I want to log in my website by using google account, now i can use google account to log in(by OpenID), but i don't know how to get user account and information in google?
Just like below link(which is provided by google)
http://googlecodesamples.com/hybrid/
This link can log in by user's google account, and list all the documents in user's google doc, so i guess by using OAuth can let me get user's account(such as example#gmail.com) and get relative information, but i don't know how to do?
PS. I use php to write my website
I can't code the whole thing for you, but I'll try and give you a general outline of how it's done.
Sample Request URL:
https://www.google.com/accounts/o8/id
?openid.ns=http://specs.openid.net/auth/2.0
&openid.ns.pape=http://specs.openid.net/extensions/pape/1.0
&openid.ns.max_auth_age=300
&openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select
&openid.identity=http://specs.openid.net/auth/2.0/identifier_select
&openid.return_to=http://www.example.com/checkauth
&openid.realm=http://www.example.com/
&openid.assoc_handle=ABSmpf6DNMw
&openid.mode=checkid_setup
&openid.ui.ns=http://specs.openid.net/extensions/ui/1.0
&openid.ui.mode=popup
&openid.ui.icon=true
&openid.ns.ax=http://openid.net/srv/ax/1.0
&openid.ax.mode=fetch_request
&openid.ax.type.email=http://axschema.org/contact/email
&openid.ax.type.language=http://axschema.org/pref/language
&openid.ax.required=email,language
Then, you should receive this response URL as a redirect that you need to intercept:
http://www.example.com/checkauth
?openid.ns=http://specs.openid.net/auth/2.0
&openid.mode=id_res
&openid.op_endpoint=https://www.google.com/accounts/o8/ud
&openid.response_nonce=2008-09-18T04:14:41Zt6shNlcz-MBdaw
&openid.return_to=http://www.example.com:8080/checkauth
&openid.assoc_handle=ABSmpf6DNMw
&openid.signed=op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
&openid.sig=s/gfiWSVLBQcmkjvsKvbIShczH2NOisjzBLZOsfizkI= &openid.identity=https://www.google.com/accounts/o8/id/id=ACyQatixLeLODscWvwqsCXWQ2sa3RRaBhaKTkcsvUElI6tNHIQ1_egX_wt1x3fAY983DpW4UQV_U
&openid.claimed_id=https://www.google.com/accounts/o8/id/id=ACyQatixLeLODscWvwqsCXWQ2sa3RRaBhaKTkcsvUElI6tNHIQ1_egX_wt1x3fAY983DpW4UQV_U
Once you get that URL, you all set! Hope this helps.
You may want to use already existing authentication solution, rather than reinvent wheel:-)
Since you are not specifying what server scripting language you are using, e.g. for PHP take a look at:
http://opauth.org/
It's pretty easy implementation and supports not only google account but many others.
It also pulls out some of account information you are interested in.
... or google for something like "openID authentication framework" or "oauth framework":-)
Related
Okay, So I have a client that wants their wordpress site to only require user to use their email to login. They instead want the site read through a google spreadsheet of all the users. Then if the users email is found in the spreadsheet it allows the user to login.
Before people start screaming, I know its extremely bad from a security stand point, we've told them this. They don't care.
So my question is, has anyone one done this or something similar in the past. How did you do it.
And how would say is the best way to go about doing this. So far I have thought of a few ways to do it.
Secretly embed the doc on a hidden web page then access it.
Some how just access it using APIs
Maybe using google forms as the email entry, and some how use that to search the google docs.
Any ideas or helps, is appreciated greatly. Thank you.
Logging in via an email address is easy, there are already plugins to do it. https://wordpress.org/plugins/wp-email-login/
There is also a plugin for external authentication. Don't know if it does it from a spreadsheet, though you may have a way to sync the spreadsheet to an external DB (via an API perhaps):
https://wordpress.org/plugins/external-db-auth-reloaded/
Would you need the logged in user to have any user-specific account info? Could you get by with allowing each logged in user to essentially be using the same single account in WordPress?
I could see a solution where you hook into wp_authenticate() https://codex.wordpress.org/Plugin_API/Action_Reference/wp_authenticate
And in your hook function call, run out to Google Spreadsheet via their API and see if that email address is found in the list. If so, log them into WP using a preset, single account that's meant to be used for all such users.
Here's some basic info for reading from a Google Sheet via their API:
https://developers.google.com/sheets/samples/reading
For a project I am working on, I think having the functionality to sign in with facebook/ twitter would be beneficial.
I have some design theory to iron out.
When the user first logs into the website using either twitter or facebook, I'll get their email and other relevant information and store it in the database where a normal signed up user would be stored.
When they return, they would log in with twitter/ fb again and it would locate the information in the database and not add it again.
If anyone tried to sign up with the email address provided by either of these services, an email would be sent to the email address to confirm it is them and then they could generate just a password to allow them to log in with information already stored.
I could they link other data on the website to the userid I have stored for them throughout the entire process.
So my query would be whether this is the correct way to go about this?
How have others used these types of login api's and then binded them to on site data?
I believe this to be a reasonable question but if I have placed it in the wrong section, please feel free to move it!
Thanks.
well, everything should be written here http://developers.facebook.com/ also try using php sdk for facebook api, for twitter here https://dev.twitter.com/
Create an app in both fb and twitter, take the access token and access token secret
You should download all the files necessary and then configure them as is written in manual, if you will have trouble connecting to them write me a message to my mail(jurijs.nesterovs#inbox.lv) i'll try to help
Have done that before myself for my site. It was Fb/Twitter/Google. I bet thats the best thing to do. Google's API is the easiest out of these 3. Twitter was hard for me since I dont use OOP and all the libraries out there was OOP.
And about your design, my site was made not to not allow the user to join with the same email again. If they have joined using Facebook with an email, when they try to join using twitter with the same email, I would tell the user that they are already registered using Facebook.
I am trying to get a list of all Google Apps users of a domain onto a public PHP website (without visitors of the site needing to login or do anything). I have a basic understanding of what needs to happen but can't quite piece it all together. It can't be as hard as it seems to me... could it?
Authentication and Authorization:
I'm pretty sure it needs to use OAuth 2.0 ... but am unsure whether it needs 2 legged or 3 legged. I got another section of the site working with ClientLogin but that won't pull in Google Apps profiles, only user's first and last names (I need the other profile fields). I have set up the API access within the account and have that side of things all set (I believe).
I have found this page, which shows how to construct a URL request to get all Profiles (in every language except PHP of course) but don't understand how to implement this.
http://code.google.com/googleapps/domain/profiles/developers_guide.html
I also tried this example but it just gives me a 401 after I enter the credentials. http://gdatatips.blogspot.com/2008/11/2-legged-oauth-in-php.html
I don't know which frameworks or includes are needed to accomplish this either. I have tried zend, OAuth.php and a whole bunch of other bootstraps... but keep getting lost as to what each is doing.
If someone could help me by outlining:
Which files/framework I need to upload and include as a bootstrap
What variables within those files I need to update with the Google credentials
How I integrate the Google Profiles "Retrieve all Profiles" request with PHP
An ELI5 (explain it like i'm 5) overview would be very much appreciated... I'm sorry for my apparent incompetence, but I have been reading articles for nearly a week and have not gotten anywhere.
Thank you in advance for any help provided.
Good question.
You'll need to implement the Google OAuth 2.0 process as it's described here (experimental?), because someone (you) will need to give your app the initial permissions to access Google Apps API. Steps are:
Register your domain with google (don't remember the link)
Redirect/send browser to an authentication url: https://accounts.google.com/o/oauth2/auth, with the appropriate request params (see the first link). You'll need access_type=offline, your scope would be https://apps-apis.google.com/a/feeds/user/
Get a code back, then exchange for a refresh_token, an access_token, and a value specifying when the access_token will expire. Store these in a database
Whenever you need to make an API call, check if your access_token has expired or not, and refresh when necessary, which is what the refresh_token is for. The refresh_token is valid as long as you don't revoke the access you gave to the app.
OAuth Playground helps a lot. Good luck.
I am curious to know how to authenticate the user with twitter and after successful login, i need the email of the user... how can it be done?
Heard that twitter does not support openid.... any alternate solution ?
Just to update this issue, it is now possible (from April 2015).
You can send a support ticket to Twitter to whitelist your app to make it possible to ask for an email. Then, after an user connects their account, you need to make a GET request to verify credentials with the "include_email" option set to true.
It is explained in more detail in the second link.
Check out this article and try this search.
Twitter supports OAuth, and I am myself having trouble with it (I am writing a Python script app). A switch to xAuth is possible.
"Mobile and desktop applications are also given the opportunity to use xAuth, a means to exchange a login & password for an access token. To use xAuth, send a request to api#twitter.com with plenty of details about your application and why xAuth is the best choice for it." - http://dev.twitter.com/pages/auth
Late answer, but I hope it will help someone.
There is no way to obtain the email from the API.
See the doc there : Twitter doc
Other post relating that : SO post
The link provided in tarantinofan's answer is quite old, but the principles are there, as an explanation on how OAuth works.
Twitter API cannot provide Email address so you cannot get it from twitter API
(See Doc of twitter api)
you can get it from user after log in or try another way
I was reading some stuff about the YQL api that Yahoo! has provided, I am not sure, but it appears to be a collection of lots of third party api into one common language, right?
what I don't get is how to make the facebook login through it so I can get the user profile data...
My project is to add a facebook(and other social networks) form login, because the website won't have his own login, people will have to use a social network to link in. Then I thought the YQL would help me out with this task so I wouldn't have to develop lots of functions to each one of the networks.
Reading this http://developer.yahoo.com/yql/guide/yql-code-examples.html#sdk_yql, I understood how to make a Yahoo login so I can access some private data, but couldn't find how I could do it with facebook and others
So my question... Can YQL help me with this? Can you give me a simple example of a facebook session using it within PHP? Are there alternatives to aid me in this task?
thanks,
Jonathan
Yes , using YQL you will be able to do this task .. you can look at this demo http://demo.tutorialzine.com/2010/05/showing-facebook-twitter-rss-stats-jquery-yql/demo.html. Also if you are going to only use Facebook authentication , then there is no need for YQL you can do it using http://developers.facebook.com/docs/authentication/
I highly doubt that YQL has an API that gives a free hand with facebook login. You have to consider how a login works. You send POST data to a web server containing client-side password hashes and encryptions, as well as other kinds of identification. YQL has no way to "standardize" logins - it would have to make a new API for every popular web site.