Google recently announced that they are deprecating OAuth via a webview.
Since B2C is a server side process, is this still going to work?
Based on my understanding, the blog you mentioned is declaring that the Google not allow that OAuth requests to Google in embedded browsers known as “web-views”.
In the coming months, we will no longer allow OAuth requests to Google in embedded browsers known as “web-views”, such as the WebView UI element on Android and UIWebView/WKWebView on iOS, and equivalents on Windows and OS X.
It means that it will only affect the native apps which using the “web-views”. It doesn’t matter when you use the B2C if you were developing an web application.
Related
I want to create a REST Api using NodeJS and make a request to some google apis(like gmail, contact and people api). I have created a project in google developer console and then enabled all necessary google apis in my project. Now when creating credentials(selected OAuth client ID), i am confused to choose the application type among 'Web application' and 'Others'. If i choose Web Application then what will be the value for Authorized JavaScript origins and Authorized redirect URIs
Note: I will be using this REST API for a chrome extension and an IOS app later.
https://developers.google.com/+/web/samples/javascript
states
"Note: Use a single project to hold all platform instances of your app (Android, iOS, web, etc.), each with a different Client ID."
Which means you would be fine selecting Web Application for your needs.
I am developing cordova based hybrid mobile apps targeted for android and iOS smartphones.
Usecase: The application authenticate user and then would be accessing Google Calendar API's, and finally display user events on the app.
Note: I will be Using 3-legged OAuth and Google Data APIs without the client libraries.
Question
The Cordova-enabled WebView provides the application with its entire user interface, so what should be the application type in this case?
Since everything is going inside webview, so Shall I choose "Web Application"?
OR
Do I need to create seperate Applications type for Android and iOS
seperately?
Or can iOS Application Type work for both Android and iOS?
Please suggest what should be the proper approach to choose application type in this case.
Thanks!
It depends on how your app is setup. If you plan on handling all of the OAUTH processing on a backend server then you can use the Web application type, and you can have all the OAUTH work offloaded to the backend server.
If you do not have a backend server and will do all OAUTH processing on the user's device, then you should create both an iOS and Android client ID. For example:
https://github.com/EddyVerbruggen/cordova-plugin-googleplus
This plugin's documentation shows the creation of both an iOS and Android client ID to enable Google Sign In on a Cordova app.
I am developing a web server that
1) Provide normal cookie based sessions for desktop browsers
2) Provide JWT for mobile and REST api and some times we can use JWT for browser also
3) In future I have plans to provide OAuth functionality for this server.
Suggest me the way how to identify the request is coming from either desktop browser or native mobile web app or OAuth client
As for the desktop vs. mobile issue you can take a look # https://stackoverflow.com/a/3540295/358280 and https://stackoverflow.com/a/21758511/358280
And for the distinction between your jwt tokens and oauth i suggest you take a look at https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/#token-oauth (section 9).
I am not sure if this is new behavior, but I have noticed that it is possible to install chrome extensions from the web store without signing in to Chrome, but currently installing any packaged app (even those which do not request "identity" permissions) is gated by signing into chrome with a Google account.
Is this a bug, or an attempt by Google to get more people to create Google accounts?
At this time (Sept 2013) Packaged Apps offer developers an always signed in user, and offers users a consistent experience across all devices where they sign into Chrome. All APIs that rely on a signed in user are available and will work as expected. Identity is one, but so are the various storage APIs that rely on chrome sync. The application launcher experience is also tied to an individual, synchronizing installed apps to all devices they use.
The team has had some discussions about possible future support of apps not tied to an individual, in incognito or guest mode, etc. If you have thoughts or use cases to share the most productive place to do so is on chromium-apps.
You can allow users install extensions and apps without having logged into Google Account when using Inline installation on your website.
If you are regular user and just want to install extension from Chrome Web Store without signing in you can use Chrome Extensions Downloader website
I have to build an web-app for Google Apps market place where my app would enable Google Apps user to access and backup their Google Apps email to my server.
While I have a good knowledge with PHP and etc, with no prior knowledge to Google Apps development, I have been reading developers.google.com documentation since last couple of days and everything seems to start confusion with each-other now with SAML, Oauth2, OpenId, SSO etc, and Google Apps Mail and Gmail itself. So far, I have done helloworld app from the documentation that accesses the calendar and uses SSO for it.
I wish if you could point me to the right direction about how I should proceed to accessing the mail of the Google Apps user.
Since you wish to use the Google Apps Marketplace, you'll want to use 2-legged OAuth 1.0 with your application. OAuth 1.0 is officially deprecated but it's still the only supported authentication method to Google Accounts for the Marketplace.
Instructions for authenticating to Gmail IMAP via 2-legged OAuth 1.0 are available at:
https://developers.google.com/gmail/oauth_protocol
Seems like you are in the right place already - if you are going through the main developers.google.com documentation, that's where it should be.
I have had a look through their documentation, and found this though: Mail PHP API Overview
A quote from the above link/documentation:
App Engine applications can send email messages on behalf of the app's
administrators, and on behalf of users with Google Accounts. Apps can
receive email at various addresses. Apps send messages using the Mail
service and receive messages in the form of HTTP requests initiated by
App Engine and posted to the app.
More information:
Getting Started - Introduction - Google App Engine
Tutorial - Hello, World! - Google App Engine
Installing the PHP SDK - Google App Engine
EDIT
As I mentioned in the comments below, after further searching, I found this documentation for Google Data Apps APIs which should be helpful (the page currently 404s, but I've sent off a message to Google, so hopefully it should be fixed soon).
There is also a depreciated version of OAuth 1.0 that you could use to authenticate Gmail with IMAP/SMTP, using standard "three-legged" or non-standard "two-legged" OAuth.