Création des Logiciels de gestion d'Entreprise, Création et référencement des sites web, Réseaux et Maintenance, Conception
Création des Logiciels de gestion d'Entreprise, Création et référencement des sites web, Réseaux et Maintenance, Conception
https://www.example.com/back?error=access_denied.
https://www.example.com/back?error=access_denied
. After this change, it will be returned as https://www.example.com/back#error=access_denied
. approval_prompt=force
and access_type=offline
parameters in an authorization code request.https://accounts.google.com/o/oauth2/auth?You can maintain the current behavior by changing the target URL to:
client_id=21302922996.apps.googleusercontent.com&
redirect_uri=https://www.example.com/back&
scope=https://www.google.com/m8/feeds/&
response_type=code
https://accounts.google.com/o/oauth2/auth?You may start including these parameters in authorization code requests today.
client_id=21302922996.apps.googleusercontent.com&
redirect_uri=https://www.example.com/back&
scope=https://www.google.com/m8/feeds/&
response_type=code&
access_type=offline&
approval_prompt=force
In March, we announced that all of the Google Web APIs adopted support for OAuth 2.0. It is the recommended authorization mechanism when using Google Web APIs.
Today, we are announcing the OAuth 2.0 Playground, which simplifies experimentation with the OAuth 2.0 protocol and APIs that use the protocol. Trying out some requests in the OAuth 2.0 playground can help you understand how the protocol functions and make life easier when the time comes to use OAuth in your own code.
Selecting the APIs to authorize
With the OAuth 2.0 Playground, you can walk through each step of the OAuth 2.0 flow for server-side web applications: authorizing API scopes (screen shot above), exchanging authorization tokens (screen shot below), refreshing access tokens, and sending authorized requests to API endpoints. At each step, the Playground displays the full HTTP requests and responses.
The OAuth Playground can also use custom OAuth endpoints in order to test non-Google APIs that support OAuth 2.0 draft 10.
OAuth configuration screen
You can click the link button to generate a link to a specific Playground state. This allows quick access to replay specific requests at a later time.
Generating a deep link to the playground’s current state
Please feel free to try the OAuth 2.0 Playground. We are happy to receive any feedback, bugs, or questions in the OAuth Playground forum.
Cross-posted from the Google Enterprise Blog
Google Apps is designed to provide a secure and reliable platform for your data. Until today, Google Apps administrators had to sign requests for calls to Google Apps APIs using their username and password (this is called ClientLogin Authorization).
Yet sharing passwords across sites can pose security risks. Furthering our commitment to make the cloud more secure for our users, today we are pleased to announce support for OAuth authorization on Google Apps APIs.
There are several advantages to using OAuth instead of the username/password model:
The Google Apps APIs that support the OAuth signing mechanism are:
OAuth support for Google Apps APIs is another step towards making Google Apps the most secure, reliable cloud based computing environment for organizations. To learn more about OAuth support and other administrative capacities launched in Google Apps this quarter, join us for a live webinar on Wednesday, September 29th at 9am PT / 12pm EST / 5pm GMT.
Administrators for Google Apps Premier, Education, and Government Editions can use OAuth authorization for Google Apps APIs starting today.For more information about the OAuth standard, visit http://oauth.net.
By Ankur Jain, Google Apps Team2013, By: Seo Master// Set up the HTTP transport and JSON factoryFinally, we are making available a Beta version of the open source Google HTTP Client Library for Java. This is the common HTTP client library that the above two libraries are built on, and is built to work with any API on the web. It features a pluggable HTTP transport abstraction that allows it to work seamlessly on any of the supported Java platforms, support for efficient JSON and XML data models for parsing and serialization, and a pluggable JSON and XML parser so you can use whatever works best for you. Please try it and send us your feedback.
HttpTransport httpTransport = new NetHttpTransport();
JsonFactory jsonFactory = new JacksonFactory();
// Set up OAuth 2.0 access of protected resources
// using the refresh and access tokens, automatically
// refreshing the access token when it expires
GoogleAccessProtectedResource requestInitializer =
new GoogleAccessProtectedResource(accessToken, httpTransport,
jsonFactory, clientId, clientSecret, refreshToken);
// Set up the main Google+ class
Plus plus = new Plus(httpTransport, requestInitializer, jsonFactory);
// Make a request to access your profile and display it to console
Person profile = plus.people().get("me").execute();
System.out.println("ID: " + profile.getId());
System.out.println("Name: " + profile.getDisplayName());
System.out.println("Image URL: " + profile.getImage().getUrl());
System.out.println("Profile URL: " + profile.getUrl());
The OAuth 2.0 Playground |
Setting the OAuth flow type |
Bearer
prefix and the access_token
URL parameter locations. This makes the playground compatible with most APIs supporting OAuth 2.0 drafts 10 to 25.Setting the access token location |
Displaying the available endpoints after being authorized for the Google+ API |
access_type
and the approval_prompt
parametersaccess_type
and the approval_prompt
parameters of the authorization request.Setting the access type and whether or not to force the approval prompt |
Enabling the access token auto-refresh feature |
Clicking a link populates the Request URI field |
HTTP 403
error response from our servers with the following in error included in the response body:
Error=BadAuthentication
Info=InvalidSecondFactor