Menu
When you authenticate with Google Cloud Endpoints if there is several Google Accounts signed in,that have already given your app permission, it simply chooses the default account, just like Gmail would do.
1) Gmail has the ability to switch Google Accounts in the top right corner. How would I achieve something similar?
2) Can you require a user to sign into their Google account again even if they are already signed in? Similar to when a user goes to change their account settings.
453
Switch the active account If you want to switch the account used by the gcloud CLI on a per-invocation basis, override the active account using the --account flag.
From what I understand and experience, the concept of service account impersonation is to allow a user to that specific service account with specific roles and access to the resource. Benefits of service account impersonation are: limit user account permission. reduce the risk of service account keys.
Service accounts differ from user accounts in a few key ways: Service accounts do not have passwords, and cannot log in via browsers or cookies.
Google Cloud offers Identity and Access Management (IAM), which lets you give more granular access to specific Google Cloud resources and prevents unwanted access to other resources. IAM lets you adopt the security principle of least privilege, so you grant only the necessary access to your resources.
I've found a way, but it is a bit sad that this feature is not included (or not documented) in gapi.auth.authorize.
Anyway, if you open the authorization popup manually, and then process the resulting token, you can pass additional parameters such as prompt=select_account, which will allow the user to select their account.
Here's a code example. With popup blocking, you will have to call this function in an onclick event for the popup not to be blocked.
As such, the code is not really production-ready. We do not manage cases such as when the user refuses to give his consent, and we do not pass extra token information such as the expiration time.
var switchUserAccount = function (callback) {
var popup = window.open("https://accounts.google.com/o/oauth2/auth?client_id=102862643449-geb89aoann7dj6tsha4mtkhvos5mk01b.apps.googleusercontent.com"
+ "&prompt=select_account"
+ "&scope=https://www.googleapis.com/auth/userinfo.email"
+ "&redirect_uri=https://david-sandbox.appspot.com/autoclose.html"
+ "&access_type=online&response_type=token", "thewindow");
var waitForPopup = function () {
try {
var token = popup.location.hash.substring(14).split("&")[0];
console.log("FOund token !" + token);
if (token == "") {
console.log("Not ready yet")
setTimeout(waitForPopup, 500);
} else {
gapi.auth.setToken({access_token: token});
popup.close();
callback();
}
}
catch (e) {
console.log("Not ready yet, exception")
setTimeout(waitForPopup, 500);
}
};
waitForPopup();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
