I've already setup a global google drive in my project where everyone is getting files from one google drive for which i had to setup keys in google console.
Now it is required to allow users to connect their own google drives. I just want it to be simpler so users do not have to do all the process on google console to get their keys to set it up.
Any guidance from seniors is much apprecaited.
I’d recommend starting by reading about how account authentication works using Google APIs client for PHP.
Given your issue description, I believe you can achieve the desired behavior by using a Service Account.
Quoting the article above:
Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources.
In case you do need to access sensitive user information from you application in a Workspace environment, then I’d recommend having a look into Domain-wide delegation.
In this section of the github repo readme, you can find an example on how to authenticate with Google backend using a service account credentials via the client.
On additional note, I’d also recommend adhering to the How to Ask guidelines in order for your questions to be properly answered by the community. If you could also provide a minimal reproducible scenario as well as the code used and which difficulties you had with it would greatly help and improve your chances to get a meaningful answer in the future.
Related
We have been developing a multi platform project which will eventually have an Android app, an iOS app and a web application. We are impressed with the features offered by Google Firebase therefore trying to leverage the opportunities.
Since our product is a multitenant software-as-a-service application we have custom authentication requirements. Therefore we followed the custom authentication implementation path of Firebase and it is functional now.
Our mobile clients send login requests to our API server,
Our API server issues customTokens and reponds them back to the clients,
Clients call signInWithCustomToken(customToken) method to sign in to Firebase.
So far so good.
What the issue is, our backend is in PHP and Firebase doesn't have an official Admin SDK for PHP. Yes, there is a package called kreait/firebase-php on Composer however it is far away from covering all of the Auth Admin SDK features. For example, there is a documented disable-user feature which is available on Firebase Admin SDK, however that operation is not implemented on the kreait/firebase-php package.
On the other hand Firebase has a Auth Rest API which just works with the API KEY. However, (I suppose ) it is designed to work on the client side therefore it just has operations for the authenticated user.
Our API server is already hosted on Google Compute Cloud and has the maximum set of access permissions on the Google Cloud services.
We have the Firebase service account file to work with the Firebase Auth services.
What we need is to consume all available Firebase Admin SDK features (possibly via Rest). For example, we would like to call revokeRefreshToken(uid) when a user changes his/her password on one of his/her devices.
Since at this specific issue there isn't any documentation, what would you advise us to do?
Update (25 January 2018)
The above mentioned missing endpoints on the Firebase unofficial PHP Admin SDK are now implemented by the maintainer after a productive discussion on a Github issue. However, I would like keep this question open since the nature of the question is asking for ideas for further collaboration and discussion.
Maintainer of said unofficial PHP SDK here :). You already have updated your original post to include that the SDK now supports the features that were missing.
I am posting this as a dedicated answer to be visible to people arriving here and searching for answers as well.
Although the Admin SDK for PHP is still not feature complete, we are getting there. I added feature matrix to the README of the Github project so that you can quickly see what is available and what isn't.
Going forward, I will implement new features by either implementing things similarly to the official Admin SDKs (especially https://github.com/firebase/firebase-admin-node) and by using the existing libraries provided by the Google Cloud Platform Library.
At some point in the future, Google will certainly provide all the necessary building blocks to use Firebase efficiently with PHP, but until then, I am happy about every happy PHP developer using my library :).
FYI: I just released a new version (4.1.0) which includes support for Firebase Cloud Storage and did in fact use the google/cloud-storage for that.
I think you can use the Identity Toolkit libraries provided by Google. Here's the one for PHP: https://github.com/google/identity-toolkit-php-client
I'm a php developer for my firm, and I'm kindoff stuck with this concept form Oauth.
I've been searching the web and read almost every article I could find about oAuth but still it won't get to me how to handle this situation.
I live in the Netherlands so forgive me if my writing is sometimes a little bit off.
I'm working on an application for our company. Its an online work platform, where people can sign up to to find work.
We sell our online application to companies who offer jobs and such.
So we have for every company that buys our web application an url like: http://companyname.onlinejobs.com ( for example ).
So we have backend users that can login in their application and they each have different roles and permissions.
We also have http://onlinejobs.com as a website where everybody can sign up to view job oppertunities and much more.
So we also have a frontend user, that also can have multiple roles, such as a free user and a premium user.
We've build a REST API that holds all methods to add and view jobs and profiles etc etc. We want this API to only be accesible to the clients that we register.
So if I register company1.onlinejobs.com than that in my opinion is a client, and can only use our api.
But now we want to intergrate oAuth to the situation.
We want the API to be protected from any unregistered clients, but we also want to make sure that a frontend free user, cannot access surtain api calls that a premium frontend user can make.
or is that permission based behaviour not something for oAuth?
Wich grant type that oAuth2 uses can we use for our situation?
I really need some help with this guys.. Hope somebody can give me a clear explanation about what to use best, or maybe even not at all.
We had a similar use case and we built our own authorization server that can handle the following use cases
Authentication and authorization from the
web applications
javascript enabled apps [Like SPA apps]
Native apps like windows services or windows apps
We have used the following flows in OAuth2.0
Authorization Code
Implicit flow
Resource owner credentials
Hence, the right choice of the flow needs to be decided on the types of applications that you plan to support.
HTH
I am new to OpenID and have been requested to build a login system to work with the company's Google account. They want to restrict logins to users of their domain. They login into Gmail using their domain and they want this feature to allow access to their systems.
Let's say the domain is example.com. They would log into Gmail as user#example.com or go to their domain login page to access their accounts.
I have been doing some research and it seems that the Google Federated Login is what I should be working with. I downloaded the Google APIs Client Library for PHP and have been playing with the examples but I still cannot get it to restrict access to whom logs in. Currently anyone with a google account seems to be able to login. Also, the API wants to access certain information... I only want to authenticate the user to ensure they are a valid user of the domain and eventually allow SpreadSheet Access in Google Docs so that another script (in the same system) can create SpreadSheets while the user is updating the system.
So my questions are:
1) Which service do I need to enable in the Google API console? Enterprise License Manager API is the only service that is enabled.... I'm starting to think maybe I should disable it.. Do any services have to be enabled? I'm not really sure about this.
2) Is there anything special about the PHP Google APIs that would require me to use Google's API or is this functionality available with any OpenID library? If the latter, which libraries are good for what I am trying to accomplish? (PHP)
3) I have found a few examples for allowing login with a Google account but I haven't found a single one for restricting it to a single domain. I am sure this is possible but am starting to feel that it's very difficult to implement... Any information on this would be very beneficial.
Thanks for any information you can toss my way.
I am implemented In App Billing for android.I wanted to implement subscription validity checking through my backend server. As Google Play Documentation, for making call for Google Play API,need authentication using oauth 2.0.
I followed instructions for registering project and creating credentials. But from there I have no idea how to use those credentials, I tried authentication via CURL request, but it asking permission as shown in follwing image
This permissions works fine I can exchange code and get access token, but all this done by manually, how should I implement this on backend.
I even try to use google api php library provided by Google, but It adds confusion. Also they didn't provide any example, how to use library.
Can anybody elaborate how exactly use library or pure php?
Thanks in advance.
To perform LVL and/or IAB validation on a server, do not access Google servers directly from the server. Even if all information were available, you would face integrity problems, because your app and your server will see different information due to synchronization latencies.
Instead, use your app as a proxy and validate the Google Play information on your server as described here.
Hi guys I have a google apps account set up and even set up a simple hello world application from the available samples on the tutorial however I need to set it so I am able to interact with the google docs account associated with the account which has added my application.
To interact with google docs I am aware that a token is requested from google upon authentication and verification of the account however that is in a situation where you code specifically for interacting with google docs - I'm talking about having access to the google docs of the account which has added my application so my application can be used to upload documents to the google docs and make references to them - basically my application is a resource management application and it needs to be able to store references to google docs.
UH never mind I figured out ... next time I'll follow the documentation more carefully :(