Register now for better personalized quote!

Google updates OAuth incremental authorization

Oct, 12, 2021 Hi-network.com

Google has simplified the OAuth authorization process for users who give a third-party app access to Google apps such as Docs and Drive. 

The update, though minor, makes it possible for users to approve access to data in a Google Account a single-tap process that's friendlier for smartphones. 

Developer

  • It's the end of programming as we know it -- again
  • Developers feel secure in their jobs, but they're still thinking about quitting
  • The future of the web will need a different sort of software developer
  • The best Linux laptops for consumers and developers

OAuth is a widely supported standard for giving apps access to account information. It has been abused by attackers in the past and forced Google to introduce stricter rules for developers who use it to connect to Google apps. Today, it requires all third-party apps use OAuth to request access to Google Account data.

SEE:BYOD security warning: You can't do everything securely with just personal devices

The current change is aimed at developers of web apps that use incremental authorization -a feature available from Google's authorization server that lets developers request access to a certain "scope" of resources. 

Google recommends that permission requests are made at the time access is required rather than upfront, such as when an app saves an event to Google Calendar. The request should only be made after the user presses the 'Add to Calendar' button. 

Now, instead of checking a box and clicking 'continue' when granting access, users can just press continue for that single scope. 

It's a continuation of work Google has done for how users can give consent to third-party apps to access Google Account data. In 2019, it introduced fine-grained controls with one screen for each scope requested. This July, it consolidated multiple permission requests into a single screen. 

Google explains that developers don't need to update their apps to support the simpler approval process, but it does recommend they implement incremental authorization. 

SEE:A company spotted a security breach. Then investigators found this new mysterious malware

"There is no change you need to make to your app. However, we recommend using incremental authorization and requesting only one resource at the time your app needs it," notes Google in a blogpost. 

"We believe that doing this will make your account data request more relevant to the user and therefore improve the consent conversion."

Google

Google

How to make your Pixel phone automatically decline robocallsGoogle Pixel Fold review: Samsung's first big competitor comes out swingingChange this one Pixel setting for dramatically better sounding musicGoogle Pixel Fold vs. Samsung Galaxy Z Fold 4: Which phone should you buy?
  • How to make your Pixel phone automatically decline robocalls
  • Google Pixel Fold review: Samsung's first big competitor comes out swinging
  • Change this one Pixel setting for dramatically better sounding music
  • Google Pixel Fold vs. Samsung Galaxy Z Fold 4: Which phone should you buy?

tag-icon Hot Tags : Home & Office Work Life

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.