Home > Authentication > Google Authentication Api’s

Google Authentication Api’s

Overview:

  • Oauth Core 1.0
  • Work Flow, Endpoints
  • Working With OAuth

Authentication for Web Application:

  • Web applications that need to access services, protected by a user’s Google or Google Apps (hosted) account, can do so using the Google Authentication service.
  • Google offers two libraries for handling authentication:
  1. OAuth
  2. AuthSub

Our focus will be on OAuth.

Universality:
If an application accesses other service providers as well as Google, OAuth is used to avoid having to set up multiple authentication mechanisms.

Security:
AuthSub allows for registered and unregistered access, offering several options with regard to security requirements.
Where else OAuth requires web applications to register with Google and sign all requests.

OAuth Core 1.0

The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers API.

On October 3rd, 2007 the OAuth Core 1.0final draft was released. Libraries are already available for many popular platforms such as

  • Java
  • PHP
  • C
  • Python
  • .NET
  • Perl

EndPoints in OAuth:

The following methods make up Google’s OAuth endpoints:

  • OAuthGetRequestToken
  • OAuthAuthorizeToken
  • OauthGetAccessToken

An OAuth access token acquired from Google is intended to be used for all future interactions with the specified Google service for that user. There can be 10 valid tokens (per user, per web application) for multiple service accessing.

Working with OAuth:

  • Setting Up OAuth Authentication
  1. Register your web application
  2. Set up a mechanism to manage OAuth tokens
  3. Determine the scope required by the Google service to be accessed
  4. Set up a mechanism to request and receive OAuth tokens
  5. Implement federated login. (optional)
  6. Set up a mechanism to request access to a Google service
  • Signing OAuth Requests
  • Testing and debugging OAuth requests
  • Revoking an OAuth Access Token
The following methods make up Google’s OAuth endpoints:

OAuthGetRequestToken
OAuthAuthorizeToken
OauthGetAccessToken
An OAuth access token acquired from Google is intended to be used for all future interactions with the specified Google service for that user. There can be 10 valid tokens (per user, per web application) for multiple service accessing.

Advertisements
Categories: Authentication
  1. August 8, 2009 at 6:45 am

    Nice work. Good to see you posting on the blog.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: