Morning folks,
I need to implement a way to force authentication of people inside a Google Apps domain to access a website.
To be clear, an user try to get site.com.
If he doesn't have a cookie, then he's redirected and forced to the Google OAuth2 login form.
If he has one, then he can visit the website.
In addition, the aim here is to restrict the login to only the users inside a Google Apps domain (people with other Google email adresses like Gmail won't work here).
I hope I was clear enough, thanks a lot in advance for your help guys ;)
If the website is running on an Apache webserver, or you can front the website with an Apache web server operating as a reverse proxy, mod_auth_openidc (https://github.com/pingidentity/mod_auth_openidc) can enforce authentication with a Google Account and restrict it to a particular Google Apps domain, see: https://github.com/pingidentity/mod_auth_openidc#openid-connect-sso-with-google-sign-in
Related
In my PHP web application, users can sign-in with their Google accounts. The auth flow works fine, but there is one case, when I am getting an error while sign-up via Google account. Say, I shared my app link to a user via Skype. He/she opens Skype app on their iPhone device, click on the app link and press sign in via Google button. As a result, I am getting 403 error, disallowed_useragent.
I read, that Google doesn't longer support OAuth requests to Google in embedded browsers known as “web-views”. The recommendation is to use devise web browser. However, I am a little confused here, as how can I tell my app to open user's devise web browser.
Does any one can help me and explain how should I deal with this Google restriction?
It is the app which has to show the login page in the web browser, in Android this can be done with using Custom Tabs, in IOS with the SFSafariViewController. Those controls use the native browser to show the login page and prevent the app from sniffing the user entered password (as you could do with the WebView).
It is not clear to me if it is your own app which tries to open the login page or if it is done from Skype, both are mentioned in the question. If it is your own app, you can use those controls, otherwise there is not much you can do, because you cannot control how a third party app handles the login.
For yahoo I am using SocialSample app of yahoo. I can login to yahoo account but it redirects me to a url which I am providing as a fallback url in session authorization.
[self.session sendUserToAuthorizationWithCallbackUrl:#"www.yahoo.com"];
I have no idea how to redirect from browser to my app. I have searched stackoverflow and there is this link How to use Yahoo! contact api in iOS application? in which php script is advised to use. But I have no experience in php. So I am unable to understand the whole logic behind this.
Also when I tried to create a project on developer.yahoo.com, it asks me to provide a domain name while I select private access to user.
help me on these issue.
I am new to OpenID and have been requested to build a login system to work with the company's Google account. They want to restrict logins to users of their domain. They login into Gmail using their domain and they want this feature to allow access to their systems.
Let's say the domain is example.com. They would log into Gmail as user#example.com or go to their domain login page to access their accounts.
I have been doing some research and it seems that the Google Federated Login is what I should be working with. I downloaded the Google APIs Client Library for PHP and have been playing with the examples but I still cannot get it to restrict access to whom logs in. Currently anyone with a google account seems to be able to login. Also, the API wants to access certain information... I only want to authenticate the user to ensure they are a valid user of the domain and eventually allow SpreadSheet Access in Google Docs so that another script (in the same system) can create SpreadSheets while the user is updating the system.
So my questions are:
1) Which service do I need to enable in the Google API console? Enterprise License Manager API is the only service that is enabled.... I'm starting to think maybe I should disable it.. Do any services have to be enabled? I'm not really sure about this.
2) Is there anything special about the PHP Google APIs that would require me to use Google's API or is this functionality available with any OpenID library? If the latter, which libraries are good for what I am trying to accomplish? (PHP)
3) I have found a few examples for allowing login with a Google account but I haven't found a single one for restricting it to a single domain. I am sure this is possible but am starting to feel that it's very difficult to implement... Any information on this would be very beneficial.
Thanks for any information you can toss my way.
I have a web app that users upload files to. I want to authenticate users using this app and they all have Google App email. If I can integrate just Google App authentication to my web app, that had be awesome.
I just don't want to convert the app to Google App Engine (Python/Java) or knit a Google App webpage on top of PHP web app to authenticate.
Is there a possibility like - I ask Google, pl authenticate user - if yes? then load page or else - sorry!
Hope I made sense. Any help is much appreciated!
p.s : The web app in question as well as google app email are on the same domain, mycompany.com. (webmail.mycompany.com and myapp.mycompany.com)
You can use open auth to do logins with google. The user will need to be redirected to google to login if they aren't logged in yet. Don't know if is what you mean when you say "knit a google app webpage on top of a php webpage" but that is unavoidable.
Take a look here https://developers.google.com/accounts/docs/OpenID
Use Google's OpenID.
Hi guys I'm working on my google apps application - currently I've build the authentication upon the example available at google namely this url
The problem is that the session seems to time out and that everytime I am logged into my google apps account and go to my application I need to authenticate again and go through the screen where google asks me if I should allow the application to access the services like GMAIL, Docs etc listed in the manifest xml file. I don't think I'm doing it right as other applications allow instant access.
Any ideas
you should store and reuse the oauth access & secret key. this should avoid the re-authentication with google (or other oauth based services) - unless your access key has been revoked of course.
Cheers!