Tag: oauth2.0
Google Sign In iOS 1.0.0
The new Google Sign In SDK for iOS is out! With a new version number, and separated from the old Google+ SDK, the Sign-In SDK should make it easier and faster to implement Google Sign-In in your app. Lets take a look at how to use it from Swift.
Understanding Service Accounts
Misconceptions about Google service accounts are at the heart of a number of problems I’ve seen developers having on Stack Overflow and various issue trackers. Hopefully this post will dispel some common misunderstandings, and break down what they are for.
Migrating Away From Userinfo
As part of the move to full OpenID connect support recently, the “userinfo” scopes and endpoint were deprecated and scheduled for shutdown in September 2014. If you are using the userinfo API endpoint to retrieve email address or profile information for a Google user, now is the time to change! Luckily, it’s just a few minutes of work to move from the userinfo API to the people.get API for most people, and wont affect users at all.
Incremental Auth and YouTube scopes
In my previous post I mentioned that there are two issues which have been made more visible by incremental auth. The first of these is fairly straightforward, but the second is a little more subtle. Incremental auth is a great feature for simplifying the consent screen that users see when they first sign in to an app, but it can also introduce a bit more complexity in some cases. An example of this is when requesting access to YouTube.
Are you using approval_prompt=force?
The recent launch of incremental auth has highlighted a couple of problems in the way some sites have implemented Google+ Sign-In or Google OAuth 2.0. The most obvious of these is that there are a fair number of places that use approval_prompt=force much more often than they should, which leads to a much worse user experience than there needs to be.
Device Sign-In With Google
Testing whether a user is signed in to Google
Postmessage & OAuth 2.0
As part of the release of Google+ Sign-In, some people have noticed that signing in via the Sign In button doesn’t redirect them to Google, then back to the site, as would have happened if they’d been using the basic OAuth 2.0 flows.