I'm modifying a Wordpress plugin to allow users to upload videos to Youtube through a form. (Plugins like this already exist, but I'm doing this for a client who has specific requirements.) These videos will be uploaded to a Youtube account that belongs to my client.
Reading through the Youtube API and the Google API, OAuth is the preferred method of authenticating to Google's servers to use their API. However, all of the examples that I've seen require a user to authorize the connection from the OAuth client to the OAuth server, similar to the way OpenID asks users to sign into an account.
I would like to avoid this, if possible; I don't want site visitors uploading videos to their own account through the Wordpress plugin. Even if they aren't able to choose the account, I also don't want them to have to authorize the client access. Basically, I want to skip the verification phase because I know that I have permission.
From what I've been reading, 2-legged OAuth allows an application to authenticate against another application without any extra verification step, which is what I want. However, uploading a video requires logging into a user account, as it is not an anonymous function (like getting a list of the most recent videos uploaded).
Can 2-legged OAuth do the things I want (single-user authentication, without specifying a UID/pass, and no account confirmation) or am I limited to 3-legged OAuth?
Related
I have a system I use to publish my videos according to a schedule, as well as manage the video data (tags, descriptions etc).
This system uses the PHP client library to access my YouTube account via a service account. My YouTube account is an old account (pre google buying youtube) and is hung onto the side of my main google account, thus accessing it requires impersonating it, since my main account has no videos.
I managed to work out how to do this (See: Granting permanent access for youtube account through Youtube API) after a lot of reading and testing and stumbling around.
Now, this has stopped working. Attempting to authenticate with the impersonate address included yields an unauthorized_client error. Not including it works, but like I said, doesn't return any videos.
I've read things suggesting I now need to give access to this account.
In console.developers.google.com/permissions/serviceaccounts I've added it to the permissions as an owner and Service Account Actor, but this has done nothing. I have also enabled Google Apps Domain Wide Delegation for no result.
Other documentation suggests I need to enter the Admin Console at admin.google.com to authorize the account, but I cannot access this page since it apparently requires a Google For Work account which I don't have and don't know how to get.
I'm at a loss for what I need to do to grant my account access to my own account.
Here is a paste of my auth code (with sensitive data removed of course): http://pastebin.com/RCdY8mX6
I know the question is Kinda Silly but i want to know what exactly is oauth and how does it work with facebook,twitter etc.
And also if i want to implement it for my website like creating a login from my website button how can i do it
Definition
According to Wikipedia:
OAuth is an open standard to authorization.OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
So OAuth is commonly used as a way for web surfers to log into third party web sites using their Google, Facebook or Twitter accounts.
Working Example
Lets say you have a Gmail Account. You decide to sign up for LinkedIn.Adding your friends manually can be sketchy and painful. You might get fed up half-way. So you might be tempted not to create an the LinkedIn account after all.
LinkedIn got a nice idea and wrote a program to let the computer fetch all the data from your Gmail Account.
Without an API for exchanging this list of contacts, you may have to comprimise your email account to LinkedIn so here is where OAuth takes charge. If your Gmail supports the OAuth protocol, then LinkedIn can ask you to authorize them to access your GMail list of contacts.
References :
1)http://en.wikipedia.org/wiki/OAuth
2)https://blog.apigee.com/detail/when_to_use_oauth
Scenario:
Someone comes to my website and they see a file select field. They select the file and upload the file to MY Google Drive account.
Problem:
In looking at the Google Drive SDK docs I see that it uses OAuth for authentication, but I don't need to authenticate the user because they are uploading to MY Google Drive account. I'm aware that I need to register my application with Google, etc. but I'd like to know if I can upload without authorizing the user with OAuth the typical way (sending offsite or modal window to validate w/ redirect URL).
Is this possible to do? I'm using PHP.
You have two options:-
Use a Service Account. The files will be uploaded to the account of the Service Account
Use a regular Google account. For this option, you (as the account owner) will need to do a one-off auth to get a refresh token, which you will store. You can then use this any time to generate the access token needed to invoke the actual Drive API. You can generate the refresh token using the Oauth Playground, so no need to write any code.
See How do I authorise an app (web or installed) without user intervention? (canonical ?)
I have recently implemented the SSO functionality for a Google Apps Marketplace app we are developing. In simple words: it provides a way to retrieve the Google Apps' user's email and log him in in your website, without the need of authorization on his end. You just need the consumer key and consumer secret, provided by Google to the app during installation on your domain (the installing user also authorizes (a one time action) any other permissions you request in the Manifest file).
Now I have somehow managed to get the SSO user login working using JanRain's OpenID PHP library and adding Google Apps as provider using the PHP Extensions for Google Apps OpenID Discovery.
However, after logging in, I need to implement a functionality that will retrieve all users in a given Google Apps domain. I've already did that using oAuth2 authentication and the following Directory API. However, this requires the existense of a consumer key, consumer secret and a redirect URL (that must be registered in the Google API console).
Is there a way to remove this convenience and instead allow our users to directly be able to get their Google Apps domain's users, using the existing SSO authentication we made in the background while logging him in? Otherwise, it will be too much hassle for the user to register the app at the Google API console, enter the correct redirect URL and set it up in our website and then he will be able to get his domain's users.
Regular users cannot use the Directory API, you'll need to authenticate as an admin user to make Directory API calls.
Depending on your needs though for accessing all users, you may be able to get by with requesting access to the user's Contacts scope and grabbing a copy of the full Global Address List which contains information on all non-hidden domain users as well as non-hidden groups and shared contacts.
I'm writing an iPhone app which works against my own server.
Basically, it's a forum where users can post. I don't want users to sign-in for an account on my server but I rather prefer them to login using any existing account they have: Facebook, Linkedin, Foursquare, etc.
So from the app itself, I want them to be able to login using their existing account which will then allow them to post on the forum.
My question is that: when a user is posting a message, how can I verify whether or not he is logged in with any service? I need to validate it both on the client and server side. I plan on writing the server side using PHP.
Thanks
See this question for a similar discussion (just limited to Facebook sign on). Here's a high-level overview of what should happen (taken from that discussion I linked to):
User opens the app on the phone. Chooses a service with which to authenticate.
Authenticates via one the available services (Facebook, Twitter, foursquare, etc.) and gets some special access token.
Your app takes the token and sends it to your server.
Your server receives the token and validates it. It checks it against the service's API and (at least for Facebook and Twitter) get the corresponding user ID.
Assuming a valid ID, your server checks if user ID has already been used by some user. If so, it logs them in. If the user ID hasn't been created, your server creates its own user record associated with that user ID and logs the user in. In either case, the user ends up logged in and your server issues a session key to your app.
The session key is used for all further communication between your app and your server until the user logs out.
On the phone, you're going to want some OAuth library to allow users to authenticate with another service. You'll probably want to use the Facebook iOS SDK to allow them to use Facebook and use one of the suggested OAuth libraries here for your other authentication services. I have only used the Facebook SDK, so I can't speak as to the general OAuth libraries.
Once logged in, the phone should not store the access token, only the session key.
Assuming that users can use more than one service to access their account, you will also want some way of connecting two services to the same user (probably by email address).
It's up to you to decide how your app and your server communicate. I'd go for a JSON+REST API for communications with the server.
Another option to get your users to login using multiple services is Socialize (www.getsocialize.com). It's an open source SDK that manages your users and authentication so you don't have to implement all the steps that cbrauchli has outlined above.
I was exploring if better/easy to use/implement options exist in 2020 using third party libraries to allow login with social accounts. And found two options:
AuthorizeMe - https://github.com/rubygarage/authorize-me & https://rubygarage.org/blog/authorizeme-ios-libary
Auth0 - https://auth0.com/learn/social-login/ & https://auth0.com/blog/using-centralized-login-to-add-authentication-to-your-ios-apps/
AuthorizeMe supports:
Facebook
Twitter
Google
Instagram
LinkedIn
plus custom providers
Auth0 supports:
Facebook
Twitter
Google
Microsoft (Windows Live)
Yahoo
Instagram
Amazon
LinkedIn
Github
PayPal
vKontakte
Yandex
Box
Baidu
Ren Ren (Xiaonei)
Weibo
Shopify
Wordpress
Yammer
SoundCloud
and custom providers as well
Disclaimer: I am not affiliated with Auth0 or AuthorizeMe.