Difference between revisions of "Google OAuth 2.0"

From NovaOrdis Knowledge Base
Jump to: navigation, search
(Authorization Code Grant Type)
(Authorization Code Grant Type)
Line 15: Line 15:
 
This returns the JS code that starts the "IDP Frame".
 
This returns the JS code that starts the "IDP Frame".
  
  GET /o/oauth2/iframerpc?action=checkOrigin&origin=http%3A%2F%2Fnombp3.local%3A3002&client_id=7777777777777-a7a7a7a7a7a7a7a7a7a7a7a7a7a7a7a.apps.googleusercontent.com
+
  GET /o/oauth2/iframerpc?action=checkOrigin&origin=http%3A%2F%2Ftestclient.novaordis.s3.amazonaws.com&client_id=7777777777777-a7a7a7a7a7a7a7a7a7a7a7a7a7a7a7a.apps.googleusercontent.com
  
 
client_id value is hardcoded in the client application (js/gutil.js).
 
client_id value is hardcoded in the client application (js/gutil.js).
Line 34: Line 34:
 
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
 
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
  
{"valid":false}
+
{"valid":true}
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 
If the client is deemed valid:
 
If the client is deemed valid:
  
  GET /o/oauth2/iframerpc?action=listSessions&client_id=7777777777777-a7a7a7a7a7a7a7a7a7a7a7a7a7a7a7a.apps.googleusercontent.com&origin=http%3A%2F%2Flocalhost%3A3002&scope=openid%20profile%20email&ss_domain=http%3A%2F%2Flocalhost%3A3002
+
  GET /o/oauth2/iframerpc?action=listSessions&client_id=7777777777777-a7a7a7a7a7a7a7a7a7a7a7a7a7a7a7a.apps.googleusercontent.com&origin=http%3A%2F%2Ftestclient.novaordis.s3.amazonaws.com&scope=openid%20profile%20email&ss_domain=http%3A%2F%2Ftestclient.novaordis.s3.amazonaws.com
 +
 
 +
At this point we get "Sign in with Google" and the browser waits.

Revision as of 00:16, 17 May 2019

Internal

Overview

Call Sequences

Authorization Code Grant Type

Experimental:

GET /o/oauth2/iframe

This returns the JS code that starts the "IDP Frame".

GET  /o/oauth2/iframerpc?action=checkOrigin&origin=http%3A%2F%2Ftestclient.novaordis.s3.amazonaws.com&client_id=7777777777777-a7a7a7a7a7a7a7a7a7a7a7a7a7a7a7a.apps.googleusercontent.com

client_id value is hardcoded in the client application (js/gutil.js).

Response:

:status: 200
content-type: application/json; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 16 May 2019 22:30:28 GMT
date: Thu, 16 May 2019 21:30:28 GMT
cache-control: public, max-age=3600
content-language: en-US
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"

{"valid":true}

If the client is deemed valid:

GET /o/oauth2/iframerpc?action=listSessions&client_id=7777777777777-a7a7a7a7a7a7a7a7a7a7a7a7a7a7a7a.apps.googleusercontent.com&origin=http%3A%2F%2Ftestclient.novaordis.s3.amazonaws.com&scope=openid%20profile%20email&ss_domain=http%3A%2F%2Ftestclient.novaordis.s3.amazonaws.com

At this point we get "Sign in with Google" and the browser waits.