"Application" or unattended account authorization
167 views
Skip to first unread message
Bitzo Phrenic
Jun 7, 2011, 12:34:24 AM6/7/11
to oauth...@googlegroups.com
Hello-
I'd like to find out if there is a way to automatically authenticate my account for use as an unattended or "application" account that would not present a UI waiting for a response. Is there an api or authentication flow for this? Currently i have only been able to use the web-based flow which me as the user must log in, and click "Allow Access" in order to get the access token. A pure example would be to have a scheduled task / cron job to delete old appointments from my calendar. (example only, not what i am trying to do, but the mechanism is the same - actual intention omitted due to complexity of explanation).
Thanks,
Nick
www.bitzophrenic.com
I'd like to find out if there is a way to automatically authenticate my account for use as an unattended or "application" account that would not present a UI waiting for a response. Is there an api or authentication flow for this? Currently i have only been able to use the web-based flow which me as the user must log in, and click "Allow Access" in order to get the access token. A pure example would be to have a scheduled task / cron job to delete old appointments from my calendar. (example only, not what i am trying to do, but the mechanism is the same - actual intention omitted due to complexity of explanation).
Thanks,
Nick
www.bitzophrenic.com
Andrew Wansley
Jun 7, 2011, 2:22:45 PM6/7/11
to oauth...@googlegroups.com
Hey Bitzo,
You can use OAuth 2.0 with role accounts, but it isn't really something we've optimized for yet. I'd suggest:
Initial setup:
1. Registering a client (installed app, for simplicity)
2. Signing in as your role account, and approving access to the relevant permissions to the client you registered
3. Swap the code you get through the installed app flow for a refresh token; burn the refresh token into your script
Runtime:
4. Use your client credentials and refresh token to fetch access tokens for your role account, downscoping as required
Does that make sense?
Bitzo Phrenic
Jun 7, 2011, 8:33:48 PM6/7/11
to oauth...@googlegroups.com
I think so. I'll review the flow again, but here is my initial reaction / understanding:
Get an access and refresh token. Use the refresh token from that point on? Sort of a 1-time priming of the application?
Get an access and refresh token. Use the refresh token from that point on? Sort of a 1-time priming of the application?
Andrew Wansley
Jun 7, 2011, 8:44:50 PM6/7/11
to oauth...@googlegroups.com
Yup! That's the idea.
Tino
Sep 13, 2011, 7:08:45 PM9/13/11
to oauth...@googlegroups.com
Hi Andrew
Am interested in that too, I know oAuth2 is still experimental but am wondering if we are going to have such feature in the future.
For example, linkedIn & Twitter have two different endpoints to do so, one called authorize that will need approval from the user every time, the other is authenticate, which will only need approval from the user once.
In both cases, user has to be logged in.
More on this:
https://developer.linkedin.com/documents/linkedins-oauth-details
https://dev.twitter.com/docs/auth/sign-in-with-twitter
If we can have something like this on Google, it will add lots of benefits to User Experience
http://www.zawya.com
Am interested in that too, I know oAuth2 is still experimental but am wondering if we are going to have such feature in the future.
For example, linkedIn & Twitter have two different endpoints to do so, one called authorize that will need approval from the user every time, the other is authenticate, which will only need approval from the user once.
In both cases, user has to be logged in.
https://developer.linkedin.com/documents/linkedins-oauth-details
https://dev.twitter.com/docs/auth/sign-in-with-twitter
If we can have something like this on Google, it will add lots of benefits to User Experience
http://www.zawya.com
Reply all
Reply to author
Forward
0 new messages