Cloud Computing

Google developers OAuth 2.0 playground And OpenID Connect

Updates to Google Auth Platform’s usability and security

Google’s identity platform is used by millions of developers to authenticate users and grant access to hundreds of APIs. The platform is supported by one of the biggest implementations of the Google developers OAuth 2.0 playground protocol and associated OpenID Connect standard in the world, which give developers a dependable, secure, and easy way to interface. Google are thrilled to announce several enhancements that will further improve the platform’s usability and security.

Google developers OAuth 2.0 playground

Google Cloud Console’s simplified OAuth configuration

Developers must register their apps and websites in order to generate client credentials if they use Google Sign-in for authentication or to get user consent to contact Google APIs. Previously, OAuth configuration pages were located in the APIs & Services area for developers using the Google Cloud Console. These pages now include Google Auth Platform, a separate navigation area.

This version has shortened the time it takes to update app configurations, simplified the registration process for new projects, and added more useful developer guidance. A better onboarding wizard, streamlined OAuth scope management, and adjustments to speed up and improve transparency of app verification are just a few of the upcoming enhancements.

Your experience with Firebase or Apps Script stays the same for developers who utilise OAuth features through alternative consoles.

Modification to the presentation of OAuth client secrets

When requesting authorization and authentication, certain OAuth clients must use a “secret.” Protecting these strings is essential to guaranteeing the security and privacy of user accounts and data, as the client secret functions similarly to a password for a website or application.

In the past, Google Cloud Console, Firebase Console, and other locations inside Google developer tools have allowed developers to access and download their own client secrets. Google will begin hiding OAuth secrets in the Google Cloud Console’s client administration pages in June. Developer consoles will display the final few characters to assist identify them.

When OAuth client secrets are created, developers must download them and handle them securely. The majority of developers already use tools like Google Cloud Platform’s Secret Manager for this. The client secret won’t be displayed again after the creation screen has been closed.

It is important to remember that OAuth client secrets that grant access to user information or other production systems should never be shared extensively online or checked into version control systems. Secrets should be altered right away in the event of a leak and cycled on a regular basis.

Automatic removal of OAuth clients that are not in use

To improve security against credential theft and misuse, OAuth clients that are idle for six months will be automatically destroyed starting in June. When there are no more token exchanges, the six-month term will start.

Developers can restore clients up to 30 days after deletion and will be informed when a client is deleted due to inactivity.

A wonderful encounter for both you and your users

It’s improving your experience easier and safer with these updates and more planned for later this year, freeing up more time for you to create useful apps and websites for your users.

Getting into Google APIs with OAuth 2.0

Simple actions

Every application that uses OAuth 2.0 to access a Google API adheres to a basic pattern. In general, you take five steps:

  • Google API Console provides OAuth 2.0 credentials.
  • Ask the Google Authorisation Server for an access token.
  • Examine the user-granted access scopes.
  • Provide an API with the access token.
  • If required, refresh the access token.

The OAuth 2.0 protocol is used by Google APIs for authorization and authentication. Applications for web servers, client-side, installation, and limited-input devices are among the common OAuth 2.0 situations that Google supports.

Get your OAuth 2.0 client credentials from the Google API Console to get started. After that, your client app asks the Google Authorization Server for an access token, takes the token out of the answer, and transmits it to the Google API you wish to use. Try out the OAuth 2.0 Playground for an interactive example of utilising OAuth 2.0 with Google (with the ability to use your own client credentials).

One response

  1. BigQuery Data Products: Create, Utilize And Shares Your Data

    […] You can also read Google developers OAuth 2.0 playground And OpenID Connect […]

    Reply

Leave a Reply to BigQuery Data Products: Create, Utilize And Shares Your DataCancel reply

Latest Posts

Discover more from Cloud Computing

Subscribe now to keep reading and get access to the full archive.

Continue reading