How do I seamlessly authenticate users to use services associated with a Google Apps account?
https://stackoverflow.com/questions/2780097
-
03-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Hi guys I'm building a Google Apps based solution. Basically I'm setting it up such that:
When a Google Apps account holder installs it he/she enters the authentication details for a single Googles Apps account to be used - that account would be used by all users of the instance of the installed system for uploading to Google Docs associated with that account and managing Google Calendar entries associated with that Google Apps account.
The user as mentioned can create other users and invite them to sign in from a separate login screen and they should be able to interact with the system's facilities which allow interaction with the services associated with the Google Apps account used to install the system.
Any other user of the same domain as the original user can also install the system and be automatically associated with the instance created by the user of the same domain.
I got parts one and three all set up but the second part is where I'm stuck - I'm storing the credentials for the centralised Google Apps account in a database and would need a way to authenticate seamlessly using the details i.e. I don't want the users to have to add in the sign in details nor have to go through the process of having to be asked for permission to allow the application to access the Google Apps services - I wish that when the users log in they are automatically transparently also signed into the Google Apps account as well and be able to use its services.
How can I do that I wish to do away with the process of 'asking the user for which account to sign in or the Google Apps login screen' and the second step asking for permission to allow the application access to the account.
I know it can be done - I've installed loads of applications and none of them require me to go through this two pronged process of authentication which I find quite unnecessary - what do I do? - Help please!
Solution
Have you seen the Zend Frameworks' Zend_Gdata? It's a PHP 5 interface for accessing Google Data, at first glance it seems to do all the things you want.
http://framework.zend.com/manual/en/zend.gdata.introduction.html
OTHER TIPS
You will need to take over the authentication process to handle authentication of Web sessions. The good news is that you can indeed do that (SSO / SAML), bad news is that it can be a lot of work.
Essentially you'd build your own SSO provider, stick it in front of your domain (so it handles all auth), and let it handle the login process so it's as seamless as you need it.
At a higher level, it sounds like you are using a single account to proxy multi-user access into Google Apps; you might want to check the TOS as I'm pretty sure that's frowned upon (kills traceability).
