Home assignment3 : OAuth

Quickstart example »

Assignment text:

  1. Setup OAuth for Google Drive
  2. Open https://developers.google.com/drive/v3/web/quickstart/js
  3. Enable Google Drive OAuth Credientals
  4. Under your credientials, add http://users.metropolia.fi
  5. Copy-paste the step 2 code into the HTML file and store it to server (into users.metropolia.fi)
  6. Get the script working. What does it do and what you see on the screen?
  7. Play with the HTML + JS and show how you could utilize it for your mashup (No fancy graphics needed, but a real scenario with working code)
  8. What is OAuth, what it can be used for?
  9. How OAuth makes it possible not to reveal user's password / crendientials to the website?
  10. What OAuth service you will use in your Mashup and how?
See here

Answers:

The quickstart example can be found here.

6. The quickstart example request your Google credentials (in a pop-up) in order to access your Google drive account and print your files metadata.

7. In don't really if I can find a real utility in my project (All-about-a-place). But maybe we can think of a way to save the route to go to a place in a Google Doc.

8. OAuth is an open standard for authorization, applications can use OAuth in order for the client to connect third party application with secure access. OAuth works over HTTP and authorizes Applications, Devices, APIs and Servers with access tokens rather than credentials to increase the security.

9. The client will not reveal it's credentials to our application since OAuth authentication works as follow (example for login with Google or Facebook):

  1. An anonymous person enter our application
  2. He choose to login using a third party application (Google or Facebook)
  3. He clicks on the login button
  4. He is redirected to the provider website (Google or Facebook) generally in a popup
  5. He is prompted to accept some permissions (like accept that the application view your name and email address)
  6. If the permissions has been accepted, the user is redirected to our application along with an authorization code.
  7. Our application make a request to the identity provider’s API with the authorization code. And then we’ll be given an access token we can use to retrieve the user’s information

10. I don't know if it is relevant to use OAuth application in my project. I was thinking of using websockets. Maybe, as said before, use Google / Dropbox drive to permit the user to store places information or route, and other services to share them (facebook, tweeter, linkedin, ...)