Jump to content

SSO (Single-Sign-On) via Google using TW3GoogleLogin


Recommended Posts

  • Administrators

TW3GoogleLogin is a non-visual component, which is available in the Designer's Cloud-tab. It lets you add Single-Sign-On to your web page using Google credentials.

To use this, you need a ClientID, which you can obtain by registering at Google: https://developers.google.com/identity/sign-in/web/sign-in

When you register, you need to specify the URI where you're going to host your web app. This is also where you need to copy the html code that Smart Mobile Studio produces when you compile your app. So, if you plan to have it at https://myserver.example.com/mywebapp/index.html, then you need to register https://myserver.example.com as an Authorized JavaScript origin.

The ClientID is something like this: 5960xxxxxxx-80a9bkbkuumbcu9vt5c9pe0u8lmif31s.apps.googleusercontent.com

Then add TW3GoogleLogin to your form and set the necessary properties and events:

Properties:

  • AutoLogin: If true, your web page will automatically call Login, which pops up Google's login form
  • ClientId: ClientID for your Google web app
  • Enabled: When this is set to True, the component loads Google's SDK and checks if you're already logged in
  • Prompt: default is select_account, which means that Google's login form will also ask which account you want to use
  • Scope: What information to ask from Google. Default is empty, which means that we only ask for profile and email.
  • SDK: The Google SDK to load. This default value is usually ok.

Events:

  • OnLogin: Is called when the Login is successful
  • OnLogout: Is called when user logs off
  • OnError: Is called when there are errors. Error- and Details-parameters give more information.

Methods:

  • Login: Opens Google's login form
  • Logout

Useful properties after login:

  • UserName
  • UserEmail
  • UserToken

Most of the time you only need to:

  • Set ClientID
  • Set Enabled to True, which will automatically load Google's SDK
  • Set the OnLogin- and OnLogout-events
    • In OnLogin, get the name, email and token.
  • Call Login (for example, from a Button's or Image's OnClick-handler)

And when you test, make sure to do it with a browser from the registered URI. Don't expect this to work from SMS's console.

Finally, a few words about security. Do not blindly trust the information that you receive. As this all happens in the client, you can not automatically trust UserName and UserEmail. So, when you do add this kind of SSO-support to log into a backend server, pass on the UserToken to the backend server, which should separately call Google's services to verify the token.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...