I am developing a chrome plugin which allows the users to email any web content from a html page. For that, I need to use the google authenticator api to allow users to log into their google accounts for sending emails. The OAuth2.0 specs require the redirect_ui parameter which is the url to be called after google authenticates the user. My question is whether it is possible to skip this parameter. I don't want the plugin to be hosted anywhere. I am thinking that it would be hosted locally on the user's machine.
Thanks in Advance.
Google has made a library specifically for using OAuth in Chrome extensions. You can check out the tutorial here.
In case someone stumbles upon this answer in 2017+, extensions (in Chrome and FF) now have a chrome.identity API.
It takes care of the OAuth dance for you, and provides you with a virtual redirect address https://<your-extension-id>.chromiumapp.org/ that will be intercepted by the browser. That way, you can provide a redirect URL without hosting anything.
Related
I'm updating a Chrome extension I've written to make use of Google Drive API. It does not require any sensitive scopes; it will use the ..auth/drive.file scope. I've followed the tutorial for OAuth2 authentication for extensions:
https://developer.chrome.com/extensions/tut_oauth
and a few other web resources to get it working in local development. One thing that is not discussed in the tutorial is the OAuth consent screen on the Google APIs console (https://console.developers.google.com/apis). I want the extension to be publicly available, not restricted to my organization. Do I need to obtain verification from Google in order to do this, even if not making use of sensitive scopes? Do I need to follow all the steps included here:
https://developers.google.com/apps-script/guides/client-verification
including creating a website? I don't actually know what app-scripts are; I just found this page by googling for oauth verification.
For what it's worth, on the edit form of the OAuth consent screen of the Google API console, there's a Sumbit for verification button. It is disabled. The tooltip says "Your changes don't require verification". So maybe all is good, as is, without the need to do anything more?
You only need to submit your application for review by Google if you use sensitive scopes.
I can also confirm this as I have a number of public facing apps that did not require verification as they do not use sensitive scopes.
Google also makes this apparent by displaying a warning on the OAuth Consent Screen (console.developers.google.com/apis/credentials/consent?project={your-project}) only when you use a sensitive scope.
I'm writing a client in NodeJS that is meant to replace using a website, and it isn't my website. It uses Facebook to log in. Is it possible to log in via a Facebook username/password? It seems modules like passport-facebook are intended for use with a website that you own, which is not the case in my scenario.
I suspect that I can't login with a username and password, so I'd have to sniff web traffic of me browsing the normal website for my token for the website, and then somehow use that in Node, but I hope this isn't the case.
Thanks for your help.
I am creating a website that contains a bracket system for a Rocket League tournament. I have set up OpenID for Steam, so that handles PC users. However I am trying to branch out to the console communities. Is there a way I can use OpenID to allow a user to sign into my website with their PSN login?
I mainly just need their ID to keep track of their scores, but if I can get a
PSN API to work with an OpenID login it would be fantastic!
Thanks in advance?
See:
http://www.programmableweb.com/api/psn-sign
This may be what you need:
This API allows people to use the Playstation Network SignIn for their
own sites. If a developer's site URL is allowed by Sony, they can set
their site as the returnURL by GET. This allows them to bypass Sony's
official External PSN Sign In page. The site forwards to a developer's
site on a successful sign in with a sessionId by GET. There is no
official public API to convert the sessionId into a user specific
value (like the PSN-ID). The API converts a valid sessionID into a
proper PSN-ID.
You didn't say what did you try so far so I don't know it you already tried that or not.
You all know this page.. Is there ANY way to customize this page somehow?
I thought using an iframe and custom the HTML but Google won't let
me embed their websites..
I thought using a Google Site and inserting a login gadget but there
is no login gadget.
What I want is a custom page where my clients can login to their gmail, drive....
What I want it's not impossible, this guys http://www.cloudcodes.com/custom-login-page.html offers you the possibility to custom the login page and even redirect you to another page after you've logged in.
Directly editing the native login page at accounts.google.com is not possible.
However, for Google Apps accounts, you have the option to set up the Single Sign On service, which allows you to authenticate through a third party provider (Or yourself, if you have the ability). What GControl are offering is this service, although they've labeled it misleadingly, to make you believe your actually editing the login page, rather than redirecting your users to a secure login.
They do it very well though, leveraging the Google Apps APIs to allow you to write and setup the service in their own console.
Source: I installed the service and tried their free trial, and they simply used the APIs to enable SSO on my domain.
Edit for clarity: SSO setup is not available for consumer Gmail.com accounts.
I am making an API in NodeJS that 'll be used by a website and iPhone native app at the same time.
There is a chance that API URL will be exposed to user when used in javascript for website. I only want authorized access to the API. Don't want anyone call API via console. like user/delete/[user-id], anyone can use this URL to delete a user.
Check out http://passportjs.org/
There are plenty of authentication strategies to use. Don't reinvent the wheel here. ;)