Cross-Platform Authentication with Google+ Sign-In

Click here to load reader

  • date post

    06-May-2015
  • Category

    Technology

  • view

    1.598
  • download

    2

Embed Size (px)

description

This presentations outlines how Google+ Sign-In allows your users to sign in once and then be signed in seamlessly across all of your apps. The session takes a look at Google+ Sign-in authentication models and highlights common pitfalls and best practices.

Transcript of Cross-Platform Authentication with Google+ Sign-In

  • 1.Cross-Platform Auth with Google+ Sign-In Google+ Platform Peter Friese - Developer Advocate

2. Peter Friese - Developer Advocate +PeterFriese @peterfriese http://www.peterfriese.de 3. What is Google+ ? 4. https://www.ickr.com/photos/dainbinder/10538549606/ 5. http://openclipart.org/detail/26329/aiga-immigration-bg-by-anonymous 6. What is Authentication? 7. What is Authentication? (greek): ! that comes from the author / authentic /original /genuine Authentication: ! The act of conrming the truth of an attribute of a datum or an entity. datum or an entity. 8. Authentication Factors Ownership Knowledge Inherence https://www.ickr.com/photos/europealacarte/9152848988/ https://www.ickr.com/photos/gcfairch/3595771919/https://www.ickr.com/photos/z0/5055081370/ 9. Authentication - How hard can it be? https://www.ickr.com/photos/isherwoodchris/7018779395/ 10. Quite hard, actually! https://www.ickr.com/photos/govwin/5609940697/ Things to consider Encrypt trafc Hash + salt passwords Two-factor auth Account recovery http://upload.wikimedia.org/wikipedia/commons/4/41/Space_Shuttle_Columbia_launching.jpg 11. You might end up in the News 12. On the shoulders of Giants https://www.ickr.com/photos/govwin/5609940697/ Use an identity provider Easier for you Easier for the user Established, trusted brand Focus on your business model (rather than re-inventing the wheel) http://www.nasa.gov/centers/dryden/images/content/690557main_SCA_Endeavour_over_Ventura.jpg 13. KEEP CALMANDSIGN INWITH GOOGLE+ 14. Google+ Sign-in Features 15. Google: trusted brand 2-factor verication, using your phone Works alongside existing sign-in systems Secure Authentication Google+ Sign-in Features Learn more about your users (with their consent) 16. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features 17. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features 18. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features 19. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features OTA consent dialog 20. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features OTA consent dialog OTA installation 21. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features OTA consent dialog OTA installation 22. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features OTA consent dialog OTA installation Auto signed in on other device 23. Sign-in to web site Cross-Device Single Sign-on and Over-the-Air Install (OTA) Google+ Sign-in Features OTA consent dialog OTA installation Auto signed in on other device 24. How does Google+ Sign-in work? 25. AppUser Google Based on OAuth 2.0 How does Google+ Sign-in work? Consent Permission 26. AppUser Google Based on OAuth 2.0 How does Google+ Sign-in work? Consent Permission No password sharing Scoped access Revocable 27. Implementing Google+ Sign-in 28. Developer Console Project Setting up https://developers.google.com/console APIs Credentials iOS Client ID Android Client ID Web Client ID Branding Permissions Management 29. Developer Console Project Setting up https://developers.google.com/console APIs Credentials iOS Client ID Android Client ID Web Client ID Branding Permissions Management One project, multiple clients 30. Developer Console Project Setting up https://developers.google.com/console APIs Credentials iOS Client ID Android Client ID Web Client ID Branding Permissions Management One project, multiple clients Authorization is granted to your application, not a specific client! * Single user consent across devices * Cross-Device Single Sign-on * Available for Web & Android 31. You Google The Auth Triangle Connecting lines need authentication Client Server Google APIs 32. You Google Client Server Google APIs Client Authentication 33. Client Authentication 34. Create OAuth 2.0 client ID Link with Google Play Services API Setup Sign-In Overview Client Authentication: Android 35. SDK Architecture Client Authentication: Android iOS Your App Google APIs Google Play Client Library Google Play Services APK Authorize using existing accounts on Android device 36. mApiClient = new GoogleApiClient.Builder(this) .addConnectionCallbacks(this) .addOnConnectionFailedListener(this) .addApi(Plus.API, null) .addScope(Plus.SCOPE_PLUS_LOGIN) .build(); Java GoogleApiClient Lifecycle Client Authentication: Android onCreate() onStart() mApiClient.connect(); Java onStop() if (mApiClient.isConnected()) { mApiClient.disconnect(); } Java XML running 37. Handle connection failure Client Authentication: Android public void onConnectionFailed(ConnectionResult result) { if (!mIntentInProgress && result.hasResolution()) { try { mIntentInProgress = true; startIntentSenderForResult(result.getResolution().getIntentSender(), RC_SIGN_IN, null, 0, 0, 0); } catch (SendIntentException e) { // The intent was canceled before it was sent. Return to the default // state and attempt to connect to get an updated ConnectionResult. mIntentInProgress = false; mApiClient.connect(); } } } Java 38. Handle connection failure Client Authentication: Android public void onConnectionFailed(ConnectionResult result) { if (!mIntentInProgress && result.hasResolution()) { try { mIntentInProgress = true; startIntentSenderForResult(result.getResolution().getIntentSender(), RC_SIGN_IN, null, 0, 0, 0); } catch (SendIntentException e) { // The intent was canceled before it was sent. Return to the default // state and attempt to connect to get an updated ConnectionResult. mIntentInProgress = false; mApiClient.connect(); } } } Java User needs to select account, consent to permissions, ensure network connectivity, etc. to connect 39. Connection successful Client Authentication: Android public void onConnected(Bundle connectionHint) { // Retrieve some profile information to personalize our app for the user. Person currentUser = Plus.PeopleApi.getCurrentPerson(mApiClient); // Indicate that the sign in process is complete. mSignInProgress = STATE_DEFAULT; } Java 40. Create OAuth 2.0 client ID Integrate SDK Setup Sign-In Overview Client Authentication: iOS 41. iOS Your App Google APIs Google+ iOS SDK SDK Architecture Client Authentication: iOS Statically linked library 42. #import #import ! ... ! ! GPPSignIn *signIn = [GPPSignIn sharedInstance]; signIn.shouldFetchGoogleUserEmail = YES; ! signIn.clientID = @YOUR_CLIENT_ID; signIn.scopes = @[@"profile"]; signIn.delegate = self; Objective-C Congure Sign-In Client Authentication: iOS 43. Perform Sign-In, Option 1 (use our button) Client Authentication: iOS 44. Create own button / use action sheet / // trigger sign-in [[GPPSignIn sharedInstance] authenticate]; Objective-C Silent sign-in if user has signed in before: // silently sign in [[GPPSignIn sharedInstance] trySilentAuthentication]; Objective-C Perform Sign-In, Option 2 (create your own button) Client Authentication: iOS 45. Receiving the authorisation Client Authentication: iOS // In ApplicationDelegate - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation { return [GPPURLHandler handleURL:url sourceApplication:sourceApplication annotation:annotation]; } ! ! // GPPSignInDelegate - (void)finishedWithAuth:(GTMOAuth2Authentication *)auth error:(NSError *)error { if (!error) { NSString *gplusId = [GPPSignIn sharedInstance].userID; } } Objective-C 46. Create OAuth 2.0 client ID Include JavaScript client on your web page Add Google+ Sign-in button Handle callback Overview Client Authentication: Web 47. Browser Your site Google APIsplusone.js Architecture Client Authentication: Web 48.

!