1

I'm developing a (so far) intra-company website that needs authentication (i.e. a limited set of users are allowed to use it). I don't want to force the users to have a new username/password pair for only this service. The company already uses company-branded Google Mail for e-mail, so every user already has a Google account: my "cunning plan" is let Google authenticate the users.

I found this great question and answer so I know (or at least have an idea) on how to verify on the server side that the web session was authenticated by Google. What I don't know: how to get that accessToken on the client side? How to detect if the user already logged in to Google, and if not, how to present the Google login form to the user?

I found the Using OAuth 2.0 to Access Google APIs documentation, but I don't quite understand this sentence: "The authorization sequence begins when your application redirects a browser to a Google URL; the URL includes query parameters that indicate the type of access being requested.". What is this URL?

I'm fairly new to web development and JavaScript, unfortunately.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
user2414208
  • 425
  • 6
  • 19
  • All that sentence is saying that you just need to have a login button that passes credentials to Google for authorization, or redirects to Google so that users can input their credentials (safer way) – beefoak Oct 03 '18 at 12:52

1 Answers1

0

"The authorization sequence begins when your application redirects a browser to a Google URL; the URL includes query parameters that indicate the type of access being requested.".

Your application will need to open a webpage which will display a consent screen to the user. This page is opened on Googles identity server not your own. You have probably seen this before.

enter image description here

The url is built up using the client id and redirect URI that you set up on your project in the Google developer console.

https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code

you might find this blog post interesting Google 3 Legged OAuth2 Flow

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • I created an OAuth 2.0 client ID and tried the URL in browser, but got this error: "The redirect URI in the request, urn:ietf:wg:oauth:2.0:oob, can only be used by a Client ID for native application. It is not allowed for the WEB client type." I'm not quire sure what I'm doing wrong. The type of the client ID is "Web application". – user2414208 Oct 03 '18 at 14:01
  • 1
    I need to use the actual URL of the webserver in the `redirect_uri` parameter, that solves the problem. Thanks! – user2414208 Oct 03 '18 at 14:44