Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google API : How to authenticate without redirection?

Tags:

oauth

oauth-2.0

google-docs-api

We want to use Google Doc API to generate Document (In our own business account) when our end users do some actions on our site.

The problem is that we've tried to implement the OAuth 2.0 protocol, as suggested in the v3.0 protocol documentation. The apiClient::authentication method do a redirection. This is a major problem because our users doesn't know the access to our own business account.... and we don't want to give them access anyway ;)

(In other word, we're not creating an application that allow our users to edit their own data, but to interact with our data, like a database.)

I've read that the point of OAuth 2.0 was to avoid that we manage the credential of our users. I'm personally O.K. with the concept, but in our case, we don't want to get authenticated in the google account of our users ...

So, what would be the best approach to get a valid authentication without any interaction from the end user ?

like image 781
FMaz008 Avatar asked Sep 09 '11 21:09

FMaz008

2 Answers

What you describe is not how 3-legged OAuth was designed to be used.

3-legged OAuth is all about delegated authentication where a user (who knows his password) can grant limited and revokable resource access to application. That application never sees the user's password. There is a bunch of work involved to safely allow the application to impersonate the user.

What you probably want is to use the (2-legged) OAuth flow, where the consumer_id/consumer_secret credentials are embedded in your application. Here your application is not impersonating your end user and there would be no browser redirection involved.

Here's some further info on using 2-legged OAuth in Google Apps: http://googleappsdeveloper.blogspot.com/2011/07/using-2-legged-oauth-with-google-tasks.html

And this is a good description of 3- vs 2- legged OAuth: http://cakebaker.42dh.com/2011/01/10/2-legged-vs-3-legged-oauth/

like image 80
Chris Sears Avatar answered Oct 21 '22 16:10

Chris Sears

You will need to use a SERVICE ACCOUNT. Basically you are hard coding access to this account into your server application. Then you use sharing to give access to the to account for the content you want. For example you can share a Google Doc or an Analytics profile with the SERVICE ACCOUNT.

Here is a complete example implementation of setting up a service account, logging and and then using it.

Updated 2018-12-12: https://gist.github.com/fulldecent/6728257

like image 21
William Entriken Avatar answered Oct 21 '22 16:10

William Entriken
Sign in to Comment

Related questions

How do I authenticate with my own site's API when using Facebook Connect for logins/account creation?
Implementing Social Login without third party, using openid-selector
What is the link for Google OAuth tokens?
Trying to send email via Service Account getting com.google.api.client.auth.oauth2.TokenResponseException: 401 Unauthorized
Should an oAuth server give the same accessToken to a same client request?
LinkedIn / Twitter / Facebook as OAuth and OpenId use
Dotnetopenauth oAuth Service provider explanation
Google app engine - login with Google, Facebook
Securely storing an access token
How exactly hash fragment based security works?
sign in with oAuth, what should i store/use to identify the user?
Spring OAuth2 with JWT - Cannot convert access token to JSON When Separating Auth and Resource Servers
AcquireTokenSilent always Failed to acquire token silently
OAuth callbacks in iPhone web apps
Can I use Android's AccountManager for getting OAuth access token for AppEngine?
What is OOB in OAuth?
Meteor.js Google Oauth issues
Twitter4J + Android: Authentication Challenge is Null Exception
How To Obtain All Twitter Followers Without Hitting API Limit
OAuth 2.0 In .NET With Instagram API

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!