Google Authentication Api’s
- Oauth Core 1.0
- Work Flow, Endpoints
- Working With OAuth
Authentication for Web Application:
- Web applications that need to access services, protected by a user’s Google or Google Apps (hosted) account, can do so using the Google Authentication service.
- Google offers two libraries for handling authentication:
Our focus will be on OAuth.
If an application accesses other service providers as well as Google, OAuth is used to avoid having to set up multiple authentication mechanisms.
AuthSub allows for registered and unregistered access, offering several options with regard to security requirements.
Where else OAuth requires web applications to register with Google and sign all requests.
OAuth Core 1.0
The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers API.
On October 3rd, 2007 the OAuth Core 1.0final draft was released. Libraries are already available for many popular platforms such as
EndPoints in OAuth:
The following methods make up Google’s OAuth endpoints:
An OAuth access token acquired from Google is intended to be used for all future interactions with the specified Google service for that user. There can be 10 valid tokens (per user, per web application) for multiple service accessing.
Working with OAuth:
- Setting Up OAuth Authentication
- Register your web application
- Set up a mechanism to manage OAuth tokens
- Determine the scope required by the Google service to be accessed
- Set up a mechanism to request and receive OAuth tokens
- Implement federated login. (optional)
- Set up a mechanism to request access to a Google service
- Signing OAuth Requests
- Testing and debugging OAuth requests
- Revoking an OAuth Access Token