I am currently developing a server side web application which needs to upload a video present on the server to multiple YouTube channel. I have credentials of these accounts and have full access to them. I have read the documentation and in every flow user interaction is required. I want the complete authentication to happen at server side. Is this possible? If yes, how?
Its not possible to do it without a one time user interaction, (which does not need to be part of your app). Service accounts don't work with YouTube API.
What you can do and what I have done in the past is authenticate your code once save the refresh token someplace. Then when you want to access it in your server sided script you use the refresh token to get a new access token and you have access. Drawback is keeping track of the refresh tokens and sometimes they stop working and you have to re-authenticate them again.
Related
The company that I work for has some small android applications running that communicate with their ERP software lately they requested to authenticate users and have sessions for safety reasons
Instead of integrating the autheticate and session code into every app (6) I want to build an Android app that acts like a dashboard. The app will authenticate the user, create a session and show the available apps on the device that the user can access with their user role.
The problem is I need the know which app requires which user role
I don't want to store this information in the dashboard app sinds that will require me to update the dashboard app each time i create or change an app
I was thinking or using an Content provider but that seems to be a lot of work and redundant since it has to be integrated into every app that I have (6)
So my question, is there a way to get data from apps that can easily be implemented. The data isn't big (only one Integer)
thanks in advance.
I have a java client (Standalone app) that is using the Firebase Admin SDK, because I need to read values from the Realtime database whenever a value is changed. (A ValueChange listener is being used).
Currently I'm including the service-account.json in the app. Even if I set the roles to Viewer, using this service-account.json, I can create accounts usingFirebaseAuth.createCustomTokenAsync, which is something I dont want.
Is there a way to make a service-account with Realtime-database read only?
I know I can use setDatabaseAuthVariableOverride to "limit", but if someone extracts my service-account.json from the app/jar, they have the power to do everything..
I'm not using node.js, just Java with spring. And js firebase is a no, because I need to receive updates even without a web page.
Never distribute service accounts to end users. They should only go to trusted parties.
There is currently no fine-grained way to control access to Realtime Database via service accounts. Access control is performed via Firebase Authentication client libraries, which are not available for non-Android Java clients.
I've made a simple mailing app that takes in email credentials and uses it to send emails of certain kinds to selected addresses. Problem is, I've had to input the credentials right into the code, so anyone who uses dex2jar can get the source code and get the email used for forwarding and easily make the app obsolete.
I imagine I'm not the only one facing this issue, so what are some ways to make my code secure?
No matter how good of a technique you use to hide the credentials, if it's in the code then it can always be found.
Instead of hard coding them in, you could perhaps let the user specify them when he starts the app? If that can't be avoided you could instead have a remote service that will do the sending and forward your request to that.
You can not both connect to an e-mail account and keep those same users out of said e-mail account. Consider using a hosted server as part of the project to securely connect to the e-mail account from the server level and process these e-mails remotely.
I am using Google Drive API's using JAVA for getting drive files, i want to create a background job which will fetch the google drive files
without any user interaction (eg asking for user to explicity Authorize).
In the example given below by google, after running this java program we need to explicitly hit URL in browser & click on Authorize
for full execution of the program.
https://developers.google.com/drive/v3/web/quickstart/java
Using the Service Account I am able to fetch the google drive contents without any kind of user action (eg click on allow to authorize).
I want to acheive the same flow for individual user accounts, I have the list of emailid and passowords for google accounts.
Other than service accounts, is there any method so that i connect to the authorization url in background using HTTPPost request and
fetch the file list.
I don't think there's another way of doing this aside from Service Accounts which you are currently using. You can try to use the Google Playground but this is for testing purposes only and not for production.
I'm developing a game in Java and I need need store and get data from mysql database.
Currently I have login credentials saved in my Java app source codes and I'm using some library for the communication. But I think that this is a really unsecured way cause of credentials saved in the Java file.
I was wondering what if I do it through some server side PHP scripts which would just get some information and do what is necessary. But again somebody can get that link and do some evil.
I also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it. But I see one problem, what if I'll need get some information from another user?
So I was wondering what is the best way to keep it simple and secured?
Define a set of services (RESTful will be good) in server side (through PHP or Java or another programming language) that communicates with the datasource (MySQL or another). Then, from your client, consume these services. Now, you can assure the client and server points for communication like authentication and authorization to consume the services, you can use OAuth for this.
also thought about creating a new database and mysql user for each user registered. So there would be central database where would be just informations for game and it would be read only. So no security problems. And user informations would be saved in his own database and only he would have login for it
This is a no go. Since it's a game, you will have to maintain a single database per user. It's highly costly and you will have more problems than just retrieving the data from another user.