0

I want to validate google apps user's username and password for custom login page(SSO Login) using SAML Protocol.

Options I tried:

1) Google ClientLogin library which is working till April 20, 2015 but after that it was deprecated.

2) Android play services authentication using this url: https://android.clients.google.com/auth. More detailed article

3) Connect using SMTP. Code snippet extracted from the post:

    username = 'emailsmtplibtest@gmail.com'
    password = 'passtest'   
    from_addr = 'emailsmtplibtest@gmail.com'    
    server = smtplib.SMTP('smtp.gmail.com', 587)
    server.ehlo()
    server.starttls()
    server.login(username,password)

But its not promising as user can disable "Access for less secure apps" which will fail when we use SMTP.

Is there any other way or API to validate google apps user's username and password ?

Community
  • 1
  • 1
Sagar Kanabar
  • 464
  • 4
  • 18
  • This *might* help: http://stackoverflow.com/questions/25442786/what-is-the-difference-between-google-identity-toolkit-google-oaauth-and-google/31053422#31053422 – Dan Cornilescu Jan 27 '16 at 15:46
  • What do you mean validate? You want the user to give you their google password? I certainly would uninstall an app that asked for that. You shouldn't need to know the user's password - what is the larger goal here? – nasch Jan 27 '16 at 20:52
  • @DanCornilescu Thanks for your reply but not find any relevant content which will validate username and password. – Sagar Kanabar Jan 28 '16 at 14:11
  • @nasch This is how single sign on SAML works – Kartik Domadiya Jan 28 '16 at 14:15
  • @Kartik My mistake. Sagar, what is the problem with option 2? – nasch Jan 28 '16 at 22:01
  • @nasch with option 2 if user is administrator of google apps with wrong password got response "Error=BadAuthentication" and with right password got response "Error=BadAuthentication Info=WebLoginRequired" or some token response but user is not administrator of google apps then it will be always got response "Error=BadAuthentication Info=WebLoginRequired" – Sagar Kanabar Jan 29 '16 at 03:48
  • This is how SAML *can* work but it is definitely not recommend practice to ask users for their passwords to other services. – abraham Jan 29 '16 at 19:53

0 Answers0