We would like to create some kind of wiki and store all articles in a github repository.
As usual in a wiki, the articles should be able to be created or supplemented by anyone*.
Now it would be nice if this would not be possible via the Github page, but from our wiki itself.
For this Github has a fairly extensive API as an interface.
*Authentication via a Github account necessary.
After some research, I found two possibilities:
via the browser OctoKit
via the server KnpLabs/php-github-api
I would prefer the browser side way, because it does not require a backend.
But the way via PHP seems to be easier for me.
Therefore, first my question, whether the following is possible via Octokit:
Authentication of a user with his Github account
Change / add files in my repo under his name
edit
After the first comment, i decided not to go the "browser-way". But the way via PHP does not work either, because i just have a webspace with limited access rights (to /.ssh) so i have to lokk for a very different way...
In order to authenticate a GitHub user with their GitHub Account, you need to register a GitHub app or an OAuth app, which you can do in your user account settings or a GitHub organization settings.
For your case, I recommend a GitHub app. It must be installed on a repository in order to grant access, while OAuth Apps are for access tokens with global access.
I don't know PHP, but creating one with JavaScript is fairly straight forward, I just created a new one recently on Glitch:
https://glitch.com/edit/#!/twitter-together
When registering the GitHub App, you need to provide a redirect URL which needs to point to your website. The user will be redirected with a ?code=... query parameter which you will need to exchange for an user access token.
See GitHub's documentation at https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps#web-application-flow
Related
I've already setup a global google drive in my project where everyone is getting files from one google drive for which i had to setup keys in google console.
Now it is required to allow users to connect their own google drives. I just want it to be simpler so users do not have to do all the process on google console to get their keys to set it up.
Any guidance from seniors is much apprecaited.
I’d recommend starting by reading about how account authentication works using Google APIs client for PHP.
Given your issue description, I believe you can achieve the desired behavior by using a Service Account.
Quoting the article above:
Google APIs such as the Prediction API and Google Cloud Storage can act on behalf of your application without accessing user information. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources.
In case you do need to access sensitive user information from you application in a Workspace environment, then I’d recommend having a look into Domain-wide delegation.
In this section of the github repo readme, you can find an example on how to authenticate with Google backend using a service account credentials via the client.
On additional note, I’d also recommend adhering to the How to Ask guidelines in order for your questions to be properly answered by the community. If you could also provide a minimal reproducible scenario as well as the code used and which difficulties you had with it would greatly help and improve your chances to get a meaningful answer in the future.
I have a small site/web application where registered users can see some files that I periodically prepare for them; I store these files in separate directories and every user can only see and download their own files.
Now, I'm moving these directories to Google Drive and I would keep functionalities like file listing and downloading.
Reading the official docs I found some interesting examples about file download/upload, but all of them talk about authorization that user must give in order to access to their Drive and this is not what I'm looking for, I don't want access to their Drive!
As I can see, the doc is not contempling the case that someone may want to give (read-only) access to own Drive. But maybe I'm missing something...
Basically, I need the list of files on my Drive account and, if requested, a way to download one (or more). The only one that has the auth to Drive account is my server, users will send request from it.
Is it possible? I think yes, but I can't find any docs about that. How can I authorize my server?
I think you're looking for the Using OAuth 2.0 for Web Server Applications where you'll be using service accounts to achieve your goal.
"This document explains how web server applications use the Google API
Client Library for PHP to implement OAuth 2.0 authorization to access
Google APIs. OAuth 2.0 allows users to share specific data with an
application while keeping their usernames, passwords, and other
information private. For example, an application can use OAuth 2.0 to
obtain permission from users to store files in their Google Drives."
The snippets are in PHP too, so it works in your favor.
I'm working on a project where I'm developing a platform. As a solo-developer I made the decision to use Lumen as a PHP back-end and create an RESTful API.
Web shops should be able to install a plugin so they can access the API without having to code themselves.
I need to keep track of the web shops that use the API. I just need the same way to retrieve access tokens like Twitter and Facebook do when you register an app.
So I was thinking about OAuth2 Server but I have never used it before so I'm not sure if I'm on the right path...
If you want your own OAuth2 system then yes you will need a server running it.
The idea of OAuth2 is to authenticate your clients where a shop equals one client.
OAuth2 is not about individual users but clients. With that idea in mind you can setup an OAuth2 server and its only job would be to authenticate each request, make sure it belongs to a recognized client and then issue a token.
With that token you can then go on and issue more requests to actually interact with the system you are building. This is a very high level view of the entire system, of course.
There can be multiple variations on this, how tokens are issued, what type they
are etc. I prefer JWT ( JSON Web Tokens ) as it's JSON and thus lightweight.
A quick search revealed this: http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/
I do have my own article on building your own OAuth2 system, however it is based on dot net not PHP. You are welcome to use it though maybe it will help clarify the concept.
Here's the link : https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/
I'm working on a custom wordpress plugin for my site. I have multiple accounts so I'll need multiple feeds. I'm using the Fascebook SDK v3 (My server has an older version of PHP that the newest SDK doesn't work on). I've downloaded and included the correct files, no errors.
I then logged into one of my accounts and created a new app to get the App ID and Secret Key. However, my plugin doesn't work because it says it's not "live".
I need to do a submit and review that requires icons, screenshots, etc. However, I don't want my app available to everyone just my page.
You don't need to create a Facebook app for this. Apps are for situations where you need to access or modify information on other users' accounts. In situations like this one, where you only need to work with information which you personally have access to, the Facebook Graph API should be sufficient.
You will need to create a page access token for the page in question, then access endpoints related to the page to get information on the page, or read its posts.
I'm building a REST API using Symfony2 (FOSRestBundle and FOSOAuthServerBundle) and I'm unsure on which grant type to use for this service.
I will have other developers register as users. I was looking at GitHub, and for each user they have a section called 'applications' in their settings which allows adding an application and it gives back client_id and client_secret. But AFAIK GitHub uses the authorization grant type which means you're sent to GitHub to accept and then redirected back to your application with the auth code (does the auth code live forever or what?). I'm not sure if this is what I'm looking for.
What I want is a way to allow developers to consume my API with me knowing who is accessing (FOSUserBundle integrates pretty well here) and what they are allowed to do.
Also, I'll have my own browser based application, Angular.js probably which is the main website where developers can register. It will make API calls to present data for whichever dev logs in. I could use a Node.js backend (need it for some other stuff) so the actual calls are made from there instead as it seems browser only applications aren't really safe. I was thinking of using client credentials grant type from the Node.js backend.
And last, I'll have my own mobile app interacting with the API. Since it's a trusted service it should use Resource owner credentials grant, right?
I'm not sure I understand what you ask for here. As I understand it your developpers will have an account on which they will have to log in in order to use your API. In this case Client Credentials does not seem appropriate, since it would not identify a developper but a client. A client does not represent a user, it represents "an application that accesses your API" (it, in your case you would have one client for your mobile App and one client for your Angular website). I would use a password grant type, that does not redirect you to an external service.
When I had to implement a OAuth2 authentication for my API, I found this article very helpful, it is based on a Symfony2 example but most of the explanations apply everywhere.