diff --git a/docs/assets/e-mission-both/google_auth_client_id_creation_screen.png b/docs/assets/e-mission-both/google_auth_client_id_creation_screen.png deleted file mode 100644 index 7693aae..0000000 Binary files a/docs/assets/e-mission-both/google_auth_client_id_creation_screen.png and /dev/null differ diff --git a/docs/assets/e-mission-both/google_auth_client_id_selection.png b/docs/assets/e-mission-both/google_auth_client_id_selection.png deleted file mode 100644 index 876bc08..0000000 Binary files a/docs/assets/e-mission-both/google_auth_client_id_selection.png and /dev/null differ diff --git a/docs/assets/e-mission-both/google_auth_client_id_success.png b/docs/assets/e-mission-both/google_auth_client_id_success.png deleted file mode 100644 index 8b613ad..0000000 Binary files a/docs/assets/e-mission-both/google_auth_client_id_success.png and /dev/null differ diff --git a/docs/assets/e-mission-both/google_auth_screenshot.png b/docs/assets/e-mission-both/google_auth_screenshot.png deleted file mode 100644 index ba7b4e5..0000000 Binary files a/docs/assets/e-mission-both/google_auth_screenshot.png and /dev/null differ diff --git a/docs/install/configuring_authentication.md b/docs/install/configuring_authentication.md index b44c8ea..8bb0db0 100644 --- a/docs/install/configuring_authentication.md +++ b/docs/install/configuring_authentication.md @@ -92,68 +92,3 @@ In [2]: token_list = [t.strip() for t in raw_token_list] In [3]: print token_list ``` - -### `openid_auth`/`openid-authutil` ### - -If you want to use a more full-featured authentication server, you could consider integrating with an [OpenID]() server. This will generate JWTs, short lived tokens that are refreshed when needed, and depending on the server, support a rich set of features. To configure the **server** for OpenID, see `conf/net/auth/openid_auth.json.sample`. To configure the **phone** for OpenID, see `www/json/connectionConfig.openid.json.sample`, and the [associated README](https://github.com/e-mission/cordova-jwt-auth/blob/master/README.openid.md) - -### `google_auth`/`google-authutil` ### - -This option uses JWTs using the google identity solution with [cross-client authentication](https://developers.google.com/identity/protocols/CrossClientAuth#accessTokens). The JWTs are decrypted using google's public keys and decoded using the `google-auth` library. - -- If you are deploying a new UI on the existing e-mission app, you need to ask me to generate google client keys. -- If you are deploying your own app, register your app in the google developer console and generate your own client keys. - -#### Configuration #### - -- create `android`, `ios` and `web application` credentials in the same project at https://console.developers.google.com -- use the `web application` key for android -- use the `ios` key for iOS, but encoded into the native app as a URL type -- the `android` key is not used directly, but is required to be in the project to allow the android authentication to proceed - -![Google Auth Screenshot](../assets/e-mission-both/google_auth_screenshot.png) - -If you have just created a set of keys, you can just duplicate them to make the old and new keys - e.g. in `conf/net/auth/google_auth.json` - - - -``` - "client_key_old" : "11111111111-aaaaaaaaaaaaaaaa.apps.googleusercontent.com", - "client_key" : "11111111111-aaaaaaaaaaaaaaaa.apps.googleusercontent.com", - "__comment": "iOS client key to handle the fact that the google iOS API does not work. The open source API does not take the webclient app, so we have the iOS client ID here.", - "ios_client_key" : "11111111111-iiiiiiiiiiiiiiii.apps.googleusercontent.com", - "ios_client_key_new" : "11111111111-iiiiiiiiiiiiiiii.apps.googleusercontent.com", -``` - -#### More details/FAQ #### - - - 1. **Q:** Can I use google auth with the devapp in order to test my development changes end to end? - - **A:** Yes! But you still need to get tokens from me because the native app needs to have the right keystore/client ID configured in the URL schemes. - - 2. **Q:** How do I get the tokens from you? - - **A:** Send me your GPG public key, including [create](https://www.gnupg.org/gph/en/manual/c14.html) and[ exporting ](https://www.gnupg.org/gph/en/manual/x56.html)if needed. I will send you an encrypted client `connectionConfig.json` file. You can copy the values from the client file to the server file. - - 3. When generating my own tokens: - 1. **Q:** For android, do we use `webapp` or `android` as application type? - - **A:** `Web application`. You need to use the same web application clientID in both the client json and the server json. And unless you are planning to roll your own native app, you need to get the keys from me. Otherwise, the keystore that is configured for the project will be incorrect, and the auth won't work. - - 1. **Q:** How do I configure the `webapp`? Do I have to add a redirect URL? - - **A:** See screenshots below. You do not need to add any restrictions since we are not really using a browser for authentication. We are using cross-client authentication using native code in a mobile app. - - | Selection | Configuration | Success | - | -------- | ------------- | --------| - | ![Selection](../assets/e-mission-both/google_auth_client_id_selection.png) | ![Configuration](../assets/e-mission-both/google_auth_client_id_creation_screen.png) | ![Success](../assets/e-mission-both/google_auth_client_id_success.png) | - - 2. **Q:** For ios, do we use `webapp` or `ios` as application type? - - **A:** `iOS`. Again, you need to use the same ID in both the client json and the server json. And unless you are planning to roll your own native app, you need to get the keys from me. Otherwise, the URL scheme(s) that are configured for in the app will be incorrect, and the auth won't work. - - 3. **Q:** By “client_key”, do you mean `clientID` or `clientSecret`? - - **A:** `clientID` -