can i create an a app that uses Google migration api .. to migrate my emails from outlook and yahoo to my gmail account .. is the api available to be used for a regular gamil account.
The prerequisites in the documentation is very confusing.prerequsities for migration api
The migration API does not work with consumer Google Accounts (like #gmail.com). For Google Apps for Business and EDU, you can use an OAuth token authorized by the regular user and migrate mail directly to that user account as long as the domain administrator has allowed user email migrations. Instructions for admins to do so are at:
https://support.google.com/a/answer/176213
under Google Apps Requirements. This API is how the Google Apps Migration for MS Outlook tool performs user-authenticated migration of mail.
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
Outline
I want to integrate Azure Active Directory for authentication and authorization.
Question
How do I integrate the msal library into a Django web app, because the official Azure examples are using Flask?
And how to map the AppRoles I have defined in the Azure AD app registration to Django groups defined in the Django backend?
There are samples both for Flask and Django. MSAL itself is framework agnostic so it can be used in any. Regarding the app roles claims you can inspect the acquire_token* methods result. It's a dict containing access_token and/or id_token which will contain the role claim.
I'd like users to be able to login to my Django app using their Microsoft personal, work or school account.
I have no interest in any profile or other data from the user's account. I just want authentication.
I've been playing with django-allauth and and Azure portal and have successfully set things up so I can log in with my personal outlook.com account. I've set the AD tenants up to allow for personal and institutional accounts.
I've successfully served the .wellknown json and was able to verify the app in Azure.
I run into trouble when I try to log in with a Microsoft 365 work or school account.
The consent form shows the app as "unverified" and indicates that the app wants profile information and to store data.
I ended up in a rabbit hole of Microsoft AD documentation about MPN IDs and such.
Before I go further I want to know if I what I want to do is even possible.
Keeping in mind that I'm not interested in profile information, can I achieve authentication in Django with a users Microsoft Work or School account?
If so, what do I have to do?
My question is how a 3rd party developer would login users through my Identity Platform? I looked at the documentation but found nothing.
Essentially I want to use Identity Platform as an OIDC Provider, but I don't know if that's supported.
Cloud Identity Platform is based on Firebase Auth product (literally because the documentation and the Javascript to add are still in Firebase perimeter!).
This product allows you to delegate the authentication to a third party, either Firebase auth if you use login/password authentication, or to connect Identity Provider (IdP).
There is several built in IdP like Google, LinkedIn, Facebook, Twitter,... and you can add custom Auth0 provider (SAML) and OAuth2 provider (OIDC).
The platform only allow you to perform an authentication and then redirect the user to YOUR app. Then, it's to YOUR app to ensure the correct authorisations and roles of the user.
All of this for saying to you:
Think about firebase Auth feature: originally, it has been designed to authenticate user that wants to connect to Mobile App, on Android. Today it's the same thing but, in addition, for your web app
It's designed for YOUR application with YOUR roles and authorisations. By the way, if your target is to allow your 3rd party developers to log into Google Cloud console thanks to this authentication mode, it's not possible.
But, stay tuned, awesome things are coming soon on this field
John is right, more details would help. But if I had to guess you are referring to the fact that Google Cloud Platform IAM does not handle Identity part only authorisation. You could, however use G Suite or Google Directory Sync (which can integrate with LDAP server or Active Directory.
You can refer to the link below which shows you how you can integrate with OIDC:
https://cloud.google.com/solutions/authenticating-corporate-users-in-a-hybrid-environment
Greetings fellow Stackoverflowiens,
I have web services and a database setup in Windows Azure and I am using the javascript backend for the web services as this gives me basic CRUD calls without having to write the API. I also have a user table for all users that can login on the app with a field for username and password, I am trying to authenticate the user based on this table without writing the entire API. I can't just do a GET call to see if the user has entered a valid username and password as this would not be secure. And I can't use the Facebook, Twitter or other 3rd party authentication services as the requirement is to use a database of users.
Is there anyway of implementing a custom authentication into Azure without writing the entire API? Or is there another way of doing this that I am not aware of?
Any help that can be provided would be fantastic