that the user authorizes the integration to access her/his account. This is done through a web page in which basecamp.com will display some HTML including a button. For this to work, the user must be logged in using the web form at https://launchpad.37signals.com/signin.
I've implemented that in Javascript: https://gitlab.petton.fr/basecampel/libbasecampel/blob/v0.2.0/proxy/src/oauth.js. The function at line 20 opens the system's default web browser in which the user is supposed to login if he/she is not logged in already.
I make users login to my chrome extension through my own OAuth2 API which uses google signin, through chrome.identity.launchWebAuthFlow with interactive set to true, and it works fine, user is prompted to sign in with google account, I get redirect url in my extension's background script, parse access token from it and everything is fine until I need to logout this user and make it possible to sign with other account.
When I try running chrome.identity.launchWebAuthFlow with interactive set to true again, nothing pops up, but redirect url is returned in background and access token is picked up for previously logged in user, so I'm unable to make my users switch account.
Is there any solution for this?
I haven't used chrome.identity.launchWebAuthFlow, but I think your question is similar to "How do I log out of a chrome.identity oauth provider".
Among the answers:
use launchWebAuthFlow with the logout url https://accounts.google.com/logout
revoking the token with https://accounts.google.com/o/oauth2/revoke?token=TOKEN
Adding &prompt=select_account into the url
As I said, I haven't used launchWebAuthFlow yet, but I wanted to help by showing you an already answered question
Assume I have an Instagram account and a website. I want to display the most recent photos from my Instagram account on website. Something I am not clear in the documentation: in order to get my access_token I need to authenticate myself? I don't get how to do it in backend side. It works fine if I logged in as my account, but in incognito, there is a dialog pops up asking username and password. I don't want user to see that.
Do I need to provide my username and password in backend side and auto login? and I don't want to see the pop up dialog asking authentication. I need everything handled in backend side. How do I achieve it?
You can authenticate and get your access_token using the client implicit Oauth, you just have to open the auth url:
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token
setup a redirect-uri in your app settings, it can be http://localhost too.
opening above url in browser will show login page, once u login, you will be redirected to your the redirect-uri, the access_token will be in the redirect-uri:
http://localhost#access_token=ACCESS-TOKEN
copy the access_token
You can then make API call to get your own latest 20 photos and display on your website:
https://api.instagram.com/v1/users/{user-id}/media/recent/?access_token=ACCESS-TOKEN
You dont need to be approved by instagram, u can remain in sandbox mode and get latest 20 pics via API.
I'm in the process of building a Google Chrome extension, and have some questions about how to implement security into the application.
I need to access a couple of Google API's so am going to be using OAuth 2.0 for that. So basically from the extension I know which user is logged into the browser.
My extension then needs to get and post data to my (nodejs) API service. I want to ensure that the user requesting data is the same user that is logged into the browser. Is there any way of using the previous Google authentication process to also authenticate communications between the extension and my API? I dont really want the user to have to log in again, to access my API.
I'm sure I'm missing something simple, and I've not been able to find anything that fits this scenario
Follow the OpenID Connect auth flow and you will get an access_token and an id_token. The acess_token you will use to use to make authenticated requests to Google APIs as usual. The id_token will be used as authentication with requests to your server.
When the requests hit your server you will need to validate the token and you can then use the contents of the id_token to identify the user.
User wouldn't have to login on auth process provided if user is already logged in and you are using a web application flow (not chrome.identity APIs) but user would see the consent screen atleast the first time. However you can skip the account selector screen if you already know the email address by providing &login_hint= parameter.