Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent the extra view displaying an access code when using Google OAuth 2.0

Tags:

ios

oauth-2.0

I followed http://googlemac.blogspot.com/2011/05/ios-and-mac-sign-in-controllers.html to allow users to use Google to login to an iPhone app. After I tap "Allow access" button I get an extra screen that says, "Please copy this code, switch to your application and paste it there: (code in a textbox)."

This is what I have:

- (IBAction)googleLoginTapped:(UIButton *)sender
{
    [self loginToGoogle];
}

- (void)loginToGoogle 
{

    // For Google APIs, the scope strings are available
    // in the service constant header files.
    NSString *scope =@"https://www.googleapis.com/auth/userinfo.profile";

    // Typically, applications will hardcode the client ID and client secret
    // strings into the source code; they should not be user-editable or visible.

    // But for this sample code, they are editable.
    NSString *clientID = @"my clientID";
    NSString *clientSecret = @"my clientSecret";


    // Display the autentication view.
    SEL finishedSel = @selector(viewController:finishedWithAuth:error:);

    GTMOAuth2ViewControllerTouch *viewController;

    viewController = [GTMOAuth2ViewControllerTouch controllerWithScope:scope
                                                              clientID:clientID
                                                          clientSecret:clientSecret
                                                      keychainItemName:nil
                                                              delegate:self
                                                      finishedSelector:finishedSel];

    // For this sample, we'll force English as the display language.
    NSDictionary *params = [NSDictionary dictionaryWithObject:@"en"
                                                       forKey:@"hl"];

    viewController.signIn.additionalAuthorizationParameters = params;

    // Optional: display some html briefly before the sign-in page loads
    NSString *html = @"<html><body bgcolor=silver><div align=center>Loading sign-in page...</div></body></html>";
    viewController.initialHTMLString = html;

    viewController.signIn.shouldFetchGoogleUserProfile = YES;

    [self presentModalViewController:viewController animated:YES];
}

- (void)viewController:(GTMOAuth2ViewControllerTouch *)viewController finishedWithAuth:(GTMOAuth2Authentication *)auth error:(NSError *)error
{
    if (error != nil) 
    {
        // Authentication failed (perhaps the user denied 

please see this link it is to good https://developers.google.com/accounts/docs/OAuth2InstalledApp

like image 592
Dun Avatar asked Sep 26 '11 16:09

Dun


People also ask

How do I set the consent screen in OAuth Google?

Configure OAuth consent & register your appIn the Google Cloud console, go to Menu menu > APIs & Services > OAuth consent screen. Select the user type for your app, then click Create. Complete the app registration form, then click Save and Continue.

What is an access token in OAuth?

OAuth 2.0 uses Access Tokens. An Access Token is a piece of data that represents the authorization to access resources on behalf of the end-user. OAuth 2.0 doesn't define a specific format for Access Tokens. However, in some contexts, the JSON Web Token (JWT) format is often used.


2 Answers

I tried this approach, and work fine, put this in your webViewDidFinishLoad method :

if ([webView.request.URL.absoluteString rangeOfString:@"https://accounts.google.com/o/oauth2/approval?"].location != NSNotFound) {
    webView.hidden=YES;
}
like image 166
Felipe FMMobile Avatar answered Sep 22 '22 15:09

Felipe FMMobile


I have found the answer. Initially I was using the Client ID for an installed application. This did not give the option to set up the Redirect URI. It gave a default Redirect URI of urn:ietf:wg:oauth:2.0:oob http://localhost. So when I sent a request for authentication using this code:

viewController = [GTMOAuth2ViewControllerTouch controllerWithScope:scope
                                                              clientID:clientID
                                                          clientSecret:clientSecret
                                                      keychainItemName:nil
                                                              delegate:self
                                                      finishedSelector:finishedSel];

It returned an success code that is then used to authorize native applications. Please reffer here for more on returned codes or tokens.

To fix my issue I went ahead and used a Client ID for web application. This allowed me to explicitly set a Redirect URI and also allowed me to set the response_type to token instead of code here:

https://accounts.google.com/o/oauth2/auth?
  client_id=21302922996.apps.googleusercontent.com&
  redirect_uri=https://www.example.com/back&
  scope=https://www.google.com/m8/feeds/&
  response_type=**token**

So when I am authenticated and the redirect_uri is served back from the server it comes with an "access_tocken" appended as a query string like this:

https://www.example.com/back?access_token=returned_access_tocken

Now you can use a regular expression code:

-(void)checkForAccessToken:(NSString *)urlString {
    NSError *error;
    NSRegularExpression *regex = [NSRegularExpression regularExpressionWithPattern:@"access_token=(.*)&" options:0 error:&error];
    if (regex != nil) 
    {
        NSTextCheckingResult *firstMatch = [regex firstMatchInString:urlString options:0 range:NSMakeRange(0, [urlString length])];
        if (firstMatch) 
        {
            NSRange accessTokenRange = [firstMatch rangeAtIndex:1];
            NSString *accessToken = [urlString substringWithRange:accessTokenRange];
            accessToken = [accessToken stringByReplacingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
            [_delegate accessTokenFoundGoogle:accessToken];
            accessTokenFound = YES;
        }
    }
}

to pluck the access_code and use it for your authorization request here:

"https://www.googleapis.com/oauth2/v1/userinfo?oauth_token=put_your_accesstoken_here" to send a request for authorization

Then you can just send your request and get back in this case the user's profile info in JSON format. You can refer to this question and answer for using Facebook's graph api to login users. Then just modify the code to work with the new Google OAuth 2.0 using the suggestions and request urls I have included here. Just a suggestion to speed things for you when converting the code for Facebook, create a new init method like this:

- (id)initWithDelegate:(id<GoogleLoginDialogDelegate>)delegate;

- (id)initWithDelegate:(id<GoogleLoginDialogDelegate>)delegate 
{
    if ((self = [super initWithNibName:@"GoogleLoginDialog" bundle:[NSBundle mainBundle]])) {
        self.delegate = delegate;
    }
    return self;    
}

So that you can easly work with the delegate methods from your Google login dialog. If you follow the Facebook example carefully, you should have Google login with OAuth working great!

like image 32
Dun Avatar answered Sep 19 '22 15:09

Dun