All about OAuth2 APIs from Google
See all
Members (163)
Naveen Agarwal's profile photo
100001091057100001 1's profile photo
ANTON Miranda's profile photo
Aaron Fisk's profile photo
Donia Alizandra Ruelas Acero's profile photo
Agim Ramqaj's profile photo
Ahmad Naim's profile photo
Dirk Balfanz's profile photo
DeWitt Clinton's profile photo
Carl Hipkiss's profile photo
David Primmer's profile photo
Andrew Hughes's profile photo
Andrew Wansley's profile photo
Andrew Young's profile photo
Gintautas Saulėnas's profile photo
Antonio Miranda's profile photo
Augusto Sabaote's profile photo
Chirag Shah's profile photo
Benjamin Wiley Sittler's profile photo
Bilel Boudabous's profile photo
Greg Berman's profile photo
Goethe  Johann Wolfgang von (蔡伊修)'s profile photo
Flavio Benini's profile photo
Fagen willis's profile photo

Stream

Join this community to post or comment

Lim H.

Discussion  - 
1
Linda Lawton's profile photoLim H.'s profile photo
5 comments
Lim H.
+
1
2
1
 
Thanks +Linda Lawton I deleted the question. I will look into it later and write a better question. I was in a hurry so I did a quick null check when things come back for now. Thanks anyway
Add a comment...
 
I think I found a bug in Google's representation of certificates, see the Stackoverflow post. If this is indeed a violation of the relevant specifications, how can I get Google to change the certificates?
1
Add a comment...

Robert Johnson

Discussion  - 
 
I am having trouble finding an article (preferably a video) on how to implement Google+ Sign-In on a site I am creating. I am a complete newb with Oauth2 and I can't seem to find something from the beginning to end.
1
Linda Lawton's profile photoRobert Johnson's profile photo
2 comments
 
PHP. 
Add a comment...

Owen Mortensen

Discussion  - 
 
Where, in the Google+ website, do I cancel or change my token for a website? (Not the API)
1
Add a comment...
 
Re-sharing this here it may help someone understand how service accounts work. 
 
Why does everything think that because they created a service account in Developers console that the service account is them?

The Service account isn't you, its its own entity identified by the service account email.

1.   People.get('me') is not going to return you.
2.   Files.List Google Drive is not going to list the files on your Google drive, unless you share files with it (the Service account).  
3.  It will not have access to your Google Analytics data unless you give it access at the account level in your Google Analytics.   

I hope this helps.


#Oauth   #googledevelopers   #serviceaccount   #GDE  
View original post
1
Doron Goldberg's profile photoLinda Lawton's profile photo
4 comments
 
Lets take this to hangout think it will be easier.
Add a comment...

Naveen Agarwal
owner

Discussion  - 
 
Worth reading John's post if you heard any story related to OpenID and OAuth security vulnerability.
 
Covert Redirect and it's real impact on OAuth and OpenID Connect
A Ph.D Student in Mathematics by the name of Wang Jing discovered and publicized Open Redirectors at Relying party websites this morning . This was picked up by C-Net and other media outlets interrupting my morning workout and generally disrupting my day wi...
5 comments on original post
1
Add a comment...

Linda Lawton

Discussion  - 
 
 
Google really wants you to use Oauth for your apps. Looks like they are going to start forcing the issue. #googledevelopers #oauth #oauth2 
View original post
1
Add a comment...
 
Hello,
Is there a way to know if Google+ Hangouts is on for a Google Apps account/domain and if Google+ Premium features is activated for the domain?

Our product makes an extensive use of Hangouts video calls, and most of our users are students. When they use their schools' Google Apps (for Education) account, Hangouts can be disabled or restricted to their domain.

We'd like to detect this earlier to tell them to use a regular Google account. Currently, we warn every user of Google Apps.
1
Add a comment...
1
Add a comment...
 
This little post shows how to connect to Google with Oauth2 without using DotNetOpenAuth or Google.Apis.Authentication dll's.   #Oauth2   #googleapis   #csharp  
In this post I will be showing you one way to connect to Google API using Oauth2,  in this case the Google Analytics API. You should be able to use this method to connect to the other Google Api's as well.  I am going to be d...
1
Add a comment...

Linda Lawton

Discussion  - 
 
 
Look what i just found.   Things are going to become interesting on May 5th I bet.      Tempted to stay clear of Stack Over Flow that week or spend the week on it harvesting the points.  

*Important: OAuth 1.0 is no longer supported and will be disabled on May 5, 2015. If your application uses OAuth 1.0, you must migrate to OAuth 2.0 or your application will cease functioning.*

+Google Developers  #GoogleOauth   #oauth1   #oauth2  
View original post
1
Add a comment...
 
Hi. I have a question related to Google OAuth2 service.
I noticed that Refresh token is empty after the successful authorization. If so, when how to refresh access token when it expires? And, is it possible to set access token to "never expires", something like that (I see Token.ExpiresInSeconds property, in .NET lib, that is a setter)? Related post is here: http://stackoverflow.com/questions/27678496/google-oauth-access-token-expiration-in-mvc-app
Thanks.
I wrote an MVC app using Google Oauth2 as instructed here: https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#web_applications I have an issue with access token expiration. When
1
Add a comment...

Linda Lawton

Discussion  - 
 
If you have a user that is authenticated.  then there Google account gets suspended.      How can we test for this?
1
Breno de Medeiros's profile photo
 
When the user account is suspended they will not be able to obtain an authenticated session w/ Google and the app's token requests will fail. The only way supported to test this is to register a Google Apps domain, create accounts on it for test purposes, and then use the administrative panel to disable the accounts.
Add a comment...
1
Gerome Laffineur's profile photoLinda Lawton's profile photo
7 comments
 
remember to except your own answer on stack.  
Add a comment...
 
Has anyone else noticed that the Authentication server seams to be responding a little slower the last few weeks then normal?   #GoogleOAuth   #googleAuthentication   #oauth2   #googleanalytics
1
Karl Stubsjoen's profile photo
 
I have not.  Although I'm new, so not sure what to expect.
Add a comment...
 
Hello, 
how to make an SignOut function for Windows 8 Store app? 

"By default, StorageDataStore is used to store the access token and the refresh token."
1
Add a comment...

Naveen Agarwal
owner

Discussion  - 
1
1
Nat Sakimura's profile photo
 
It would have been nicer if John could mention that in OpenID Connect, the mitigation is required in the main spec instead of being mentioned in the security consideration. It is much stronger statement than in the case of OAuth 2.0. 
Add a comment...
 
Confused and lost!  I am implementing my own code in C# to call Picasa API for things like:  listing albums, listing photo's in albums, creating albums, uploading photos, etc... 

I only want to access my own Picasa, so do not need permissions to any one else's Picasa so want to avoid any web authentication screen (not needed)

Which OAuth technique do I use?  Its sounds like I should use Server to Server??  I want to generate application ID and secret key and pass this as a header but I can't find this implementation.

Please help.  I'm confused and about to throw in the towel.  
1
Add a comment...
 
Is this at all possible.  Thanks for any answers.

We want to connect to an Apps domain with a Service Assertion, and then validate the username and password of one of our users.

This is built into the OAuth 2 spec as a Resource Owner Password Credentials Grant ( http://tools.ietf.org/html/rfc6749#section-4.3 ).

We are trying to setup an openldap server to serve as an ldap authentication source for various local services, and we need to be able to use this authentication process.
[Docs] [txt|pdf] [draft-ietf-oauth-v2] [Diff1] [Diff2] [Errata] PROPOSED STANDARD Errata Exist Internet Engineering Task Force (IETF) D. Hardt, Ed. Request for Comments: 6749 Microsoft Obsoletes: 5849 October 2012 Category: Standards Track ISSN: 2070-1721 The OAuth 2.0 Authorization Framework ...
1
Naveen Agarwal's profile photoJim Black's profile photo
2 comments
 
Ok, here's what we're trying to do.

We do a service account Credential Assertion with something like the google plus.login scope.
Then we do an authenticated request to 'https://accounts.google.com/o/oauth2/token' with the grant_type of 'password', the users email address, and their password.

We would like to know if the password grant_type is available on any scope at google where the client is authenticated with the service credentials instead of a client_id and client_password, and where there is no redirect_uri.
Add a comment...
 
Hi there,

I have hit an issue with Google+ upgrade via OAuth2 and multiple sign-in.
You can find a complete description of the problem in this StackOverflow question. Can someone help?

If this Community is not the best place to ask, where should I go?

Thank you
2
Breno de Medeiros's profile photoGrégoire Clermont's profile photo
2 comments
 
Hi +Breno de Medeiros, have you had to look into the issue? Can I provide more informations? The problem seems still present.
Add a comment...