Very simple user verification

I am creating an application and I plan to have some kind of cloud with it, but I do not want to create a user database, and users must remember their username and password.

Since it will be distributed through the Chrome app store, it basically ensures that the user has a google account. All I want to do is:

  • Receive user email through google account material. If I get it there, well, then their email is all I need to get user data.

  • If I attach the application to something other than the Chrome browser, I just ask the user to use his email to request a verification link, and then send them a verification code for this account, they put the verification code into the application, he accepts it as a verified user to be safe and easy.

EDIT: I study this. So far, I:

OAuth 2 Google APIs

But I have a problem that I do not know what to specify as my javascript source in the Google API, and there is not much information about this. If someone tells me what is happening in javascript, I need to install the chrome extension to access google api, this will be a big help.

PS: Thank you for voting, so I like to resort to stack exchanges.

+6
source share
2 answers

Hmmm, I think the only reason this was voted is the fact that this question can be asked somewhere on the site already (but I will help you and give 1up).

So what do you want to use Google OpenID. You will need to register your application with Google so that they can provide OAuth2 tokens for your application. I did not do this with Google, but with other services, and it is quite simple, just do a search.

In terms of getting OAuth2 for your application in the chrome extension, this can be a pain, because the extension is isolated, and the Google example uses OAuth not OAuth2.

Here is the solution that I post on GitHub for this - I also use this in my GitHub Repositories extension:

https://github.com/jjNford/oauth2-chrome-extension

Hope this helps in some way. Don't get carried away with StackOverflow, it's a great resource with many great contributors.

Good luck

+2
source

I also had to vote for you because I am tracking a related issue, so here is what I found that might help.

According to these guidelines - http://code.google.com/p/google-api-javascript-client/wiki/Authentication - "In the" Authorized JavaScript source "field, enter the protocol and domain for your site." It must be a protocol (http: // or https: //), followed by some additional subdomain, followed by your domain name, and no end slash. Nothing happened after the domain name.

This prevents certain types of security attacks: see http://en.wikipedia.org/wiki/Same_origin_policy .

Here are some related questions that I found that might help: Problems with the Google Picker API and the selection of Google Drive items and the Javascript Sources google-apis console .

Now with all that said, I'm still trying to determine what values ​​need to be placed on one of my sites hosted as a Google Site, since none of the obvious values ​​work for me. So there may be some subtlety that I missed in this explanation.

0
source

Source: https://habr.com/ru/post/914601/


All Articles