We want to use Office365 Rest API and Oauth2 to access Calendars for multiple Organizations.
Rest and Oauth2... No problem.
Same organization... No problem.
Different organization... Big trouble!!!!
We want our web application to have an office365 login similar to the Facebook connect experience for any office365 user in any organization (Multi-tenancy).
Has anyone successfully done this? Any language?
Is there something to configure in the app beyond selecting "Multiple Organizations"?
Note: we are developing our application in PHP5+.
Yes, the walkthrough here generates an ASP.NET C# app that reads calendar for multiple organizations. A user in any organization can login and display their calendar.
You didn't say what the trouble is. Are you getting a specific error?
Related
I use Google OAuth to sign in my Web Application which was created as a project in Google Cloud Platform i.e. Project1.
I have a user with custom role in this project. After I logged in with my Google account, I'm able to get userinfo using Google_Client (PHP library - google/apiclient). However, I'm having a hard time figuring out how to get the custom role for the logged in user. I tried using Google_Service_iam but get Uncaught Google_Service_Exception: 404 Not Found.
Is this a correct way of building a role based control web app utilizing Google IAM?
Although it would be somehow possible by building it yourself, I would not directly use IAM as an authentication provider. Instead, use the Identity Platform or something like Auth0 or Okta. Myself, I prefer Firebase Authentication, which integrates easily with all popular languages and frameworks.
IAM is meant to authorize users within GCP, and not in a custom web-app. In your setup, you would have to add every future user to Gsuite and IAM, which is very costly and not designed for this purpose.
I would recommend taking a look at the Authentication Strategies for application developers.
Since you need to grant to Google Cloud APIs on behalf of an end user, you may use the protocol OAuth 2.0 protocol. The application initiates an OAuth consent flow where you application will receive the user's credentials. With these credentials, it can call Google Cloud APIs on behalf of the user.
Another solutino as Nebulastic also suggested, is the Cloud Identity Platform, where you can configure custom claims to restrict a user's access to a resource depending on their role.
I've developed a website with the usual crud functionalities in Codeigniter and MySQL. I'm now tasked with creating a mobile app (with the same functionalities ) in Ionic 2.
To access my database with Ionic, I created a REST api -- which I was able to manipulate smoothly.
My questions are:
How, or can I, use my MySQL users' credentials to log in on my Ionic 2 app?
How can my web and mobile can share the same database?
I've been reading a lot about Fire base,etc. However, my tiny brain is unable to comprehend whatever I read. If anyone can point me to right direction, I would highly appreciate it. Thanks!
When developing an Ionic App you have to think of it as if you were developing a regular website. The only difference is that you have access to native device features with cordova plugins, but the whole flow is almost exactly like in a regular website (it is an angular application after all).
This means you can use your API just like you use it in your website. There is no need to use firebase. (Firebase is kind of like a database itself that you could use INSTEAD of your MySQL backend)
Totally agree with #Andreas. When you build a modern application that supports on the different platforms such as web or mobile, you need to design a standard API and then next step is to build a web application/mobile app to consume this API. And because of all the web/devices are all consuming from the same API, they are interacted with the same database. Unless they are using different API.
Can refer to the image below for easy understanding.
So talk about how authentication and authorization can be done from the mobile app or from the web app. You should take a look at OAuth2. It is a protocol for securing API services from untrusted devices, and it provides a nice way to authenticate mobile users via what is called token authentication.
The workflow will look like below, on both web and mobile app.
A user opens up your mobile app and is prompted for their username or email and password.
You send a POST request from your mobile app to your API service with the user’s username or email and password data included (OVER SSL for sure. If you don't know about it, google it).
You validate the user credentials, and create an access token for the user that expires after a certain amount of time.
You store this access token on the mobile device, treating it like an API key which lets you access your API service.
Once the access token expires and no longer works, you re-prompt the user for their username or email and password.
Reference
REST API from PHP
The ultimate guide for Mobile Security
I know the question is Kinda Silly but i want to know what exactly is oauth and how does it work with facebook,twitter etc.
And also if i want to implement it for my website like creating a login from my website button how can i do it
Definition
According to Wikipedia:
OAuth is an open standard to authorization.OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
So OAuth is commonly used as a way for web surfers to log into third party web sites using their Google, Facebook or Twitter accounts.
Working Example
Lets say you have a Gmail Account. You decide to sign up for LinkedIn.Adding your friends manually can be sketchy and painful. You might get fed up half-way. So you might be tempted not to create an the LinkedIn account after all.
LinkedIn got a nice idea and wrote a program to let the computer fetch all the data from your Gmail Account.
Without an API for exchanging this list of contacts, you may have to comprimise your email account to LinkedIn so here is where OAuth takes charge. If your Gmail supports the OAuth protocol, then LinkedIn can ask you to authorize them to access your GMail list of contacts.
References :
1)http://en.wikipedia.org/wiki/OAuth
2)https://blog.apigee.com/detail/when_to_use_oauth
I'm a php developer for my firm, and I'm kindoff stuck with this concept form Oauth.
I've been searching the web and read almost every article I could find about oAuth but still it won't get to me how to handle this situation.
I live in the Netherlands so forgive me if my writing is sometimes a little bit off.
I'm working on an application for our company. Its an online work platform, where people can sign up to to find work.
We sell our online application to companies who offer jobs and such.
So we have for every company that buys our web application an url like: http://companyname.onlinejobs.com ( for example ).
So we have backend users that can login in their application and they each have different roles and permissions.
We also have http://onlinejobs.com as a website where everybody can sign up to view job oppertunities and much more.
So we also have a frontend user, that also can have multiple roles, such as a free user and a premium user.
We've build a REST API that holds all methods to add and view jobs and profiles etc etc. We want this API to only be accesible to the clients that we register.
So if I register company1.onlinejobs.com than that in my opinion is a client, and can only use our api.
But now we want to intergrate oAuth to the situation.
We want the API to be protected from any unregistered clients, but we also want to make sure that a frontend free user, cannot access surtain api calls that a premium frontend user can make.
or is that permission based behaviour not something for oAuth?
Wich grant type that oAuth2 uses can we use for our situation?
I really need some help with this guys.. Hope somebody can give me a clear explanation about what to use best, or maybe even not at all.
We had a similar use case and we built our own authorization server that can handle the following use cases
Authentication and authorization from the
web applications
javascript enabled apps [Like SPA apps]
Native apps like windows services or windows apps
We have used the following flows in OAuth2.0
Authorization Code
Implicit flow
Resource owner credentials
Hence, the right choice of the flow needs to be decided on the types of applications that you plan to support.
HTH
I want to use Google Spreadsheets as a database when somebody fills out a form. Currently I have been able to use google spreadsheets with google account that does not have the two step authentication enabled. I did that with the Zend Framework.
I want to take it one step further and use the two step authentication so that even authenticated google account will also be able to store information in Google Spreadsheets.
I have a php website, how can I ask the user to authenticate and enable his website to access his spreadsheets and write in them.
I am seriously stuck. Any help will be much appreciated.
Sounds like you will need to use OAuth2 with Google Speadsheets API v3. This will allow users of your app to give it access to their Google docs.