dazzaji
commented
8 years ago Google Authorization Info
For Google, using the "login" only scope, we would expect to have the following words (or something really close and that links to the actual words they actually clicked on) in the account screen for the user when the auth for Google is active:
"iAuth would like to:
View your email address
View your basic profile info
By clicking Allow, you allow this app and Google to use your information in accordance with their respective terms of service and privacy policies. You can change this and other Account Permissions at any time."
Managing App Authorizations
- Access from My Account via "Connected App" card, here: https://myaccount.google.com/security#connectedapps
- URL to See and Manage Authorizations is here: https://security.google.com/settings/security/permissions
- Page says: "You've authorized access to your Google Account for the apps and sites listed below. Learn more"
- Individual App Card from full list looks like this:
Individual App Permissions Display
Using example app "Calendly" when app card from full list is clicked, it expands to show:
- The name of the general "scope" of "Access to Google Calendar, basic account info" **Specific scope: Google Calendar" including the following single authorization:
- "Manage your calendars" Specific scope: "Basic account info" including the following two authorizations:
- "View your email address"
- "View your basic profile info"
Notice that "Authorization date: October 3, 2015" is displayed at bottom of the card.
Individual App Permissions "Management" (IE Revocation)
- "Remove" button on card invokes a card enabling authorization revocation.
- Authorization revocation card says:
Remove access Are you sure you want to remove access? Calendly will no longer have access to your Google Account. You'll need to grant access if you want to use the app or site again.
- Looks like this:
- Clicking remove in fact deletes the app from list, like this:
Finer Grained Authorization Management
- NPR App uses finer auth via Google+
Clicking "edit" shows options for more specific authorizations, in this case, selecting specific "circles" NPR app is authorized to access.
Other Resources
Good Articles, How-Do Guides and Other Resources
jekyll-auth
- Great explanation as part of migration of Jekl to Heroku here: http://fabian-kostadinov.github.io/2014/11/13/installation-of-jekyll-auth/
- Punchline vis-a-vis display to user is:
Step 15: Open a browser and navigate to the Heroku URL https://my-new-cool-herokuapp.herokuapp.com. You should be automatically redirected to a GitHub page asking for authorization: Authorize application - my-new-cool-new-heroku-app by @foo-organization/foo-team - would like permission to access your account. You can click on Authorize application.
This will be a matter of using design elements like material design or maybe bootstrap and having re-usable clauses in a template that we dynamically update for each user to by in sync with the authorizations they current have active. Some clauses between the user and UnWorkshop account service (like the liability and venue) may be the same no matter how many or few authorizations a user currently has active.