(Created page with "Storing passwords locally is a Very Bad Idea™ unless you're a full-time IT guy. Password reuse is a big problem, and no matter what you think you're storing your passwor...")
Revision as of 20:55, 29 March 2015
Storing passwords locally is a Very Bad Idea™ unless you're a full-time IT guy. Password reuse is a big problem, and no matter what you think you're storing your passwords incorrectly. So is Google, but they have a large team of full-time IT guys on it. And you can use their password database to make sure there's one less password (including 2FA) you need to remember. This page is designed to help you add authentication to your own web apps instead of relying on rather scary mechanisms to store the same password you use for your bank on your home server.
I choose the Google+ Sign-In mechanism. First, go to the Google Developers Console and follow this workflow. Once you're done, under APIs and Auth you can click "credentials." Find the "Client ID" (it looks like a mess of random characters ending in .apps.googleusercontent.com) and copy that value to the client ID into your code or into an ini file in /etc/. You can see my INSTEON or Stoker_mon pages for example apps.
Now you should be able to open up the application page on your web server and see the Google+ login button. Click on it, and log in. You'll be presented with a "Sorry, not authorized." message including your user ID. You can view your profile by entering that ID after https://plus.google.com/. If things are working, you can add that ID to your authenticated user list (I use that same /etc/blah.ini file).
Finally, try refreshing the page and see if you can log in.
In my INSTEON project on GitHub you can see index.php to see how to present the button, and insteon.php to see how I check the token against Google's APIs and then set a PHP session to let it flow through to other pages without needing additional API calls.