From eBower Wiki
Jump to: navigation, search
(Created page with "Storing passwords locally is a Very Bad Idea™ unless you're a full-time IT guy. Password reuse is a big problem, and no matter what you think you're storing your passwor...")
 
 
Line 1: Line 1:
 
Storing passwords locally is a Very Bad Idea™ unless you're a full-time IT guy. Password reuse is a big problem, and no matter what you think you're storing your passwords incorrectly. So is Google, but they have a large team of full-time IT guys on it. And you can use their password database to make sure there's one less password (including [http://www.google.com/landing/2step/ 2FA]) you need to remember. This page is designed to help you add authentication to your own web apps instead of relying on rather scary mechanisms to store the same password you use for your bank on your home server.
 
Storing passwords locally is a Very Bad Idea™ unless you're a full-time IT guy. Password reuse is a big problem, and no matter what you think you're storing your passwords incorrectly. So is Google, but they have a large team of full-time IT guys on it. And you can use their password database to make sure there's one less password (including [http://www.google.com/landing/2step/ 2FA]) you need to remember. This page is designed to help you add authentication to your own web apps instead of relying on rather scary mechanisms to store the same password you use for your bank on your home server.
  
I choose the [https://developers.google.com/+/web/signin/ Google+ Sign-In mechanism]. First, go to the [https://console.developers.google.com/project Google Developers Console] and follow [https://developers.google.com/+/web/signin/javascript-flow#step_1_create_a_client_id_and_client_secret this workflow]. Once you're done, under APIs and Auth you can click "credentials." Find the "Client ID" (it looks like a mess of random characters ending in <tt>.apps.googleusercontent.com</tt>) and copy that value to the client ID into your code or into an ini file in <tt>/etc/</tt>. You can see my [[INSTEON]] or [[Stoker_mon]] pages for example apps.
+
I choose the [https://developers.google.com/+/web/signin/ Google+ Sign-In mechanism]. First, go to the [https://console.developers.google.com/project Google Developers Console] and follow [https://developers.google.com/+/web/signin/javascript-flow#step_1_create_a_client_id_and_client_secret this workflow]. Once you're done, under APIs and Auth you can click "credentials." Find the "Client ID" (it looks like a mess of random characters ending in <tt>.apps.googleusercontent.com</tt>) and copy that value to the client ID into your code or into an ini file in <tt>/etc/</tt>. You can see my [[INSTEON/controller]] or [[Stoker_mon]] pages for example apps.
  
 
Now you should be able to open up the application page on your web server and see the Google+ login button. Click on it, and log in. You'll be presented with a "Sorry, not authorized." message including your user ID. You can view your profile by entering that ID after <tt>https://plus.google.com/</tt>. If things are working, you can add that ID to your authenticated user list (I use that same <tt>/etc/blah.ini</tt> file).
 
Now you should be able to open up the application page on your web server and see the Google+ login button. Click on it, and log in. You'll be presented with a "Sorry, not authorized." message including your user ID. You can view your profile by entering that ID after <tt>https://plus.google.com/</tt>. If things are working, you can add that ID to your authenticated user list (I use that same <tt>/etc/blah.ini</tt> file).
Line 7: Line 7:
 
Finally, try refreshing the page and see if you can log in.
 
Finally, try refreshing the page and see if you can log in.
  
In my [[INSTEON]] project on GitHub you can see <tt>index.php</tt> to see how to present the button, and <tt>insteon.php</tt> to see how I check the token against Google's APIs and then set a PHP session to let it flow through to other pages without needing additional API calls.
+
In my [[INSTEON/controller]] project on GitHub you can see <tt>index.php</tt> to see how to present the button, and <tt>insteon.php</tt> to see how I check the token against Google's APIs and then set a PHP session to let it flow through to other pages without needing additional API calls.

Latest revision as of 19:58, 29 March 2015

Storing passwords locally is a Very Bad Idea™ unless you're a full-time IT guy. Password reuse is a big problem, and no matter what you think you're storing your passwords incorrectly. So is Google, but they have a large team of full-time IT guys on it. And you can use their password database to make sure there's one less password (including 2FA) you need to remember. This page is designed to help you add authentication to your own web apps instead of relying on rather scary mechanisms to store the same password you use for your bank on your home server.

I choose the Google+ Sign-In mechanism. First, go to the Google Developers Console and follow this workflow. Once you're done, under APIs and Auth you can click "credentials." Find the "Client ID" (it looks like a mess of random characters ending in .apps.googleusercontent.com) and copy that value to the client ID into your code or into an ini file in /etc/. You can see my INSTEON/controller or Stoker_mon pages for example apps.

Now you should be able to open up the application page on your web server and see the Google+ login button. Click on it, and log in. You'll be presented with a "Sorry, not authorized." message including your user ID. You can view your profile by entering that ID after https://plus.google.com/. If things are working, you can add that ID to your authenticated user list (I use that same /etc/blah.ini file).

Finally, try refreshing the page and see if you can log in.

In my INSTEON/controller project on GitHub you can see index.php to see how to present the button, and insteon.php to see how I check the token against Google's APIs and then set a PHP session to let it flow through to other pages without needing additional API calls.