I am developing an app as part of a research project and need to submit it to Google for verification. Our privacy policy is not hosted on the same domain as the app (though we do link to it) it is instead hosted on the domain for the university. In my OAuth consent screen configuration in the developers console if I list the university domain under the "Authorized domains" for our app, will this interfere in anyway with the university's website while google is verifying the app? Sorry if this question is trivial I just want to make absolutely sure doing so will not get our team into trouble.
No, Google OAuth Verification does not interfere in any way with the website. This is just a security measure to only allow your authorized domains from within the consent screen.
Related
We have a web application that runs on say domain.com. We then have whitelabel users that access the application from subdomain.theirdomain.com.
Our application is able to connect Google, Facebook, Twitter accounts using our main domain (domain.com) and our integration with each platform.
But when whitelabel users want to connect the process shows the name of our application and redirects to our domain (breaking whitelabel).
We are looking at creating a generic application on each platform (google, facebook etc) for our whitelabel users on generic domain xyz-connector.com with a generic name and logo.
However the users are not logged in on that domain so when the platform redirects to that domain after the user has successfully gone through the authorization\connection process we cannot associate the connection with the user.
We need to know which account has just authenticated so we can update the database.
Using Django 3.1.
Ideally we want our users to connect\authenticate their accounts directly from their white labeled subdomain or domain. Rather than having to login to xyz-connector.com.
Can we share sessions? Or do these services (facebook, google) allow us to pass custom variables they will pass back to us when connecting that we can use to associate the users account?
Is there a best practice for achieving this?
I am developing an app that works with Google Calendar API to provide some services to employees of an organization. For that I need access to their calendars to make changes on their behalf. Although OAuth2.0 authentication works fine, I am exploring service account for my application.
With service account I'll need to give domain wide delegation to service account. But I am stuck with a weird question for which I could not find confirmation on web -
If I have multiple clients (organizations with different domains), will I need a separate service account in each of those domains with domain wide delegation, or just one service account in my own domain (where the application resides)?
The latter sounds scary as it can lead to security breach.
I want to create a user pool for the purposes of requiring authentication on my website. I have a website deployed using CloudFront. I have one hosted zone for this website on Route 53. I have tried setting up a Cognito, but I have been unsuccessful.
During the set up process, it asks for the app name. I can not figure out if this is asking for an existing app name or if I need to make one up. The significance of this step is not clear. Another step in the process has me enter the domain name, either an Amazon Cognito domain, or my own custom domain. I tried using an Amazon Cognito domain, but after following the AWS documentation and visiting my new domain, I only saw an error message.
I wish to connect a pre-existing, and pre-deployed website with its own sign-in page to AWS Cognito, but I cannot find any solid guides on how to do so. Any help would be greatly appreciated.
After much searching and reading through numerous posts and documentation, I found the answer to my questions. I ended up following an AWS GitHub Wiki to set up the authentication flow.
The Route 53 service ended up not being relevant for this task. Amplify is not required. The name of the Cognito app was not significant, it only gives the user pool an app name. On the AWS side, I had to create my own user pool following this AWS doc. On the website side, I had to create a user and a user pool in JavaScript using the SDK described in the linked wiki.
The wiki lists different ways to install and include the Cognito SDK within a JavaScript project. The configuration steps needed to be tweaked slightly to fit within the framework I am using. Numerous use cases are covered.
My team made a custom Cognito login page using normal AWS SDK JS code that logs users in for a given domain name, functioning via cookies. Now we are asked to support multiple domains, which can't be done via the cookie system, so I am looking into OAuth2. The huge problem with OAuth2 is that I can't find any documentation on how to do OAuth2 using one's custom login page.
The previous best answer on this subject is at AWS Cognito Authorization code grant flow without using the hosted UI, but that is now about 2 years old, and I can see that the POST occurring on the hosted login page now includes another base64 piece of information not provided by the old answer, so I am skeptical that answer will still work. Is there still no way to generate the authorization code grant without using the hosted UI?
I'm coding from my garage, already deployed a GCloud Function, but don't have a corporate website yet. So my application origin URI is localhost:### so far. Now I want to integrate my web project with my GCF, following Integrating Google Sign-in I'm stuck because I just don't have a registered website for origin URI
Is an official website URI required to proceed?
Yes, a URI is required. On top of that it needs to be HTTPS, which requires an SSL certificate. The exception is testing with localhost.
The reason is that when you use OAuth 2.0 to authenticate a user, the user goes to Google Accounts and authenticates. Then Google Accounts calls your callback URL to give you a token. This is part of the security design. If you could leave this blank, then the authentication chain would be broken. I am oversimplifying OAuth 2.0 in this answer.
You could use Google App Engine, which then provides you with a URL for your deployment. App Engine will work as your orgin and callback.
App Engine User Authentication Options
If your goal is to use Compute Engine, then you will need both a domain name and SSL certificate (Let's Encrypt is free) for your webserver.