All about OAuth2 APIs from Google
See all
Members (204)
Naveen Agarwal's profile photo
100001091057100001 1's profile photo
a k'wala's profile photo
Don Archer's profile photo
DeWitt Clinton's profile photo
Arvind kumar verma's profile photo
Agim Ramqaj's profile photo
Calin Ciprian Lupa's profile photo
AJAYAKUMAR K's profile photo
Daniel Dulitz's profile photo
Alexsandro Almeida's profile photo
Allen Porter's profile photo
amir hosein masaeli's profile photo
Breno de Medeiros's profile photo
Dmitry Tretyakov's profile photo
Bilel Boudabous's profile photo
Andreas Sawir's profile photo
Andrew Hughes's profile photo
Andrew Wansley's profile photo
Dirk Balfanz's profile photo
Augusto Sabaote's profile photo
Cristian Conti's profile photo
ANTON Miranda's profile photo
Arumugam N's profile photo

Stream

Join this community to post or comment

Cristian Conti

Discussion  - 
 
I'm still struggling with Google Oauth and javascript. Maybe i'm too noob for this and maybe i haven't completely understood how oauth2 works. I'm searching some working scripts to study, something like authorize me to my google drive and let me upload a file.
1
Linda Lawton's profile photo
 
start with this.   https://developers.google.com/api-client-library/javascript/features/authentication  get that working first.  Then move on to drive. 
Add a comment...

Lim H.

Discussion  - 
1
Linda Lawton's profile photoLim H.'s profile photo
5 comments
Lim H.
+
1
2
1
 
Thanks +Linda Lawton I deleted the question. I will look into it later and write a better question. I was in a hurry so I did a quick null check when things come back for now. Thanks anyway
Add a comment...
 
I think I found a bug in Google's representation of certificates, see the Stackoverflow post. If this is indeed a violation of the relevant specifications, how can I get Google to change the certificates?
1
Add a comment...
1
Gerome Laffineur's profile photoLinda Lawton's profile photo
7 comments
 
remember to except your own answer on stack.  
Add a comment...

Linda Lawton

Discussion  - 
 
Re-sharing this here it may help someone understand how service accounts work. 
 
Why does everything think that because they created a service account in Developers console that the service account is them?

The Service account isn't you, its its own entity identified by the service account email.

1.   People.get('me') is not going to return you.
2.   Files.List Google Drive is not going to list the files on your Google drive, unless you share files with it (the Service account).  
3.  It will not have access to your Google Analytics data unless you give it access at the account level in your Google Analytics.   

I hope this helps.


#Oauth   #googledevelopers   #serviceaccount   #GDE  
View original post
1
Doron Goldberg's profile photoLinda Lawton's profile photo
4 comments
 
Lets take this to hangout think it will be easier.
Add a comment...

Naveen Agarwal
owner

Discussion  - 
 
Worth reading John's post if you heard any story related to OpenID and OAuth security vulnerability.
 
Covert Redirect and it's real impact on OAuth and OpenID Connect
A Ph.D Student in Mathematics by the name of Wang Jing discovered and publicized Open Redirectors at Relying party websites this morning . This was picked up by C-Net and other media outlets interrupting my morning workout and generally disrupting my day wi...
5 comments on original post
1
Add a comment...

Linda Lawton

Discussion  - 
 
 
Google really wants you to use Oauth for your apps. Looks like they are going to start forcing the issue. #googledevelopers #oauth #oauth2 
View original post
1
Add a comment...
 
Hello,
Is there a way to know if Google+ Hangouts is on for a Google Apps account/domain and if Google+ Premium features is activated for the domain?

Our product makes an extensive use of Hangouts video calls, and most of our users are students. When they use their schools' Google Apps (for Education) account, Hangouts can be disabled or restricted to their domain.

We'd like to detect this earlier to tell them to use a regular Google account. Currently, we warn every user of Google Apps.
1
Add a comment...
1
Add a comment...

Zuhair Hussain

Discussion  - 
1
Linda Lawton's profile photo
 
I dont think you can get it for a user.  https://developers.google.com/+/domains/ is not the same as  https://developers.google.com/+/api/latest/
Add a comment...

Linda Lawton

Discussion  - 
 
 
Look what i just found.   Things are going to become interesting on May 5th I bet.      Tempted to stay clear of Stack Over Flow that week or spend the week on it harvesting the points.  

*Important: OAuth 1.0 is no longer supported and will be disabled on May 5, 2015. If your application uses OAuth 1.0, you must migrate to OAuth 2.0 or your application will cease functioning.*

+Google Developers  #GoogleOauth   #oauth1   #oauth2  
View original post
1
Add a comment...

Linda Lawton

Discussion  - 
 
If you have a user that is authenticated.  then there Google account gets suspended.      How can we test for this?
1
Breno de Medeiros's profile photo
 
When the user account is suspended they will not be able to obtain an authenticated session w/ Google and the app's token requests will fail. The only way supported to test this is to register a Google Apps domain, create accounts on it for test purposes, and then use the administrative panel to disable the accounts.
Add a comment...

Robert Johnson

Discussion  - 
 
I am having trouble finding an article (preferably a video) on how to implement Google+ Sign-In on a site I am creating. I am a complete newb with Oauth2 and I can't seem to find something from the beginning to end.
1
Linda Lawton's profile photoRobert Johnson's profile photo
2 comments
 
PHP. 
Add a comment...

Owen Mortensen

Discussion  - 
 
Where, in the Google+ website, do I cancel or change my token for a website? (Not the API)
1
Add a comment...

Linda Lawton

Discussion  - 
 
Has anyone else noticed that the Authentication server seams to be responding a little slower the last few weeks then normal?   #GoogleOAuth   #googleAuthentication   #oauth2   #googleanalytics
1
Karl Stubsjoen's profile photo
 
I have not.  Although I'm new, so not sure what to expect.
Add a comment...

Victor Cociu

Discussion  - 
 
Hello, 
how to make an SignOut function for Windows 8 Store app? 

"By default, StorageDataStore is used to store the access token and the refresh token."
1
Add a comment...

Naveen Agarwal
owner

Discussion  - 
1
1
Nat Sakimura's profile photo
 
It would have been nicer if John could mention that in OpenID Connect, the mitigation is required in the main spec instead of being mentioned in the security consideration. It is much stronger statement than in the case of OAuth 2.0. 
Add a comment...

Karl Stubsjoen

Discussion  - 
 
Confused and lost!  I am implementing my own code in C# to call Picasa API for things like:  listing albums, listing photo's in albums, creating albums, uploading photos, etc... 

I only want to access my own Picasa, so do not need permissions to any one else's Picasa so want to avoid any web authentication screen (not needed)

Which OAuth technique do I use?  Its sounds like I should use Server to Server??  I want to generate application ID and secret key and pass this as a header but I can't find this implementation.

Please help.  I'm confused and about to throw in the towel.  
1
Add a comment...

Jim Black

Discussion  - 
 
Is this at all possible.  Thanks for any answers.

We want to connect to an Apps domain with a Service Assertion, and then validate the username and password of one of our users.

This is built into the OAuth 2 spec as a Resource Owner Password Credentials Grant ( http://tools.ietf.org/html/rfc6749#section-4.3 ).

We are trying to setup an openldap server to serve as an ldap authentication source for various local services, and we need to be able to use this authentication process.
[Docs] [txt|pdf] [draft-ietf-oauth-v2] [Diff1] [Diff2] [Errata] PROPOSED STANDARD Errata Exist Internet Engineering Task Force (IETF) D. Hardt, Ed. Request for Comments: 6749 Microsoft Obsoletes: 5849 October 2012 Category: Standards Track ISSN: 2070-1721 The OAuth 2.0 Authorization Framework ...
1
Naveen Agarwal's profile photoJim Black's profile photo
2 comments
 
Ok, here's what we're trying to do.

We do a service account Credential Assertion with something like the google plus.login scope.
Then we do an authenticated request to 'https://accounts.google.com/o/oauth2/token' with the grant_type of 'password', the users email address, and their password.

We would like to know if the password grant_type is available on any scope at google where the client is authenticated with the service credentials instead of a client_id and client_password, and where there is no redirect_uri.
Add a comment...
 
Hi there,

I have hit an issue with Google+ upgrade via OAuth2 and multiple sign-in.
You can find a complete description of the problem in this StackOverflow question. Can someone help?

If this Community is not the best place to ask, where should I go?

Thank you
2
Breno de Medeiros's profile photoGrégoire Clermont's profile photo
2 comments
 
Hi +Breno de Medeiros, have you had to look into the issue? Can I provide more informations? The problem seems still present.
Add a comment...