I'm looking for the easiest way to authenticate against google oAuth 2.0 implementation for the purpose of accessing the google Drive API. These are the constraints:
It has to be .NET 2.0 compatible
Can not use the google libraries
I'll be using a service account to do work on behalf of specific users
I've looked at DotNetOpenAuth, but the version for the .NET 2.0 runtime doesn't seem to support oAuth 2.0 (google has deprecated oAuth v1, which DNOA supports, of course).
Google's documentation is confusing, at best (witholding explitives here).
Not sure if this will help but the since you mentioned direct JSON, XML, etc. Google has a UI that simulates and generates requests as well as provides some limited documentation that might get you started on creating such code:
https://developers.google.com/apis-explorer/#p/
https://developers.google.com/oauthplayground/
The following provides some additional info on the login:
https://developers.google.com/accounts/docs/OAuth2Login
Far from exhaustive but it's a start if that's your angle.
Related
I'd like to use the Google Drive API in my C# desktop application. However, I've found the official Google SDK on NuGet to have more dependencies than I'm comfortable with (adding it to my VS2010 project adds 10 additional NuGet packages). I fear these dependencies will clash with other dependencies as my solution grows.
Is there an alternative to this approach that utilizes less dependencies?
Can I utilize a different OAuth 2.0 library or must I use Google's OAuth sdk? Is there anything special about Google's OAuth 2.0 implementation that would hinder the ability to use an alternative OAuth 2.0 library?
Is there an alternative to this approach that utilizes less dependencies?
You could certainly write your own API using the HttpClient combined with the Drive API. The API uses simple Get/Post/Put/Delete/Patch http methods to change files in the google drive.
Can I utilize a different OAuth 2.0 library or must I use Google's OAuth sdk?
Depends. If you wrote your own, then you can use (or write) any OAuth client. The http methods must include the OAuth information in the requests, so writing your own gives you that type of access.
If you are looking for an actual product recommendation, that would be an off topic question (do not ask #5) for stack overflow.
Update
Let talk about how OAuth works at a very very high level. Once the user authorizes your code to impersonate (for lack of better terminology), you get a Authorization Code, which you use to get an Exchange Token.
The Token is the important part. If a pre-build framework does not have any way for you to specify what the Token is it doesn't matter.
If you wanted to authenticate your request yourself, say using C#, when you make a call to access Google Drive API, you'd want to add the Authorization to the Google Headers (or QueryString, but I personally don't like to use the Querystring):
GET /plus/v1/people/me HTTP/1.1
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
Host: googleapis.com
Rolling your own is not too onerous.
All of the http calls are documented on this page https://developers.google.com/accounts/docs/OAuth2, in combination with the sub-page specific to your scenario (eg. embedded, web, etc).
Once you think you understand it, go to the excellent Oauth Playground at https://developers.google.com/oauthplayground/ and watch the http traffic.
Provided you can make http calls that match what you see in the playground, you're diamond.
Most of the effort is in handling the various states that your app may encounter:-
invalid grant (eg. Google expired the refresh token)
token expiration
timeouts
user declined auth
You have a choice at the http level. You can use C#'s http directly, or you could use the Google http libraries as mentioned by Erik.
I'm looking for an OAuth2 client API I can use in C#, and I came across Googles: http://code.google.com/p/google-api-dotnet-client/wiki/OAuth2
It talks about how to use it to integrate with OAuth for various Google services, but can this library also be used for non-Google OAuth services?
You probably can use for example OAuth2Authenticator.ApplyAuthenticationToRequest() but it will be tricky and not worth the effort. I would rather suggest taking a look at DotNetOpenAuth which supports OAuth2 (and is used by StackOverflow).
I was googling after a Google Apps API .NET client and found the following one which seems rather old.
The Google Data page (which is the API that the mention client uses) states the following:
Most newer Google APIs are not Google Data APIs. The Google Data APIs documentation applies only to the older APIs that are listed in the Google Data APIs directory. For information about a specific new API, see that API's documentation. For information about authorizing requests with a newer API, see Google Accounts Authentication and Authorization.
Does that mean that the Google Data APIs will be obsoleted?
Should I use another API/Client instead?
https://developers.google.com/google-apps/contacts/v3/ (newest API) does not list any .NET client implementations.
The Contacts API v3 is still a Google Data API and as such it is supported by the .NET library for the Google Data API:
http://code.google.com/p/google-gdata/
The documentation at https://developers.google.com/google-apps/contacts/v3/ has examples in .NET to help you get started with that.
Just to clarify, the Contacts API v3 and Google Data APIs in general are not obsolete, however it is likely that new versions of them (or new APIs) will be be JSON-based instead and use the new client libraries.
I would like to use oAuth as a system to allow developers access to my API but not require them to pass through the login information.
There does not seem to be any good how-to's or blogs on this topic. Everything I have found is based on consuming an oAuth system such as Facebook or twitter. Wondering if anyone has any links to good instructions or libraries that could get me started. If there are no examples out there perhaps someone could consider writing one, the community really needs it.
Using OAuth to login is actually a side-effect, not the main goal of the protocol. The best place to start with providing an OAuth-protected API is the protocol specification and since this is a new service, you should take a look at OAuth 2.0 1. It is pretty much done and ready for deployment.
To implement OAuth 2.0 you will need to make a few important decisions about which features you are going to support and your scaling needs. There are also a lot of security considerations to go through. I would suggest you start with supporting the authorization code and implicit grant types.
I would look into DotNetOpenAuth. It should work for your needs, but I've only used it for the OpenID stuff.
I have been doing a bit of searching around on oauth2 and think it may be a good fit for some WCF rest services I am building out that will be consumed by some WPF apps and MVC web apps. The idea would be that the user is initially asked to login with their username / password and receives an access token which gives them access to the aforementioned resource(s).
Searching around here on SO I have not found much information on oauth2 except for a few consumer related questions to facebook etc.
I'm wondering if anybody can provide some tips on implementing oauth2 (or knows of any good resources). I am interested in both the provider (authenticating and issuing access tokens) as well as the client/consumer end.
.NET OAuth2 Libraries
The only OAuth2 library I found is from dotnetopenauth which also seems to be heavily into openid. At this stage I'd rather a library that is a little lighter and just emcompasses oauth2
Are there any other oauth2 libraries available yet?
There's OAuth .NET