-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is authorisation code without popup possible? (using redirect) #288
Comments
Hi @Jeevsxp, this is not possible to obtain an authorization code without popup. This is a security restriction: an offline code will allow you to obtain a However, we are working on a feature where you could obtain a code, without popup, that you would be able to exchange in the backend, but only for an |
Hi @TMSCH, in this case I would need to be able to use the code to get a I'm all for explicit consent, but could that not be included in the initial sign in flow (popup or redirect), without requiring an additional consent step. Thank you for your response here as well. I'm assuming from this that, this is what you have in mind |
@Jeevsxp the library will soon support a way of requesting I will keep this thread updated when it is available! |
@TMSCH ok, thank you |
Hi @Jeevsxp, you can now request a
Note that, compared to the |
To confirm, this is only using a popup? Are there any plans to allow redirect in the future? |
For now, only popup is supported. Redirect is tricky to handle in this use case: contrary to |
Any news ? |
@torzuoliH it is on our roadmap but I can't give any ETA at that time. |
To remedy this situration, would it perhaps at least be possible to put this vital information in the documentation around https://developers.google.com/identity/sign-in/web/reference |
@NinnOgTonic the |
@TMSCH Please add the documentation. I just found this thread after spending about an hour trying to solve why the |
@troy-lamerton I'm sorry this happened. The documentation does not mention |
I would suggest documenting some examples of consuming the api in different contexts, and mentioning it in this context perhaps that for the offline you are not able to use |
@NinnOgTonic thanks for the suggestion, are you mentioning splitting the Reference doc? I think it's a good idea to add examples of using |
Yes, not sure if it will be less accessible that way, but my thought was that, if possible split the like you would split the would be examples, but maybe this is less feasible? |
But my though from a consumer perspective is just i want a simple |
Just want to chip in I'd also love to have the redirect function with I'm having trouble when a user grants access on a mobile device, a new tab is opened, but the original tab isn't recognising the user authorised something. |
@TMSCH Is there any update here? What is the "recommended" way to implement Google Sign? I've consistently run into issues using the client side library (e.g. see #473), is the only reliable way to do this server-side? Just looking for some guidance from Google on how to implement sign in without constantly having to re-implement it. |
@grant @TMSCH Was there a recent change (last 3 days or so) that would have caused I'm commenting here, because |
In case anyone else runs into this, clearing the cache (see below) before any request seems to be a workaround, but I definitely did not have to do this before.
|
@TMSCH
|
It is the future now, the year 2020, humans are still alive and Safari, Edge, Mozilla have started blocking popups for humans to login. This causes issues for applications humans are building that need offline access. Issue #288 is still an issue for humans using Google Auth api. In this desolate world, one could only hope this gets resolved. |
I feel like being able to use authorize och mobile devices is pretty vital... Is there any update on this issue? @TMSCH EDIT: typo |
Is there any update on this issue? @TMSCH |
Looks like |
the only reason I'm checking up on this is because Google's very own Chrome does not allow popup for Google API JS Client in icognito mode. |
Guys, you can pass As said in PR threads multiple times it's just not documented properly. 🤷♂️🙂 |
I don't know what should i do. |
When using
|
The only way I can see to get an authorisation code to sent to my back-end is to call the 'grantOfflineAccess' method.
Is there anyway to call this in redirect mode and/or have it be included with the initial sign in flow?
The text was updated successfully, but these errors were encountered: