I like these google videos, but... they should MAKE SOME TUTORIALS. They show technology but if I want to use it - I have to read 100 help pages to learn this.
@Enrique - SSL is required for transmission of the access tokens. This mitigates the risk of it being capture by a malicious proxy. SSL would also be used by any reasonable identity providers to protect the login screen. OAuth does not protect users who are not taking standard security precautions (such as making sure the site they're entering the credentials into is valid)
I understand that using application login , we can get the user profile in my android application like email ID , Firstname and User ID , But what if I want to create an Application specific user profile for the user based on my application ? for E.G i want to know when the user logged into my application what products did he visit from my product catalogue. Does google have API's / Some place where I can store this info and retrieve it when needed or would I have to create my own data store in the cloud with the User-ID as the key? Whats the best design to accomplish this use case?
do you have to have a redirect URL? im trying to use a client id and secret to get an access token which i can use to perform tasks in admin sdk (onboarding offboarding users). i can do this with refresh tokens via google playground but when i use my own client id and secret (which they have an option to use) it doesnt work... so i seem to be missing something but not sure what
How can users login on your site using data from another website. for example I have to create a website where student will login using data from our university site, I mean instead of "login with google" or "login with facebook" they can be able to "login with university-data".. How can I make this possible?
I have a Web Service using Google Cloud Enpoints. How do I limit the API access only to my web application running on another domain? There is no user involved, this is a server to server authentication scenario. Which API should be used in this case?
exactly my thoughts. i guess tokens, since they expire, limit the amount of time that damage can be done, other than that, i really don't see the point... and to add to the refresh token, what if that is exposed... then it's infinite...
I hope this 'major' site changed their password storage scheme to a 1 way hash so they don't have to worry about having their passwords stolen cause they'll be encrypted anyway. no biggie.
Good question. I think they can't, because it has to match the URL you set in the developer console on developers.google.com. If another domain tries to use your client ID, I believe it is denied. Someone correct me if I'm wrong.
I like these google videos, but... they should MAKE SOME TUTORIALS. They show technology but if I want to use it - I have to read 100 help pages to learn this.
Can you help me than
@Enrique - SSL is required for transmission of the access tokens. This mitigates the risk of it being capture by a malicious proxy. SSL would also be used by any reasonable identity providers to protect the login screen.
OAuth does not protect users who are not taking standard security precautions (such as making sure the site they're entering the credentials into is valid)
I understand that using application login , we can get the user profile in my android application like email ID , Firstname and User ID , But what if I want to create an Application specific user profile for the user based on my application ? for E.G i want to know when the user logged into my application what products did he visit from my product catalogue. Does google have API's / Some place where I can store this info and retrieve it when needed or would I have to create my own data store in the cloud with the User-ID as the key? Whats the best design to accomplish this use case?
Great seminar :) I finally understood something from this OAuth 2.0 :D Thank you
do you have to have a redirect URL? im trying to use a client id and secret to get an access token which i can use to perform tasks in admin sdk (onboarding offboarding users). i can do this with refresh tokens via google playground but when i use my own client id and secret (which they have an option to use) it doesnt work... so i seem to be missing something but not sure what
Are these tokens and codes universally unique, application id dependent? or are re-issued later? I guess the token/code seed isn't publicly available.
this speech didn't tell how auth 2.0 is better, improved, and works analytically.
Thanks for the updates... please keep them coming...
can't wait for more sites to implement this
How can users login on your site using data from another website. for example I have to create a website where student will login using data from our university site, I mean instead of "login with google" or "login with facebook" they can be able to "login with university-data".. How can I make this possible?
I have a Web Service using Google Cloud Enpoints. How do I limit the API access only to my web application running on another domain? There is no user involved, this is a server to server authentication scenario. Which API should be used in this case?
very useful one for beginners to understand oauth 2
exactly my thoughts. i guess tokens, since they expire, limit the amount of time that damage can be done, other than that, i really don't see the point... and to add to the refresh token, what if that is exposed... then it's infinite...
Great talk, helped me a lot. Thank you :)
Hi, i am creating a mobile app backend in php .How can i use Oauth in it.
great tutorial, help me a lot.... thanks.
really helpful. thanks for the tute.
Talking about OAuth 2.0 1:48 book name
I hope this 'major' site changed their password storage scheme to a 1 way hash so they don't have to worry about having their passwords stolen cause they'll be encrypted anyway. no biggie.
Thanks for
Server to Server Authentication - 17:27
couldn't someone else use your client id
Good question. I think they can't, because it has to match the URL you set in the developer console on developers.google.com. If another domain tries to use your client ID, I believe it is denied. Someone correct me if I'm wrong.
answerOfstupids He can reset it.
You can, but you need the secret and the redirect uri to actually get a token
It is amazing :P now i can login with my yahoo account on facebook and with facebook account on yahoo. :P:P:P
44:20
found the Answer : developers.google.com/identity/sign-in/android/backend-auth
I love the F U in his shirt.