I have a problem with Oauth2 Authorization.
I'm using google-api-php-client to communicate with G+ server. Init URL seems OK (generated by lib with setAccessType('offline')). But each time user connects Google don't ask about offline access. And of course a little bit later token becomes expired.
Here is the example of generated URL
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fwebaserver.com%2Fapp_dev.php%2Fsocial%2Fgoogle%2Fcallback&client_id=271195014651.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&access_type=offline&approval_prompt=force&state=319d6021eeec33122901e36e7ce9149d
Am i forgot some important details?
Have you accepted the ToS for G+ API? If not, that's probably why your application is being barred. Visit the project console and look for the APIs tab.
More detail on parameters:
If you include 'approval_prompt=force' you will prompt the users to re-authorize every time. You should remove it unless you're doing for a very specific reason (lost refresh_tokens on database corruption event, for instance).
If you include access_type=offline you'll obtain a refresh_token whenever the user sees a consent page. You should store it and re-use it after the initial access_token has expired.
Was access_type=offline in place the first time the user authorized the app? I'm guessing not.
The system will only send a refresh token the first time you request authorization, even if you use approval_prompt=force or you change the access_type to offline at some later point.
You can to go the Manage Apps page and Edit App by hovering over the app and then clicking on the pencil that appears. You can then select Disconnect and the auth system will treat future logins as if it was the first time you're authenticating to the app again. You should use this system instead of approval_prompt=force to test against the first-time user experience.
Related
I have implemented google drive api in my website(in php) with the Oauth 2 authorizing method where different users have to enter their own client id and client secret to access files in his/her google drive.
But to make it more user friendly I am planning to implement Google+ Sign-in method as in this url https://developers.google.com/drive/about-auth.
Can anyone provide me with a tutorial on how to use google + sign in to get the refresh token for google drive api requests?
These are the steps ...
Call the auth URL with your app/client ID and the scopes you require. Include the "email" scope.
Google will walk the user through login the and (if the first time through) authorisation dialogues
Eventually the browser will redirect back to your oauthcallback url, and pass you an auth code
Call google to convert the auth code to a refresh token. This will also return the user's google ID and an access token.
Store the user ID in your session so you can identify the user subsequently
Persist the refresh token alongside the google user id in a database
On subsequent visits...
If you have the google user id in the your session, you can retrieve the refresh token from your database and use it to generate access tokens as you need them.
If you do NOT have the google user id in your session, go through the steps above. This time, google will NOT prompt the user for authorisation (since it's already authorised), and the refresh token will be blank (since you already have one stored).
Everything you need to know is within the oauth playground page. If you click through the buttons, you will see that it is following the steps I outlined above.
You then need to deal with the possible error situations, eg
user declines permission
user withdraws permission
google expired the refresh token (happens a lot) so you need to re-auth
timeouts
I'm trying to automate a data pull from MY company page on linked in via the API. This will be a server side job with no user intervention.
I have credentials to log into linkedin and a REST API Application with keys as per:
https://developer.linkedin.com/documents/quick-start-guide
I want to be able to pull the contents of my wall nightly to aggregate it to my social media site.
Is there a way to obtain and store the Oauth token server side and not require or fake the client session piece?
Thanks!
Yes you can, but a token can expire so you need renew it when needed.
Here is an example: https://github.com/EJTH/SLinkedIn/blob/master/examples/reusing-tokens.php
If you run a cron then dont authorize, but handle exceptions to reset the token and force the user to renew it on the next login.
I don't believe there is because LinkedIn doesn't allow it.
I've run into the same problem and it seems there may be a way to keep it open longer, but it looks like LinkedIn explicitly bans automated actions in their terms of service. Simply put, I don't believe any automated action can be initiated except by a member.
This gets into more detail on their stance on automated requests:
I've been searching for an answer on Google documentations and stackoverflow also, but i did not find answer.
I planned to create application (PHP) which uses google account (ex. admin#domain.com) to store templates of documents. When someone log in to the application using his own credentials (ex. user#domain.com) he can fulfill some form, then PHP application logs into own Google account and store it with data provided by user in new document with template look.
I don't want to redirect user to google and return to application with some token(s). I would like application make some login process in "silent mode" - invisible for user, no redirects.
Simple scheme:
User fulfill form --(sending data to app)--> App logs into own google account (admin#domain.com) --> Get template document --> Fulfill with user's data from form --> save as copy on Google Drive
Can somebody tell me if it is possible?
You should look into the Google Drive SDK.
You will need to rely on tokens (that's how OAuth works and Google Drive uses OAuth 2.0 for authentication). However, you can tackle the problem of "automatic login" by doing something as follows:
For a new user, ask them to provide authorization in a popup window (more details on that here). This is essential because they need to approve permissions and such before you can authorize them.
On successful login, a long-lived token will be returned. Save this token in a database associated with the user.
For all subsequent logins and requests, you can request new access tokens without having to ask the user for permission.
This link talks more about requesting new access tokens once the user has already gone through the initial authorization phase.
Additionally, this link has several examples of login scenarios (client-side apps, server-side apps, etc.) that will help steer you in the right direction.
I am looking to see how we can allow a user to connect with their Google Analytic's User ID and connect with our app and we can get the information from their account.
I am looking forward to some articles or any library thats build around the same.
I will be using PHP and MySQL. Do you suggest any other Database than MySQL ?
You can start with a database to keep things simple and since you are not looking to store too much of historical data. The link below should get you started with all the required libraries and documentation.
https://developers.google.com/analytics/devguides/reporting/core/v2/gdataAuthentication
Go for the web client based authentication model rather than the service account model.
This will cause the api to redirect your user to google authorization page and your app will be given privileges to user account.
Make sure you save the refresh token when it redirects back to you app.
Please note that the refresh token only get sent for the very first time you app asks for permission and not after that.
I am trying to better understand the work-flow of the Twitter Oauth implementation. Currently, using Oauth to provide the user the ability to login to my site via Twitter, I can achieve the following:
Authorize my application via their Twitter account
get their oauth tokeh, oauth secret, and userid
store their token/secret/id in a MySQL table for future calls.
The part I'm having trouble with is understanding exactly how I can go about re-verifying the user with the saved token/secret/id instead of re-authorizing that user every time they choose to visit my site.
If I'm not mistaken, every time the user visits my site, they request a new token/key which invalidates the previous token/key. How do I allow them to log in again without the need to change these values in my table.
I understand that this could likely be class-specific, but I am looking for more of a step-by-step explanation of the process.
I can solve this easily with $_SESSION vars and cookies, but it seems like there should be a much simpler way.
Use authenticate API endpoint instead of authorize