Understanding Service Accounts

Misconceptions about Google service accounts are at the heart of a number of problems I’ve seen developers having on Stack Overflow and various issue trackers. Hopefully this post will dispel some common misunderstandings, and break down what they are for.

Read More

Attention

Knowledge workers place a great deal of value in concentration and focus. Understanding systems and solving problems requires attention, leading to heated debates over the best kinds of noise cancelling headphones or whether it is really necessary to attend this or that meeting.

Read More

Google Sign In with Server Side Auth on iOS

The release today of version 1.7 of the Google+ iOS SDK added the ability to authorise both a client and server for access to Google APIs. This has been a feature for Android and Web based sign-ins for a while, and now is available across all three platforms. This should simplify server side code for people who have been building cross platform apps - for example if you need to retrieve profile information on the client, but retrieve circles on a server for a friend finding feature.

Read More

Migrating Away From Userinfo

As part of the move to full OpenID connect support recently, the “userinfo” scopes and endpoint were deprecated and scheduled for shutdown in September 2014. If you are using the userinfo API endpoint to retrieve email address or profile information for a Google user, now is the time to change! Luckily, it’s just a few minutes of work to move from the userinfo API to the people.get API for most people, and wont affect users at all.

Read More

Migrating from PlusClient to GoogleApiClient

Thanks for reading the blog! This post is pretty old, and the APIs it references have been improved upon significantly. If you're interested in authentication check out the new [Google Sign In](https://developers.google.com/identity/sign-in/android/), and if you're looking to access profile data see the [People API](https://developers.google.com/people/).
Read More

Incremental Auth and YouTube scopes

In my previous post I mentioned that there are two issues which have been made more visible by incremental auth. The first of these is fairly straightforward, but the second is a little more subtle. Incremental auth is a great feature for simplifying the consent screen that users see when they first sign in to an app, but it can also introduce a bit more complexity in some cases. An example of this is when requesting access to YouTube.

Read More

Are you using approval_prompt=force?

The recent launch of incremental auth has highlighted a couple of problems in the way some sites have implemented Google+ Sign-In or Google OAuth 2.0. The most obvious of these is that there are a fair number of places that use approval_prompt=force much more often than they should, which leads to a much worse user experience than there needs to be.

Read More