I am working on a PHP Application which uses github oauth. It will be available for everyone to download and use. Users will use it on their own web hosting domains.
The problem is that I cannot set a fixed redirect uri for all of them.
How should I set things up so that the users are able to use my application wherever they install. The OAuth authentication response should always redirect to the origin of the request.
Github OAuth Documentation
Register a new OAuth application at Github
For my specific case, if that matters, only a single user will authorise via Github per installation.
Related
I am using XAMPP for Linux 5.6.30
I want to integrate 'Google Adwords API' in my project for display campaigns details.
I create new project in developer console with help of this guide
for 'Web client' and define Authorized JavaScript origins:http://localhost AND Authorized redirect URIs:https://localhost/googleads/
Also try Authorized JavaScript origins:http://report.myproject.com AND Authorized redirect URIs:http://report.myproject.com/googleads
I also refer some solutions on StackOverflow which discuss previously but I can't get a solution .
When i run `PHP GetRefreshToken.php' in the terminal, it generates one URL but when i open that URL is displayed error 'Error: redirect_uri_mismatch' with this message 'The redirect URI in the request,xxx.xxx.xxx can only be used by a Client ID for a native application. It is not allowed for the WEB client type.'
I also have developerToken and clientCustomerId of Google Adwords account.
Is am i doing right way or not?
is google adwords integration works in localhost server or i have to put it on my live server?
My project is already on live server i just integrate adwords api in local server
You can refer to below documentation.
Using OAuth 2.0 for Web Server Applications
Example for end-to-end OAuth2 using php is Given here.
Create authorization credentials
Any application that uses OAuth 2.0 to access Google APIs must have authorization credentials that identify the application to Google's OAuth 2.0 server. The following steps explain how to create credentials for your project. Your applications can then use the credentials to access APIs that you have enabled for that project.
Open the Credentials page in the API Console.
Click Create credentials > OAuth client ID.
Complete the form. Set the application type to Web application. Applications that use languages and frameworks like PHP, Java, Python, Ruby, and .NET must specify authorized redirect URIs. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses. For testing, you can specify URIs that refer to the local machine, such as http://localhost:8080.
Google recommends that you design your app's auth endpoints so that your application does not expose authorization codes to other resources on the page.
I have php application build in Laravel and hosted it in a server.
I have also created a (G-suit) google admin account(https://admin.google.com) with my domainname(http://www.example.com) as a admin i have created few users (abc#myhost.com, xyz#myhost.com) from the google admin console.
Now Instead of creating a full authentication system in my application, What i want is that my users can login to my php application with the email address that i have created for them as admin.
How can i do this ?
You could integrate 'simpleSAMLphp' (https://simplesamlphp.org/docs/stable/simplesamlphp-sp) into your app. Then your app will act as a SAMLv2 ServiceProvider and will consume SAMLv2 assertions issued by Google SAMLv2 IdP (https://support.google.com/a/answer/6087519?hl=en). There are also other PHP-based SP-implementations available, or you could use SAML SP Apache http server module if you are using Apache http server.
You may check this documentation about user accounts. It says that to create a user account using one of your domains, use the following POST request and include the authorization described in Authorize requests.
POST https://www.googleapis.com/admin/directory/v1/users
You may check on this example.
I am working on a legacy PHP site that has been upgraded recently to use HybridAuth to support social login. Some new services are under development and are being done using ASP.NET Web API (and are on a subdomain of the php site).
What I'm struggling to figure out is how I can authorize access to these services from this legacy PHP site. It seemed like the right thing to do was to create a separate Authorization Service, but this doesn't seem to be the right approach when it comes to using existing external OAuth providers.
Is there some way I can proxy the oauth_token and oauth_verifier tokens that I get in the response from an external provider (say Twitter) to my web API service and get a valid bearer token back?
I am building an app for the Google Marketplace and just made the switch to OAuth 2.0 from 1.0 before final deployment.
Before the switch, I was able to use the provisioning API to fetch users in a domain that has installed the app given, appropriate permissions have been granted.
My experience with the Directory API (the OAuth 2 counterpart) requires that i perform a 2-legged OAuth to get an access token which I then uses to perform the Admin action. This only works if the access token belongs to an Administrator user of the subject domain.
There's a section in the app that pulls all users from the domain and I need this to be accessible to all logged in users including non-administrative users of the domain.
Didn't have such problems when I was using the provisioning API using the Zend library
Not sure. But the following post might be helpful
Until recently this technique was mostly performed using 2-Legged
OAuth 1.0a (2-LO). However, with the deprecation of the OAuth 1.0
protocol and the resulting programmed shutdown of 2-LO, the
recommended authorization mechanism is now to use OAuth 2.0 and
service accounts.
source -
http://googleappsdeveloper.blogspot.com/2012/11/domain-wide-delegation-of-authority-and.html
I'm trying to implement Google Drive API. They have quick start example here which is using Google OAuth 2.0. Using for a web application where user will use drive api for creating folder and save files, edit files etc.
Now the problem is OAuth 2.0 is redirecting the page and for authCode and then back to callbackUrl again ie. the usual way. Is there any way so that I can get the authCode without redirecting the url, by using cURL or some library that can do that without redirecting.
I'm using PHP for this app.
We currently offer an alternative flow for installed apps that doesn't redirect back to an app but outputs the exchange code. In order to be sure that user is explicitly giving permissions to your application, we need to intercept the flow for a user action.
If there are no end users involved in your use case, you may like to take a look at the service accounts: https://developers.google.com/accounts/docs/OAuth2ServiceAccount Service accounts also provide impersonation for Google Apps domains.