Some devices want to access a user's data, but do not have the ability to display a full web browser. For example, think of devices like an Tivo unit displaying Netflix videos or connecting to a Pandora radio account.
How To Access The Internet Without A Browser
How To Access The Internet Without A Browser
The Access Internet Browser offers a simple, safe. Safe search keeps trackers and hackers at bay so you can search the web faster without a trace. Support for older versions of Internet Explorer has ended. I want to google chrome free download. Find out what it means for your business and how to update Internet Explorer to stay protected. Guide how to delete Internet Quick Access from computer and browsers completely. Step by step instruction with real working removal methods!
Oneof Google's challenges is that Google exposes lots of APIs such as Photos, Health,& Ads. So we want to allow the app to request access to just alimited set of scopes. And for some of those scopes (like Health), weeven need the user to choose the access level and profile. Many OAuth SPsdo not need to support that level of complexity, so in thosecases there are simpler approaches that can be used.
ForGoogle, in the 'fridge display private photos' example, our team hadsuggested something like the following (though other approaches might work for some devices, and the OAuth 2.0 community is debating specific standards for some of these approaches that Facebook is supporting and which Google intends to support).1)Device/app starts the OAuth dance and also requests a PIN from Google which Googlewill associate with the OAuth request token
2)After the device/app gets the OAuth request token, it tells the user (or its manual tells the user) to visit ashort URL (like fridgephoto/register). The device then displays the PIN they will need, andsays to come back and click a button on the device when they are told. If the device cannot display the PIN, then the device manufactuer might do step 1 before shipping the device to the user, and then provide a printout of the PIN in the set of instructions provided with the device (similar to the license keys printed on Microsoft Office installation CDs).
3) Theuser goes to a web browser on another device, like their personal computer, andopens that site. The site is a static HTML page that gives some introductoryhelp text, and a link to Google's site to do the authorization.
4)When the user clicks the link, they are sent to Google with the URLs parametersfor the scopes that device/app needs, and a Continue URL back to that site, as well as a URLparam indicating the user has a PIN
5) They are then sent through the standard Google OAuth approval process. If the user has not yet logged in, then they will need to do so (and this might involve a redirection to a SAML/OpenID IDP and/or use of a strong auth mechanism like a USB token)
6)Once the user is logged in, they see a standard Google OAuth approval page with information about theclaimed app, the scopes, and any advanced controls such as to pick access levelor a profile. Assuming the user clicks okay, they are then asked to enterthe PIN. Google confirms the PIN is a valid outstanding one, and then theuser is redirected to the continueURL (like fridgephoto/authzdone)
7)That device/app's site displays a static HTML file that tells the user togo back to the device/app and click a button to indicate they finished the approval process
8)The user click's the continue button on the device/app
Internet explorer for chrome os. 9)The device/app then finishes the OAuth dance
Notethat an 'evil' hacker could request a lot of PINs from Google, and hope that auser mistakenly types a PIN that is associated with a 'hackers' request token,thereby giving access to the user's data. As an extra layerof security, we can send the user an E-mail after an OAuth approval that used aPIN, with the 'claimed identity' of the app, and provide asingle link the user can click to deactivate that OAuth token. If theuser does more then one approval for the same claimed app in a short period oftime, then on the OAuth approval page we might even give a warning that theprevious one might have been 'hijacked' and give them an easily wayto deactivate any recent OAuth tokens issued to the same claimed app.
Optimization for users that have a mobile phone with QR code-reader Google docs offline extension download.
An optimization for the user experience can be implemented for market segments where it is likely that the user has a mobile phone with a web browser and QR-code reader (e.g., some East Asia countries). In this case, the device could display a QR code instead of a URL + pin. The user would simply photograph the QR code using his phone and the approval page would load in the browser. After approving, the user would be directed to continue with the process in the device (typically just press a button/screen to continue).
An additional advantage of this approach is that QR codes can encode relatively longer URLs, so it is possible that one could encode a sufficiently long URL to capture the entire traditional OAuth request. The protocol would be more secure as a result.
How To Access The Internet Without A Browser
The Access Internet Browser offers a simple, safe. Safe search keeps trackers and hackers at bay so you can search the web faster without a trace. Support for older versions of Internet Explorer has ended. I want to google chrome free download. Find out what it means for your business and how to update Internet Explorer to stay protected. Guide how to delete Internet Quick Access from computer and browsers completely. Step by step instruction with real working removal methods!
Oneof Google's challenges is that Google exposes lots of APIs such as Photos, Health,& Ads. So we want to allow the app to request access to just alimited set of scopes. And for some of those scopes (like Health), weeven need the user to choose the access level and profile. Many OAuth SPsdo not need to support that level of complexity, so in thosecases there are simpler approaches that can be used.
ForGoogle, in the 'fridge display private photos' example, our team hadsuggested something like the following (though other approaches might work for some devices, and the OAuth 2.0 community is debating specific standards for some of these approaches that Facebook is supporting and which Google intends to support).1)Device/app starts the OAuth dance and also requests a PIN from Google which Googlewill associate with the OAuth request token
2)After the device/app gets the OAuth request token, it tells the user (or its manual tells the user) to visit ashort URL (like fridgephoto/register). The device then displays the PIN they will need, andsays to come back and click a button on the device when they are told. If the device cannot display the PIN, then the device manufactuer might do step 1 before shipping the device to the user, and then provide a printout of the PIN in the set of instructions provided with the device (similar to the license keys printed on Microsoft Office installation CDs).
3) Theuser goes to a web browser on another device, like their personal computer, andopens that site. The site is a static HTML page that gives some introductoryhelp text, and a link to Google's site to do the authorization.
4)When the user clicks the link, they are sent to Google with the URLs parametersfor the scopes that device/app needs, and a Continue URL back to that site, as well as a URLparam indicating the user has a PIN
5) They are then sent through the standard Google OAuth approval process. If the user has not yet logged in, then they will need to do so (and this might involve a redirection to a SAML/OpenID IDP and/or use of a strong auth mechanism like a USB token)
6)Once the user is logged in, they see a standard Google OAuth approval page with information about theclaimed app, the scopes, and any advanced controls such as to pick access levelor a profile. Assuming the user clicks okay, they are then asked to enterthe PIN. Google confirms the PIN is a valid outstanding one, and then theuser is redirected to the continueURL (like fridgephoto/authzdone)
7)That device/app's site displays a static HTML file that tells the user togo back to the device/app and click a button to indicate they finished the approval process
8)The user click's the continue button on the device/app
Internet explorer for chrome os. 9)The device/app then finishes the OAuth dance
Notethat an 'evil' hacker could request a lot of PINs from Google, and hope that auser mistakenly types a PIN that is associated with a 'hackers' request token,thereby giving access to the user's data. As an extra layerof security, we can send the user an E-mail after an OAuth approval that used aPIN, with the 'claimed identity' of the app, and provide asingle link the user can click to deactivate that OAuth token. If theuser does more then one approval for the same claimed app in a short period oftime, then on the OAuth approval page we might even give a warning that theprevious one might have been 'hijacked' and give them an easily wayto deactivate any recent OAuth tokens issued to the same claimed app.
Optimization for users that have a mobile phone with QR code-reader Google docs offline extension download.
An optimization for the user experience can be implemented for market segments where it is likely that the user has a mobile phone with a web browser and QR-code reader (e.g., some East Asia countries). In this case, the device could display a QR code instead of a URL + pin. The user would simply photograph the QR code using his phone and the approval page would load in the browser. After approving, the user would be directed to continue with the process in the device (typically just press a button/screen to continue).
An additional advantage of this approach is that QR codes can encode relatively longer URLs, so it is possible that one could encode a sufficiently long URL to capture the entire traditional OAuth request. The protocol would be more secure as a result.
If the user does not have access to a mobile device with a QR code reader, there would be an option to use the approach described above.
