Background: I have created and installed a Google Drive App. It sits in my https://apps.google.com/u/1/user/hub as seen in the image below.
I am signed into my Google account to be on this page. When I click on one of these installed apps the behaviour is very inconsistent.
If I am signed into multiple google accounts in the browser, it asks me to sign-in with google when I arrive on the app but then sometimes it just signs me in automatically.
If I have already signed into the app separately from Google Drive, then it uses the existing login profile on the app.
If I have only signed into one google account on my browser it sometimes signs me in to this account on the app and sometimes does not.
I have scoured far and wide for documentation and all I have found is this snippet from https://developers.google.com/drive/v3/web/practices:
Treat all Create New and Open with events like potential logins. Some
users may have multiple accounts. If the user ID in the state
parameter does not match the current session, you may need to end the
current session for your app and log in as the requested user.
But this snippet doesn't mention if any OAuth login flow is done automatically when you arrive on the app.
The question: Does anyone know how the OAuth flow logic actually works when you open an installed app from Google Drive, either by clicking on the app (as in the picture above) or by opening/creating a file in Google Drive with the app?
My desired outcome is that the app is always logged in with the account that the user is using in Google Drive when they clicks the link, without having to sign-in with Google again on the app, or needing to switch account.
Check the About Authorization for Drive API. It describes the OAuth flow. Or you can just opt to use one gmail account in your browser to avoid confusion altogether.
Related
I am trying to get it so that when the user on the local network opens up the webpage it will log them in with their active directory username and password through a react js system with a C# API back-end. would react just say someone has connected on load and then send a message to the web api telling it to pull the user and authenticated it pushing that to the webpage for me to use as the login details.
You can achieve by using common authentication/authorization protocol OAuth 2, which is commonly used.
for example google have different product like gmail, drive, doc etc which is hosted in different domain. But when you login in any of this domain, you don't require to login again in any of its product. it use Signle Sign on concept
I'm incorporating Google Sign-In for my website and the basic setup is working fine, however I face a problem to manage the user's login status.
I came across the below SO question, which suggested to use sessionStorage/localStorage to carry the login status across pages of a website, and when user signs out the stored info should be cleared.
https://stackoverflow.com/a/40206395/5345604
I afraid I don't entirely understand the suggested implementation though. What if user signs out from his Google account somewhere else, say from Gmail or from Google Maps? In this case when the user revisits my website, how can I detect that he is no longer signed in with Google and remove the stored client side session? Or this is not the way it is supposed to work?
And on top of the above question, I'm also thinking about the authentication with my backend (PHP). Given the ID token, shall I be sending it across to my server and authenticate it with the Google API Client Library every time? Or shall I only authenticate the user once and store a flag of indication in $_SESSION, and then destroy the session when the user signs out? (Given that the token is in fact a JWT, I suppose the implementation is meant to be stateless and requires the token to be passed to the server every time? Are there any concerns to implement it with the traditional approach of a server side session?)
I can only answer your first question: The login of your website is completely separate from the login status of other Google services. Even YouTube is separate from google.com.
I'm not gonna post a bunch of code, unless I have to. It's mostly pasted straight from Firebase.google.com. I got every authentication method working fine but Github oAuth is all kinds of screwed up. So after a while I decided to go from Firebase v3.0 to 3.1. No fix.
The redirect page does pop up but I can't use my regular Github credentials - the Github account used to create the developer app (even though I log out of Github in my other web tab. My authAction() catch says:
An account already exists with the same email address but different
sign-in credentials. Sign in using a provider associated with this
email address.
So, I created a second dummy Github account and I now can log in using that. However upon logging in, user.email and user.displayName come back null.
Another strange thing: When logged out of every app, I log in to my Firebase app via Github oAuth and then open a new tab and navigate to Github, I'm already logged in! Presumably, somehow my token is shared between websites? Google, Facebook, Twitter, Anon, and Email/Pwd all work fine.
Anyone have this Github oAuth issue too or is it just me?...
When you get the error:
An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address.
It means you already signed in using the same email with a different provider. You can sign in to the same provider and then link the github account to that current user. You can call firebase.auth(().currentUser.link(githubCred) or firebase.auth(().currentUser.linkWithPopup/Redirect(githubProvider)
As for Github not providing your email and name, you could have your github account settings set to not disclose your email and info. Typically you have to ask for the user:email oauth scope if you are using signInWithPopup/signInWithRedirect but that is currently not working with Firebase. The team is working on a fix.
Regarding your third issue, I am not sure I understand this correctly. When you sign in to Firebase using Github or any other provider, you will need to login to that provider before consenting to that app's permissions. If you navigate to that provider's site, it is normal to be logged in. If you try to sign in with Firebase using github on a different app, you would still be logged in to github but you would be asked to consent to that app's new permissions.
I am creating an application with node-webkit
In my index.html I have provided an option to user to login with google account
Problem
What redirect URI will I give while making client secret?
As you can see the NS js application runs directly from there location which means that that URL is always different.
I am following authentications steps for AMS as described here:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-how-to-use-client-library/#caching
From Kendo UI mobile app (Javascript)
I can log in using Google as an authentication provider using client.login("google"), execute authenticated AMS custom API calls
and also doing client.Logout() via button, that seems to successfully disconnect me from AMS
On subsequent client.login(), however, I do not get the Google account login window. It is seemingly stored in a cookie and the user is logged in automatically, thus not giving me a chance to log in as another user.
I was wondering what additional actions besides client.Logout() I must do to initiate the Google login screen on the next session after the user decided to logout. I do not want to force the user out of his Google account, as this would be impolite, just log him out of my application.
I know this question is old, but since it is not answered and I found it out recently I decided to post the answer here.
When you go to google.com you can add another account (top right icon). After that you can choose after each logout which account you want to use for your application to login. And you can even add other accounts to log in.