I have a Dropbox account which was created by logging in via the Google account. So, my Dropbox account is linked to the Google account.
I have an android application and my users can create their accounts either via Google/Facebook.
The question is,if it is possible for the user to login to our app once via his Google Account, and then using these same underlying google's credentials the user automatically gets logged in to Dropbox Account [Maybe a simple 'OK' button authentication is needed], so that they need not enter their login credentials twice?
I am planning to implement this using oAuth. Any guidance on whether is possible or not will be helpful. I am not expecting code but some guidance.
In general what you are asking is not possible.
The credentials/assertions that Google issues are for a specific app and only that app should accept those credentials.
So when a user signs into your app, you get a credentials from Google that says this is for your app. Also Dropbox accepts credentials from Google that was issued for Dropbox. Your app can not convert one into another (if it could this would be a big security issue e.g. one app could sign into a user's all other apps/account that accept Google credentials for expalple bank account).
What you want to do is integrate with the OAuth Apis that are from Dropbox and when the user is going through them try to prefill information to make the flow easier. If you send "user email" to Google OAuth flow (to get user signed into dropbox) for the same user (who is signed in) they could go through the flow easily. https://developers.google.com/identity/protocols/OpenIDConnect#sendauthrequest
Related
I sent an app to review in google play console, and I got an email saying.
Issue: Need login credentials for app review
In order for us to review your app for compliance with Developer Program Policies, we will need you to provide valid login credentials for your app.
If users need credentials to access your app, please provide all appropriate credentials via Play Console.
If you previously supplied credentials, please ensure that they have not expired.
If your app normally uses 2-Step Verification (e.g. SMS verification), biometrics (e.g. a fingerprint or face scan) or a location-dependent password (e.g. geo-gate), please provide valid demo credentials that we can use instead.
We could not access in-app content due to app connection error
knowing that i already set a login credentials. the problem is that the credentials are working for me. i don't use a google sign in or something else to login. i use my api to login to the app.
I have an app where a user needs to log in with a google account & purchase premium (play billing) for accessing premium features. Everything works perfectly.
Recently playstore force developers to submit app credentials to test if the app has certain functions which require authentication.
If my app has a normal email and password for auth then I'll submit to google play a test user's e-mail and password from my backend server. But now It's Google Sign in. I don't know any test google account which uses app reviewers. The doc has no information about that.
In this situation, should I have to submit my personal google account and password to review app authentication (because it was added to the test licence in the GooglePlay developer console)?
or there is some test google email account from (playstore app reviewer) for whitelisting on my server-side?
You Just need to tell them to "login using Google Account" in "Any other instruction" field, as shown below, you don't have to create a test account for this. I tried this many times before.
So I was stuck on this issue for about a whole month, I couldn't update my production app.
Google documentation clearly state that Note that you do not need to provide credentials if your app supports "Sign-in with Google,” which enables the crawler to log in automatically. However this was not the case for me.
I tried:
Going with the 1st option that - No special access is required. - Never worked
2nd option - Stating the the app requires Google login (didn't submit any credentials). - Never worked
Eventually, what worked was - I created another email account on my mobile device. Then submitted the credentials to Google.
Point to note - ensure the email account you create doesn't contain any 2 factor authentication or verification as this won't work.
I noticed that you do not need to do this in the case of a Google account.
If you see the pre-launch reports in the Google Play console, and watch the replay of the test, you will see that when the Google Play robot encounters the Google Account login screen, they will have an account with a #cloudtestlabaccounts.com email that they will use to login as seen on the below image:
As you can see, Google Play robots have Google accounts available to them to login and therefore you do not need to put as special access, unless if you are using non-Google accounts to login.
I personally use Google Accounts as login and never submitted any login information and they didn't have any issue with this.
I created a Google account specifically for app testing purposes. I use it for both Android and iOS. You submit the credentials for that account for review. After your app is approved, you can always change the password and just update the credentials when you submit the app for review again.
I tried submitting use "google login" in any other instructions field but it didn't work.
What worked was I created a demo google account and submitted the email and password. Also, wrote use "google login" in any other instructions.
hope it helps
In my android device I have logged in with google account A (example:-a#gmail.com).
In my app before I have my initial login screen from there I'm going to google flow based on provided email.
If I provide a#gmail.com(this account already logged in my device google account) then I able to go forward without asking the google account chooser list.
But If I provided some other y#gmail.com (which my device didn't register) then it is navigating to account chooser screen from there I can choose select another account option (basically I want skip this account chooser). I got to know that we can use "login_hint" option for the same, but I didn't get how to use.
I followed this
https://developers.google.com/identity/sign-in/android/
similar way I'm trying to connect to google.
GoogleSignInOptions, GoogleSignInAccount etc.
how can we bypass the account chooser list with non registered account while signing with google.
I am working on an android app and want to authenticate the user via Google sign in.
Is there a way where i don't have to use any server, rather just add list of Gmail accounts somewhere on Google's developers account and only those users will be able to use my app, whose accounts are in my list.
is this how fire base works?
You'll always need a server to authenticate the users with. If you want to restrict your app to certain users, maybe try closed alpha/beta testing?
I'm using the Android AccountManager to authenticate a users google account for access to Google Drive. However, I want to allow the user to access Drive accounts that are not on their phone. For example, I have a work google account that is not on my phone, but I would like to use in my app. Is there a way to allow users to authenticate accounts that are not necessarily stored in the AccountManager?
Thanks
Perhaps you could add another Google account to phone and allow user to select which account to use. If this option doesn't satisfy you and you really want to authenticate to Google Drive accounts not on phone you must then use OAuth.
If you also really, but really, want to use AccountManager facility in your app you have to make an account type that behaves like the following:
When you create a new account you open a browser widget and perform an OAuth cycle with Google Drive, then store the token in secure store
When you request a token via getAuthToken() it either releases you the stored token or triggers a token refresh cycle using OAuth
This has its security drawbacks: better perform OAuth cycle without AccountManager and store tokens in app memory