Login user to my website in Chrome app - google-chrome

I have users registered to my website that connected their Google+ account, and I'd like to auto login them from a packaged Chrome app.
I'm following [1] and the related example [2].
I can successfully perform a Google account authentication and obtain a token and user info.
Next, I'd like to "exchange" Google token for a "my website" token.
I was thinking to:
app sends to server the token and user_id
server requests https://www.googleapis.com/plus/v1/people/me and verifies that user_id and token match
server searches for the user corresponding to (google) user_id and logs he in
The alternative would be to implement an oauth login form and follow Non-Google account authentication in [1], but it seems too much extra work to me.
Any suggestion / alternative way?
[1] http://developer.chrome.com/apps/app_identity.html
[2] https://github.com/GoogleChrome/chrome-app-samples/tree/master/identity

[edit: as pointed out in comments, not a secure method.]
Use the identity api to make a request from the app to get the google+ id:
GET https://www.googleapis.com/plus/v1/people/me?key={YOUR_API_KEY}
(with the https://www.googleapis.com/auth/plus.me oath scope)
In the response you will find
{
"kind": "plus#person",
...
"id": "117022097663427079142",
Send that ID to your server to look up the associated ID that your system uses.
You do not need to (and should not) send the bearer token.

Related

RapidMiner : Can't get JWT Token

I am refering below document to get JWT Token .
However when I call the API /api/rest/tokenservice it doesn't return the token but returns a web interface asking for login . How can I get JWT Token
REST API Url :
https://docs.rapidminer.com/9.10/hub/rest-api/index.html
Response of postman:
In order to query the internal tokenservice endpoint, you need a valid "session". In the native installation method, you can use basic auth as "session" as outlined in the documentation.
curl -u user:pass "http://localhost:8080/api/rest/tokenservice"
{
"idToken": "the-valid-token",
"expirationDate": "the-exp"
}
However, for this to work when you've deployed RapidMiner AI Hub with Keycloak (and docker), you need to 1. enable basic auth for Keycloak, 2. access the route by first having a valid "login session" (cookie name is RM_SERVER_JSESSIONID) or 3. use a valid Keycloak token.
Enable basic auth in Keycloak
rm-server-homedir/configuration/keycloak/keycloak.json
{
...
"enable-basic-auth": true,
...
}
Valid cookie value
Login via web interface, open the browser's developer tools and use the very same RM_SERVER_JSESSIONID cookie value inside the REST request issued to the /api/rest/tokenservice endpoint.
Not sure what you like to achieve, e.g. schedule a process via REST, I like to outline that you can easily add a process and trigger via Web Service. The triggered process could make use of the Admin Tools extension. You still need to enable Keycloak's basic auth though if you like to trigger it from "outside". A guide how to use the extension can be found here.
Valid Keycloak token
Retrieve a valid Keycloak access token (from Keycloak's token endpoint, e.g. via OpenID Connect) and query the
/api/rest/tokenservice endpoint with Authorization: Bearer .
Disclaimer: This answer is used with permission of the original author from the RapidMiner community.

How to get profile info google photo library api

I was writing a simple logic to list pictures using the Google Photos REST API. I'd like to print the connected user profile once they are logged into my app. But I cannot find any endpoint in the REST API to get the user profile as in Gmail or Drive REST APIs.
https://developers.google.com/photos/library/guides/get-started#request-id
Meanwhile, I have tried to get the user details from the oAuth2 access token, but it does not give any user details like mail id or name.
GET https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN
Response:
{
"issued_to": "xxxxx.apps.googleusercontent.com",
"audience": "xxxxxx.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/photoslibrary",
"expires_in": 3522,
"access_type": "offline"
}
Is there any way to retrieve user profile from the above oAuth2 access_token (independent to the scope)?
I'm afraid that at the moment this is not possible. The oAuth2 token does not contain the user's e-mail. The only way of getting the user's email through the Google APIs would be to allow the https://www.googleapis.com/auth/userinfo.email scope, and use the oAuth2 API or the People API. The calls you could use may be any of the following:
GET https://www.googleapis.com/oauth2/v2/userinfo
GET https://www.googleapis.com/userinfo/v2/me
GET https://www.googleapis.com/plus/v1/people/me

Project with Google APi with self user auth

I was able to create a project to connect an app to google data, for a specific account (followed Google People API)
But now I would like that each customer log in hisself to his account and manage his data.
I can' t create project in the Google API Console for each customer, my app needs to read auth from each user who will use my app and "auto" create auth to read google contact data of the logged user.
Is possible?
Could you suggest me articles about how to do?
It sounds like you are trying to do exactly what OAuth 2.0 (see the page you linked to) gives you: authenticating users. This differs from using an API key, which is only authorizing your project and has nothing to do with a user's credentials.
OAuth 2.0 combines a Client ID (associated with your Google Developers Console project) and a user's login (specific to the user who is accessing your app/site) to give you an authorization token. This token will let your app act on behalf of that user when calling that API. Just make sure to request the necessary scopes as part of the OAuth 2.0 authorization prompt given to the user.
How to give this prompt varies by environment, but many common options are listed on that link.
Note that you always use the same Client ID, so you only need one Google Developers Console project, but you are given a unique token specific to that user's login when they authorize your app, so this lets you act as any user which grants your app access to their account.

Getting Instagram API with Google Apps Scripting

I have a list of 500 Instagram usernames in a spreadsheet. I want to extract the bio of all 500 accounts and put those in a spreadsheet. I am using Google Apps Scripting. I don't know how to get access to instagram's api where I can access the bio. I've look at other websites where I can pull up the Instagram accounts bio (like http://www.pikore.com/humordailyy) but those still don't have API. Is there a way I can get API? If not, is there a way I can crawl through the HTML or something to get the bio? Thank you.
As discussed in documentation, Instagram API requires authentication - specifically requests made on behalf of a user. Authenticated requests require an access_token which you could receive by doing the following:
Direct the user to our authorization url.
If the user is not logged in, they will be asked to log in.
The user will be asked if they would like to grant your application access to her Instagram data.
The server will redirect the user in one of two ways that you choose:
Server-side flow
Implicit flow: This method is less secure, but allows applications without any server component to receive an access_token.
For Implicit Authentication Flow which is for applications without any server component, simply follow these steps:
Step One: Direct your user to our authorization URL
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token
At this point, Instagram present the user with a login screen and then a confirmation screen where they grant your app’s access to their Instagram data. Please note that you may provide an optional scope parameter to request additional permissions outside of the “basic” permissions scope.
Step Two: Receive the access_token via the URL fragment
Once the user has authenticated and then authorized your application, Instagram redirects them to your redirect_uri with the access_token in the url fragment. It will look like this:
http://your-redirect-uri#access_token=ACCESS-TOKEN
Simply grab the access_token off the URL fragment and you’re good to go. If the user chooses not to authorize your application, you’ll receive the same error response as in the explicit flow.
error: access_denied
error_reason: user_denied
error_description: The user denied your request

Twitter API GET statuses/user_timeline - how to include authentication?

For the example get request:
https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=twitterapi&count=2
As documented here:
https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline.html
I have an oauth user token and user token secret, plus my app credentials...
The docs state that authentication is supported, but how do I include it in the get request for screen names that are not publicly accessible?
If I understand your question right, you want to be able to get the tweets from a third-party user with the OAuth token and secrets belonging to a user on your site. The tweets from the third-party user are not publicly accessible, but your user has access rights to them. Is this right?
Generally if you want to access private ressources on behalf of your user, you have to sign the request with the OAuth token and your application credentials. Then Twitter can check, which user is signed in on your site and if the user gave your site access rights.
That signature is sent within the header of your GET request in a format like this:
Authorization:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
oauth_version="1.0"
There is also documentation from Twitter on how to calculate the signature.