javascript - Google+ vs Google Identity Platform API -

-

tl;dr: can explain difference in implementing client-side google login flow between these 2 platforms?

the backstory:

i've been trying implement client-side google sign in website. first, implemented google+ platform global settings using tags, user session monitored. got info here: https://developers.google.com/+/web/signin/

however, encountered problem site automatically check user login state if user not logged in, resulted in many 'toastr' messages of 'logged out', implemented in signincallback function. pretty annoyting.

so did research , stumbled across 'quick start app' , browsed through it. way more complicated guide, many elements documented on google identity platform, here: https://developers.google.com/identity/sign-in/web/reference

now don't understand correct way of implementing login - lightweight google+ button tag callback check user state, or robust gip way listeners, gapi instances , all? different these platforms offer?

both google+ platform sign-in (gapi.auth) , identity platform (gapi.auth2) related , work similarly.

the chief differences between 2 are:

gapi.auth2 supports more modern javascript (listeners , promises) can this:

var signinchanged = function (val) {   console.log('signin state changed ', val);   document.getelementbyid('signed-in-cell').innertext = val; };  auth2.issignedin.listen(signinchanged);

...auth2 has more explicit syntax give more control on behavior:

gapi.load('auth2', function() {   auth2 = gapi.auth2.init({     client_id: 'client_id.apps.googleusercontent.com',     fetch_basic_profile: true,     scope: 'profile'   });    // sign user in, , retrieve id.   auth2.signin().then(function() {     console.log(auth2.currentuser.get().getid());   }); });

and auth2 provides basic profile support without needing api call:

if (auth2.issignedin.get()) {   var profile = auth2.currentuser.get().getbasicprofile();   console.log('id: ' + profile.getid());   console.log('name: ' + profile.getname());   console.log('image url: ' + profile.getimageurl());   console.log('email: ' + profile.getemail()); }

in short, recommend using approaches documented @ https://developers.google.com/identity/sign-in/, such https://developers.google.com/identity/sign-in/web/.

implementing login correctly depend on kind of sign-in want:

  • client-only, can use javascript/ios/android clients
  • hybrid client-server auth, need implement similar 1 of quickstarts

if doing client-only, should pretty simple: authorize user , access resources using api client. if doing more sophisticated, e.g. managing sessions , forth, should use id tokens api client authorize user's session after authorizing server using authorization code.


Comments

Post a Comment

Popular posts from this blog

c++ - No viable overloaded operator for references a map -

-
i trying use map can make tag names reference number. when try , use it, in code error (6 in total every time reference map): src/main.cpp:25:45: error: no viable overloaded operator[] type 'std::map<std::string, std::string>' const char* idcs = node.child_value(tagmap[3]); this code: #include "pugi/pugixml.hpp" #include <iostream> #include <string> #include <map> int main() { pugi::xml_document doca, docb; std::map<std::string, pugi::xml_node> mapa, mapb; std::map<std::string, std::string> tagmap {{"1", "data"}, {"2", "entry"}, {"3", "id"}, {"4", "content"}}; if (!doca.load_file("a.xml") || !docb.load_file("b.xml")) { std::cout << "can't find input files"; return 1; } (auto& node: doca.child(tagmap[1]).children(tagmap[2])) { co
Read more

java - Custom OutputStreamAppender not run: LOGBACK: No context given for <MYAPPENDER> -

-
i wish write custom appender on basis of outputstreamappender . wrote following class package tests; import java.io.ioexception; import java.io.outputstream; import ch.qos.logback.core.outputstreamappender; public class myappender<e> extends outputstreamappender<e> { public myappender() { system.out.println("myappender created"); setoutputstream(new outputstream() { @override public void write(int b) throws ioexception { throw new unsupportedoperationexception(); } }); } } then wrote following runner: package tests; import org.slf4j.loggerfactory; import ch.qos.logback.classic.logger; public class runner { private static final logger log = (logger) loggerfactory.getlogger(runner.class); public static void main(string[] args) { //log.addappender(new myappender<iloggingevent>()); log.info("hello world"); } } finall
Read more

java - Cannot secure connection using TLS -

-
i'm trying establish secure socket connection between java client applet (built jdk 1.7.0_75-b13) , vc++ server application. as test vehicle, used vc++ client/server sample found in msdn forums, modified use schannel , able establish socket using cipher suite tls_rsa_with_aes_128_cbc_sha. works of tls 1.0/1.1/1.2. when try opening socket java applet same server application, connection rejected server reporting following: tls 1.0 acceptsecuritycontext failed: 0x80090327 tls 1.1 acceptsecuritycontext failed: 0x80090331 tls 1.2 acceptsecuritycontext failed: 0x80090331 this java code used create socket: debugprint("setting secure connection"); sslsocketfactory sslsocketfactory = (sslsocketfactory) sslsocketfactory.getdefault(); sslsocket sslsocket = (sslsocket) sslsocketfactory.createsocket("127.0.0.1", socketnumber); debugprint("starting handshake"); sslsocket.settcpnodelay(true); sslsocket.setsolinger(false, 0); sslsocket.s
Read more