I want to create an application that will download all my photos in Google Photos. I thought it should be easy with the API available.
This should be an CLI application that will run periodically from cron.
But when I looked at the Google Photos API, they use OAuth2.
The sample shows the usage of FixedCredentials:
PhotosLibrarySettings settings =
PhotosLibrarySettings.newBuilder()
.setCredentialsProvider(
FixedCredentialsProvider.create(/* Add credentials here. */))
.build();
The problem is the part where the /* Add credentials here. */ is. How can I provide my user credentials there? There are numerous classes that implement Credentials but none of them look like ones that would allow me to automate retrieval in a CLI application.
The only thing I get from Google is the client_id and client_token for my app, but how to turn that into an access/refresh token so I can use it without my interaction?
I really hope I don't need to launch a web browser to download my photos.
The Google Photos Library API only accepts OAuth User Credentials. This means that users are required to complete the Google OAuth Flow, which means browser based Authorization.
Note: The Library API does not support service accounts. Your
application must use the other OAuth 2.0 flows available such as OAuth
2.0 for web server applications or OAuth 2.0 for mobile and desktop apps.
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses Google
Sign-In, some aspects of authorization are handled for you.
This links details these requirements:
Authentication and authorization scopes
Related
I have some web applications built with spring boot and react. Both react and spring boot servers run in their corresponding container.
I want to build oauth based single sign on (SSO) functionality for all these applications. For example, if user goes to any of applications and try to login, it should redirect to the same page providing OAuth based SSO functionality (may be using google OAuth or facebook OAuth). Logging in once should login across all apps (and possibly logging out once should log out across all apps).
What all I found regarding OAuth2 in official docs is this example. It creates an application which configures the Spring security to redirect to google login and once the login is successful, it redirects back to index.html specified in the same application.
However, I already have multiple applications which I want all to redirect to single webpage which contains button "Login with Google" (along with other options like login with facebook and username / password). Upon successful google authentication, I want it to redirect to corresponding application which initiated the login.
Q1. Is it possible with some simple redirects? If yes how?
I did not found any tutorial explaining how to achieve this. I came across only this tutorial which makes use of makes uses Keycloak Authorization server with spring boot to demonstrate login across two apps. But Keycloak is not the part of spring boot.
Q2. If answer to Q1 is no, then how can I achieve OAuth2 based SSO across multiple apps, with all of them redirecting to single login webpage and redirecting to corresponding app upon successful authentication? Can you please elaborate the process or point me to some tutorial?
Update: I came across another post which seem to explain the same but with now deprecated #EnableAuthorizationServer annotation.
The Federated Identity sample is one of the samples available for Spring Authorization Server. It demonstrates how to configure Google and GitHub (you can also configure Facebook and others in a similar way) as a 3rd party authentication or identity provider.
If you follow the instructions in the readme and run the messages-client (client) and messages-resource (resource server) in the samples directory, you can test out the entire flow.
So to answer your questions (hopefully simply):
Yes, using Spring Security OAuth2 client support and Spring Authorization Server as demonstrated in the samples mentioned above. If you're looking for examples of a javascript frontend, see this branch (specifically the angular-client sample) and this webinar for more info on single-page apps and Spring Authorization Server.
N/A
We have a Spring Boot web app which uses JWT based authentication/authorisation.
Now, we want to add OAuth2 support so that users can login using their Google account.
That would be easy to do using Spring Security.
However, the requirement is a bit different.
If the user wants to use the Google login functionality, he first needs to link their Google account. Basically login into our application using his/her credentials, and on their profile page link their Google account.
The flow would be something like the following:
Click the “Link Google account” button on user’s profile which redirects them to Google
In Google choose the account you want
Google returns with a code. After that, make a request to our backend, on an authenticated endpoint e.g. POST /users/{userId}/accounts which will receive the token returned by Google
In the backend, verify this token by making a request to Google
If all is good, link user’s account with Google by updating the db accordingly
My question is, for step 4, what is the best practice for that? How can I use all the stuff that Spring Security is offering to achieve this?
Thank you in advance,
You have the authorization code and you exchange for access token all over https and all in backend.
There is no need to validate access token ( I don’t think spring security even does this part for integration with google ) at your end.
This should be done by google when you request its resource.
I am looking for alternative ways to login to Odoo Web UI backend.
I have google around the internet for alternative ways to login to Odoo web backend.
I am looking on a Authentication Portal to login to all my odoo instance. I am using java as the programming language due to requirements of my project.
I am not allowed to use any social media login methods for this project.
Some of the things which I found:
To login via /web/login standard login page. (Does not fit my project requirement)
https://odoo_server_url/web/login?db=db_name&login=username&key=password (Already Removed in Odoo 10 due to its vulnerability)
Odoo XMLRPC (Only allowed access to Odoo Database only not Web UI level)
Odoo google OAuth2 Client that only have documentation on how it works with google account
Free REST API and Oauth2 modules which there are not much documentation on how they work.
Does anyone know of any other ways to login to odoo server web backend without using the /web/login login page?
Thanks in Advance.
Right now, no core feature is provided as an alternative to your requirement, but for the backend, some modules are available to auth using REST API.
Below is the link to access free modules for REST API.
https://www.odoo.com/apps/modules/browse?price=Free&search=rest+api
This module may help but you need to do some more customization to it:
https://www.odoo.com/apps/modules/11.0/smile_api_rest/
I am working on writing a private REST API with Play! that I will make calls to from a mobile application and I am confused about how to keep it secure.
When working through the Yet Another Blog Engine example in Play!'s documentation, I worked through their authentication example, and it deals with logging in through a browser. From what I understand about Play!'s Secure module, it helps with browser sessions. Additionally, every StackOverflow question I have seen has been involved with an administration module on the web and the questions have been pertaining to sessions as well.
Does the Play! framework have any built in mechanism to prevent session hijacking?
Enforce Https routing for login with play framework
My current understanding of how the security should work:
The mobile app "logs in" to the web app and obtains some kind of token
With each subsequent call the token is appended to the end of the API call
If the mobile user "logs out" or the token expires, the web app removes the token
Every API call uses HTTPS in order to maintain security
Is it possible for me to make an HTTP request from the mobile application to the web application I create using Play! Framework while keeping it secure?
Am I approaching the whole situation incorrectly?
This is the first Play! app I have created and this is the first time I have used Heroku. I am not too far in that I would be opposed to switching to something else if it were significantly easier/more efficient/better suited to solve this problem.
EDIT: Also, in Play!'s YABE tutorial, it seems like they check the password in plain text. Just from a general standpoint, how is that not a security issue?
EDIT 2: I have looked over OAuth provider information and it seems to solve the problem. My only apprehension with it is that v2.0 has known security flaws and v1.0 seems complicated to implement for a situation where all I need is a secure connection between a mobile app and a web app. If I were to make every call require SSL, could I make each Play method just take username and password as parameters and disregard OAuth completely?
Your example of having a mobile application authorize itself with a web application is achieved with an authorization framework like OAuth. This allows the web app to let the user login then issue an access token to the mobile app for making requests as that user, without the mobile app having to deal with the user's password.
Have a look at an OAuth provider module for Play. If you Google, you might find an OAuth client module for Play, but that's for the other side of OAuth, allowing your web app to authorize against a 3rd party provider. You'd then use an OAuth client library in your mobile app to deal with acquiring an access token.
It could even be a generic Java libary for OAuth - the Play 2.0 documentation for OAuth states that it hasn't provided an OAuth 2.0 module because it's simple enough not to even need a library. However there are a few Java libraries available.
Here's a project where somebody's put together some OAuth provider stuff with Play (referenced from this forum post):
https://github.com/mashup-fm/playframework-oauthprovider
Hello I am building a app and i am novice to api's and all. I want provide authenticate my users to access my web app via twitter am using servlets and mysql at the back end and jquery and javascript.
Twitter uses OAuth, not OpenID, and I believe what you are looking to do is called Sign in with Twitter, which is outlined here. In order to perform Sign in with Twitter you need to understand OAuth, and have an OAuth implementation you can utilize. A list of libraries that support OAuth is located here.