Google authentification


Как настроить двухэтапную аутентификацию Google

В современном мире с одной учетной записью может быть связано очень многое, например, при взломе Google аккаунта могут заполучить номер вашей кредитки и других личных данных. Двухфакторная аутентификация (двухэтапная аутентификация) поможет предотвратить кражу ваших личных данных путем усиления защиты вашего Google аккаунта.

Что такое двухфакторная аутентификация?

2FA (сокращение от двухфакторная аутентификация) добавляет дополнительный уровень безопасности для вашей учетной записи. После активации для входа в Google аккаунт потребуется ввести пароль и код, который отправляется на ваш телефон с помощью звонка или SMS, или через приложение аутентификатора.

Двухэтапная аутентификация с помощью Google Authenticator

  • Запустите браузер на вашем ПК
  • Введите g.co/2sv в адресную строку
  • Нажмите «Приступить»
  • Введите свой пароль
  • Введите свой номер телефона
  • Выберите SMS или звонок для проверки
  • Нажмите «Попробовать» и вы получите смс или звонок с кодом 2SV
  • Введите код и нажмите далее
  • Нажмите включить.

Теперь у вас включена двухэтапная аутентификация Google.

Настройка приложения Google Authenticator на Android устройстве

Нажимайте на эту ссылку и начнем настройку

  • Выберите в списке приложение Google Authenticator
  • Выберите Android
  • Нажмите продолжить. Вы увидите QR-код на экране компьютера, никуда не переходите, он ещё понадобится
  • Зайдите в Google Play с вашего Android – девайса и скачайте Google Auhtenticator
  • Откройте приложение и нажмите «Начать настройку» внизу экрана
  • Отсканируйте QR-код с экрана компьютера
  • В браузере нажмите «Далее» и введите 6-значный код из приложения.

Теперь, вместо СМС и голосовых вызовов с кодом подтверждения 2SV можно использовать уникальный код из приложения каждый раз, когда вы будете заходить в свой аккаунт Google с любого устройства. Этот код меняется каждые 30 секунд, так что нужно успеть ввести его до того, как он сменится.

После этих манипуляций любой, кто попытается войти в ваш аккаунт, даже если он знает пароль не сможет выполнить вход без телефона. Он просто не получит нужный код, который меняется каждые 30 секунд, поэтому его будет очень сложно взломать. Безопасность превыше всего!

 

androidmir.org

Как защитить почту Google двойной аутентификацией и не только +видео

Всем привет! Сегодня поговорим о безопасности Gmail почты, а именно о настройках безопасности в этой системе. На сегодня только Google догадался ввести двойную аутентификацию и сделал свою почту Gmail безопасной. Но если не активировать эту возможность, то ваша почта на Gmail будет самой обычной почтой, которую можно взломать, как и многие другие ящики.

В этой статье я наглядно покажу как защитить почту Google с помощью двойной аутентификации и не только. Отдельно будет затронут вопрос использования почтовых клиентов, типа The Bat!, Outlook, Thunderbird и др.

А кому нужна эта безопасность?

Вполне резонный вопрос, который многие могут задать: а на кой оно мне надо? Кому я нужен? Ну если вы используете свой почтовый ящик раз в месяц, и то чтобы перекинуться парой ссылок с друзьями, то да, лишний геморрой будет ни к чему. Но у кого почта привязана ко многим аккаунтам в сети, особенно к финансовым (Webmoney, например), то защитить свою почту просто святое дело! Многие сервисы уже позволяют привязать номер мобильного к своему аккаунту, но всё-таки большинство всё ещё опирается на адрес email – одному из самых узких мест в безопасности!

Однажды получив доступ к вашему ящику, злоумышленник, возможно, не подаст виду, будет сидеть втихаря и ждать, когда же прийдёт какое-нибудь «важное» письмо, которым можно воспользоваться в корыстных целях. Также не забываем о функции «напоминания» пароля, которая успешно работает на многих сервисах. Имея доступ к почтовому ящику можно быстренько «повспоминать» практически все ваши пароли… В общем,  если вам хоть немного дорога та информация, к которой можно получить доступ, вам необходимо правильно настроить почту Gmail.

Настраиваем безопасность Gmail

Давайте зайдём в настройки почты и посмотрим что же мы там можем изменить. Кто не в курсе как зайти в настройки Gmail: кликаем по шестерёнке в правом верхнем углу и выбираем «Настройки»

В первую очередь проверьте, стоит ли галочка на «Использовать только https» вкладки «Общие». Если нет – то поставьте, чтобы данные передавались в зашифрованном виде. Дело в том, что если вы пользуетесь почтой в общественных местах с интернетом Wi-Fi (да и не только), то злоумышленники могут перехватить данные в незашифрованном виде. Лучше поставить галку и забыть об этом.

ОБНОВЛЕНО: теперь https работает по умолчанию

Для тех кто пользуется почтовыми клиентами прийдётся поменять тип соединения с обычного на безопасное (TLS). В разных почтовиках это может называться по разному, но смысл тот же. На закладке настроек соединения надо будет выбрать безопасный тип соединения и поменять порт приёма почты (POP) с 110 на 995, а порт отправки (SMTP) с 25 на 465. Как правило, порты меняются сами при выборе соединения типа TLS.

Идём дальше. Использование почтовых программ хоть и сильно упрощает работу с почтой, но это ещё одна брешь в безопасности Gmail. Для тех кто не собирается ими пользоваться — отключаем эту возможность. Для этого идём на вкладку «Пересылка и POP/IMAP» и ставим галочки «Отключить POP» и «отключить IMAP».

Дальше самое интересное – будем включать двойную авторизацию.

Двойная аутентификация Google

Это та самая фишка, которая отличает почту Gmail от других почтовых сервисов. После включения двойной аутентификации, для получения доступа к почте потребуется ввести код, присланный в SMS на ваш телефон. Как вы сами понимаете, это сильно увеличивает безопасность Gmail почты. А теперь по пунктам:

  • Идём на вкладку «Аккаунты и импорт» и жмём «Изменить параметры восстановления пароля» 
  • На новой странице привязываем номер мобильного телефона. Здесь также можно привязать дополнительный почтовый ящик, который можно использовать для восстановления утерянного пароля. Так вот, советую ничего не привязывать, т.к. это ещё одна дыра в безопасности.
  • Теперь жмём «Другие настройки аккаунта Google»
  • На новой странице в разделе «Безопасность» нажимаем «Изменить» двухэтапную аутентификацию. Откроется окно, жмём «Приступить к настройке». 
  • На первом шаге вводим номер телефона, на который Google будет высылать коды подтверждения. Если телефон уже привязан, то вводить ничего не надо – номер уже будет там. 
  • Далее можно поставить галочку «Надёжный компьютер». В этом случае при входе с этого компьютера код подтверждения нужно будет вводить только один раз в месяц. 

Всё, двойная аутентификация Google включена! Осталось утрясти некоторые нюансы. Дело в том, что не все приложения умеют запрашивать код подтверждения, например такие как почтовые клиенты, приложения для смартфонов и синхронизация Google Chrome (читайте также: что делать если хром тормозит и как сделать визуальные закладки для хрома). Если вы ими не пользуетесь, то просто пропустите этот этап настройки.

Создаём пароли приложений Google

После включения двойной аутентификации, все приложения, которые использовали имя и пароль аккаунта Google, перестанут работать. Будет выдаваться ошибка «Неверное имя пользователя или пароль». Для их работы требуется сгенерировать так называемые пароли приложений. Для этого проделываем несложные действия:

  • Нажимаем «Создать пароли» или переходим по этой ссылке https://accounts.google.com/IssuedAuthSubTokens

  • В окошке пишем любое название для пароля, например «Синхронизация Chrome»

  • Нажимаем «Создать пароль»

Мастер создания паролей покажет пароль – сохраните его, т.к. больше вы его нигде не найдёте, пароль приложений создаётся только один раз. Потом его можно только аннулировать и создать новый. Можете называть его как угодно, всё равно он будет работать в любых приложениях.

Дальше просто берём этот пароль и вставляем его в приложения вместо пароля аккаунта Google. Например, в Outlook просто вписываем этот пароль вместо старого. Да, это будет брешью в безопасности, т.к. пароль приложений не привязывается к компьютеру. Завладев им, злоумышленник сможет читать почту и отправлять письма, но не сможет войти в аккаунт на Gmail. Я уже говорил, что для лучшей безопасности лучше отключить возможность приёма почты через почтовики и тогда не прийдётся использовать пароли приложений.

Пользуемся на здоровье!

Теперь попробуйте выйти из почты и войти заново. Google запросит код подтверждения, высланный с помощью SMS на мобильный телефон.

Здесь также можно пометить компьютер как надёжный. Но учтите, получив доступ к компьютеру злоумышленник сможет войти в вашу почту с вашего же «надёжного» компьютера Кому нужна максимальная безопасность Gmail учитывайте и этот момент.

Бывает такое, что SMS с кодом не приходит. Тогда можно заказать звонок. В этом случае позвонит робот гугла и продиктует код подтверждения. Я сам несколько раз пользовался этой возможностью, телефон звонил сразу, а СМС пришла уже потом.

После всей этой процедуры на почту прийдёт информационное, из которого вы узнаете ещё о нескольких фишках, которые доступны на странице https://accounts.google.com/b/0/SmsAuthSettings

Во-первых, можно привязать дополнительный номер телефона, на который высылается код в случае недоступности основного номера.

Во-вторых, можно обойтись вообще без телефона с помощью резервных кодов. Это может быть полезно за границей или в случае потери телефона, но позаботиться прийдётся заранее, иначе никак. Тут всё просто, нажимаем «Показать резервные коды» и распечатываем табличку. Потом можно вводить эти коды по очереди вместо кодов из СМС. Резервных кодов всего десять, поэтому после их использования нужно сгенерировать новые. rezervnyie_kodyi.jpg

Выводы

В этой статье мы разобрались что же нужно делать для большей безопасности Gmail почты:

  • Обязательно привязывайте номер телефона и включайте двойную аутентификацию Google
  • Включайте канал передачи данных HTTPS (теперь это уже есть по умолчанию)
  • Для большей защищённости отключайте возможность использования почтовых клиентов
  • Если не уверены в защищённости вашего компьютера, то не помечайте его как «надёжный»

Ну и конечно же не забываем про сложные пароли. Нормальный пароль должен состоять как минимум из восьми символов, включая большие и маленькие буквы, цифры и знаки препинания.

 

А что делаете вы для защиты своей почты? Напишите об этом в комментариях.

В этом видео я показал весь процесс вживую

На этом всё, будьте бдительны!

it-like.ru

Use Google Authenticator to securely login to non-Google sites

Google's two-step authentication helps you restrict access to your accounts. Normally, you login to a website with your username and password. Without two-step authentication, you're done. Access to your account relies on the strength of your username and password.

With two-step authentication enabled, you'll be prompted to enter a six-digit number after you provide your username and password. Unlike a PIN number for an ATM, this six-digit number changes with every login.

Many sites send a text message to you containing the six-digit number. That's how things work if you've enabled two-step authentication at Facebook, Twitter and LinkedIn as of June 14, 2013. (Follow the links for each service to learn how to enable two-step authentication on each of these widely-used social media sites.) If you use these sites and have a cellphone, I strongly recommend you enable two-step authentication at each service.

Other sites let you use the Google Authenticator app to generate the six-digit number. The app generates a different six-digit number for each connected site, and these numbers change every 30 seconds. With the app, you don't have to wait a few seconds to receive a text message. Here's how to set up and use the Google Authenticator app with your Google account, along with a few other well-known sites.

Doing the two-step

1. Make sure two-step authentication is enabled for your Google account

Before you start using the app, make sure that two-step authentication is enabled and configured for your account. See my August 2012 article, "Secure your Google Account with two-step authentication" for details.

2. Install the app

Download and install the app on your Android device or on your iPhone, iPad or iPod Touch.

3. Connect Google Authenticator to your Google Account

Login to your Google account at http://accounts.google.com. Choose "Security" from the left-side menu, then look for "2-step verification" and click "Edit". You may need to login again.

Connect your Google Authenticator app to your Google account by following the prompts after "How to Connect" a Mobile Application.

The free Google Authenticator app helps secure your Google account.

The process will be similar when you enable 2-step authentication on other sites, and then link your Google Authenticator app with those sites, with these general steps:

  • You enable 2-step authentication at the website, and then
  • Indicate you want to use your Google Authenticator app to generate codes.
  • Next, you use the Google Authenticator app on your phone to scan a code displayed by the website on your computer screen, and then
  • The Authenticator app adds the account.
  • You enter a six-digit code generated by the Authenticator app to verify that the site and app are linked.

4. Connect Google Authenticator for 2-step authentication at other sites

Many companies have adopted the 2-step authentication process. For many users, discovering how to enable 2-step authentication at each site can be a bit time consuming. So here's a quick guide to a few of the most widely visited sites with which you can use the Google Authenticator app.

Wordpress.com

Secure your Wordpress.com account by logging in to your account, then choosing "Settings", then "Security". Then enable 2-step authentication with Google Authenticator.

Secure your Wordpress.com account with Google Authenticator.
Outlook.com

Yes, you can use Google Authenticator for 2-step authentication of Outlook.com accounts. To enable 2-step authentication at Outlook.com, login, then choose "Account Settings", then "Security info". From this page you can enable 2-step authentication and manage your authenticator apps.

Your Google Authenticator app can help securely access Outlook.com accounts.
Evernote.com

Evernote's setup is similar to the others above: login, go to "Account Settings", then choose "Security". From there, you can enable 2-step authentication using Google Authenticator.

Evernote enabled 2-step authentication in May 2013.
Dropbox.com

Dropbox provides a nicely designed step-by-step process for enabling 2-step authentication. First login to your Dropbox.com account, choosing "Settings", then select the "Security" tab. From there, click the link to enable two-step verification.

Dropbox has a nicely designed step-by-step process that walks users through each step of configuring 2-step authentication.
LastPass.com

Finally, if you use the LastPass password manager, I strongly encourage you to secure it using 2-step authentication. Even if you use a very long, obscure password, the LastPass.com data store, if breached, would provide access to all of your passwords for other sites. This is worth securing.

To enable 2-step authentication in LastPass, login, then choose Settings, then select the "Multifactor options" tab. Choose the "Google Authenticator" option, then follow the on-screen instructions.

Your LastPass.com password data store is definitely worth securing with 2-step authentication!

Bottom line

New sites continue to add support for 2-step authentication and the Google Authenticator app every month. While two-step authentication may not protect your data from the U.S. National Security Agency, it will help prevent unauthorized access to your accounts. Enable it wherever possible today.

Also read:

www.techrepublic.com

OAuth 2.0 Scopes for Google APIs  |  Google Identity Platform  |  Google Developers

This document lists the OAuth 2.0 scopes that you might need to request to access Google APIs, depending on the level of access you need. See the individual APIs' documentation for details about each method's scope requirements.

Scopeshttps://www.googleapis.com/auth/adexchange.buyerManage your Ad Exchange buyer account configurationScopeshttps://www.googleapis.com/auth/adexchange.buyerManage your Ad Exchange buyer account configurationScopeshttps://www.googleapis.com/auth/adexchange.sellerView and manage your Ad Exchange datahttps://www.googleapis.com/auth/adexchange.seller.readonlyView your Ad Exchange dataScopeshttps://www.googleapis.com/auth/xapi.zooTest scope for access to the Zoo serviceScopeshttps://www.googleapis.com/auth/admin.datatransferView and manage data transfers between users in your organizationhttps://www.googleapis.com/auth/admin.datatransfer.readonlyView data transfers between users in your organizationScopeshttps://www.googleapis.com/auth/admin.directory.customerView and manage customer related informationhttps://www.googleapis.com/auth/admin.directory.customer.readonlyView customer related informationhttps://www.googleapis.com/auth/admin.directory.device.chromeosView and manage your Chrome OS devices' metadatahttps://www.googleapis.com/auth/admin.directory.device.chromeos.readonlyView your Chrome OS devices' metadatahttps://www.googleapis.com/auth/admin.directory.device.mobileView and manage your mobile devices' metadatahttps://www.googleapis.com/auth/admin.directory.device.mobile.actionManage your mobile devices by performing administrative taskshttps://www.googleapis.com/auth/admin.directory.device.mobile.readonlyView your mobile devices' metadatahttps://www.googleapis.com/auth/admin.directory.domainView and manage the provisioning of domains for your customershttps://www.googleapis.com/auth/admin.directory.domain.readonlyView domains related to your customershttps://www.googleapis.com/auth/admin.directory.groupView and manage the provisioning of groups on your domainhttps://www.googleapis.com/auth/admin.directory.group.memberView and manage group subscriptions on your domainhttps://www.googleapis.com/auth/admin.directory.group.member.readonlyView group subscriptions on your domainhttps://www.googleapis.com/auth/admin.directory.group.readonlyView groups on your domainhttps://www.googleapis.com/auth/admin.directory.notificationsView and manage notifications received on your domainhttps://www.googleapis.com/auth/admin.directory.orgunitView and manage organization units on your domainhttps://www.googleapis.com/auth/admin.directory.orgunit.readonlyView organization units on your domainhttps://www.googleapis.com/auth/admin.directory.resource.calendarView and manage the provisioning of calendar resources on your domainhttps://www.googleapis.com/auth/admin.directory.resource.calendar.readonlyView calendar resources on your domainhttps://www.googleapis.com/auth/admin.directory.rolemanagementManage delegated admin roles for your domainhttps://www.googleapis.com/auth/admin.directory.rolemanagement.readonlyView delegated admin roles for your domainhttps://www.googleapis.com/auth/admin.directory.userView and manage the provisioning of users on your domainhttps://www.googleapis.com/auth/admin.directory.user.aliasView and manage user aliases on your domainhttps://www.googleapis.com/auth/admin.directory.user.alias.readonlyView user aliases on your domainhttps://www.googleapis.com/auth/admin.directory.user.readonlyView users on your domainhttps://www.googleapis.com/auth/admin.directory.user.securityManage data access permissions for users on your domainhttps://www.googleapis.com/auth/admin.directory.userschemaView and manage the provisioning of user schemas on your domainhttps://www.googleapis.com/auth/admin.directory.userschema.readonlyView user schemas on your domainScopeshttps://www.googleapis.com/auth/admin.reports.audit.readonlyView audit reports for your G Suite domainhttps://www.googleapis.com/auth/admin.reports.usage.readonlyView usage reports for your G Suite domainScopeshttps://www.googleapis.com/auth/adsenseView and manage your AdSense datahttps://www.googleapis.com/auth/adsense.readonlyView your AdSense dataScopeshttps://www.googleapis.com/auth/adsensehostView and manage your AdSense host data and associated accountsScopeshttps://www.googleapis.com/auth/analyticsView and manage your Google Analytics datahttps://www.googleapis.com/auth/analytics.editEdit Google Analytics management entitieshttps://www.googleapis.com/auth/analytics.manage.usersManage Google Analytics Account users by email addresshttps://www.googleapis.com/auth/analytics.manage.users.readonlyView Google Analytics user permissionshttps://www.googleapis.com/auth/analytics.provisionCreate a new Google Analytics account along with its default property and viewhttps://www.googleapis.com/auth/analytics.readonlyView your Google Analytics dataScopeshttps://www.googleapis.com/auth/analyticsView and manage your Google Analytics datahttps://www.googleapis.com/auth/analytics.readonlyView your Google Analytics dataScopeshttps://www.googleapis.com/auth/androidenterpriseManage corporate Android devicesScopeshttps://www.googleapis.com/auth/androidmanagementManage Android devices and apps for your customersScopeshttps://www.googleapis.com/auth/androidpublisherView and manage your Google Play Developer accountScopeshttps://www.googleapis.com/auth/appengine.adminView and manage your applications deployed on Google App Enginehttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/activityView the activity history of your Google appshttps://www.googleapis.com/auth/driveView and manage the files in your Google Drivehttps://www.googleapis.com/auth/drive.metadataView and manage metadata of files in your Google Drivehttps://www.googleapis.com/auth/drive.metadata.readonlyView metadata for files in your Google Drivehttps://www.googleapis.com/auth/drive.readonlyView the files in your Google DriveScopeshttps://www.googleapis.com/auth/appstateView and manage your data for this applicationScopeshttps://www.googleapis.com/auth/bigqueryView and manage your data in Google BigQueryhttps://www.googleapis.com/auth/bigquery.insertdataInsert data into Google BigQueryhttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/devstorage.full_controlManage your data and permissions in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_onlyView your data in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_writeManage your data in Google Cloud StorageScopeshttps://www.googleapis.com/auth/bigqueryView and manage your data in Google BigQueryhttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/bloggerManage your Blogger accounthttps://www.googleapis.com/auth/blogger.readonlyView your Blogger accountScopeshttps://www.googleapis.com/auth/booksManage your booksScopeshttps://www.googleapis.com/auth/calendarManage your calendarshttps://www.googleapis.com/auth/calendar.readonlyView your calendarsScopeshttps://www.googleapis.com/auth/classroom.announcementsView and manage announcements in Google Classroomhttps://www.googleapis.com/auth/classroom.announcements.readonlyView announcements in Google Classroomhttps://www.googleapis.com/auth/classroom.coursesManage your Google Classroom classeshttps://www.googleapis.com/auth/classroom.courses.readonlyView your Google Classroom classeshttps://www.googleapis.com/auth/classroom.coursework.meManage your course work and view your grades in Google Classroomhttps://www.googleapis.com/auth/classroom.coursework.me.readonlyView your course work and grades in Google Classroomhttps://www.googleapis.com/auth/classroom.coursework.studentsManage course work and grades for students in the Google Classroom classes you teach and view the course work and grades for classes you administerhttps://www.googleapis.com/auth/classroom.coursework.students.readonlyView course work and grades for students in the Google Classroom classes you teach or administerhttps://www.googleapis.com/auth/classroom.guardianlinks.me.readonlyView your Google Classroom guardianshttps://www.googleapis.com/auth/classroom.guardianlinks.studentsView and manage guardians for students in your Google Classroom classeshttps://www.googleapis.com/auth/classroom.guardianlinks.students.readonlyView guardians for students in your Google Classroom classeshttps://www.googleapis.com/auth/classroom.profile.emailsView the email addresses of people in your classeshttps://www.googleapis.com/auth/classroom.profile.photosView the profile photos of people in your classeshttps://www.googleapis.com/auth/classroom.rostersManage your Google Classroom class rostershttps://www.googleapis.com/auth/classroom.rosters.readonlyView your Google Classroom class rostershttps://www.googleapis.com/auth/classroom.student-submissions.me.readonlyView your course work and grades in Google Classroomhttps://www.googleapis.com/auth/classroom.student-submissions.students.readonlyView course work and grades for students in the Google Classroom classes you teach or administerScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud_debuggerManage cloud debuggerScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/monitoringView and write monitoring data for all of your Google and third-party Cloud and API projectsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/trace.appendWrite Trace data for a project or applicationScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud.useraccountsManage your Google Cloud User Accountshttps://www.googleapis.com/auth/cloud.useraccounts.readonlyView your Google Cloud User AccountsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/computeView and manage your Google Compute Engine resourceshttps://www.googleapis.com/auth/compute.readonlyView your Google Compute Engine resourceshttps://www.googleapis.com/auth/devstorage.full_controlManage your data and permissions in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_onlyView your data in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_writeManage your data in Google Cloud StorageScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/contentManage your product listings and accounts for Google ShoppingScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/computeView and manage your Google Compute Engine resourceshttps://www.googleapis.com/auth/compute.readonlyView your Google Compute Engine resourceshttps://www.googleapis.com/auth/userinfo.emailView your email addressScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/datastoreView and manage your Google Cloud Datastore dataScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/ndev.cloudmanView and manage your Google Cloud Platform management resources and deployment status informationhttps://www.googleapis.com/auth/ndev.cloudman.readonlyView your Google Cloud Platform management resources and deployment status informationScopeshttps://www.googleapis.com/auth/ddmconversionsManage DoubleClick Digital Marketing conversionshttps://www.googleapis.com/auth/dfareportingView and manage DoubleClick for Advertisers reportshttps://www.googleapis.com/auth/dfatraffickingView and manage your DoubleClick Campaign Manager's (DCM) display ad campaignsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/ndev.clouddns.readonlyView your DNS records hosted by Google Cloud DNShttps://www.googleapis.com/auth/ndev.clouddns.readwriteView and manage your DNS records hosted by Google Cloud DNSScopeshttps://www.googleapis.com/auth/doubleclickbidmanagerView and manage your reports in DoubleClick Bid ManagerScopeshttps://www.googleapis.com/auth/doubleclicksearchView and manage your advertising data in DoubleClick SearchScopeshttps://www.googleapis.com/auth/driveView and manage the files in your Google Drivehttps://www.googleapis.com/auth/drive.appdataView and manage its own configuration data in your Google Drivehttps://www.googleapis.com/auth/drive.fileView and manage Google Drive files and folders that you have opened or created with this apphttps://www.googleapis.com/auth/drive.metadataView and manage metadata of files in your Google Drivehttps://www.googleapis.com/auth/drive.metadata.readonlyView metadata for files in your Google Drivehttps://www.googleapis.com/auth/drive.photos.readonlyView the photos, videos and albums in your Google Photoshttps://www.googleapis.com/auth/drive.readonlyView the files in your Google Drivehttps://www.googleapis.com/auth/drive.scriptsModify your Google Apps Script scripts' behaviorScopeshttps://www.googleapis.com/auth/firebaseView and administer all your Firebase data and settingsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/firebaseView and administer all your Firebase data and settingshttps://www.googleapis.com/auth/firebase.readonlyView all your Firebase data and settingsScopeshttps://www.googleapis.com/auth/fitness.activity.readView your activity information in Google Fithttps://www.googleapis.com/auth/fitness.activity.writeView and store your activity information in Google Fithttps://www.googleapis.com/auth/fitness.blood_glucose.readView blood glucose data in Google Fithttps://www.googleapis.com/auth/fitness.blood_glucose.writeView and store blood glucose data in Google Fithttps://www.googleapis.com/auth/fitness.blood_pressure.readView blood pressure data in Google Fithttps://www.googleapis.com/auth/fitness.blood_pressure.writeView and store blood pressure data in Google Fithttps://www.googleapis.com/auth/fitness.body.readView body sensor information in Google Fithttps://www.googleapis.com/auth/fitness.body.writeView and store body sensor data in Google Fithttps://www.googleapis.com/auth/fitness.body_temperature.readView body temperature data in Google Fithttps://www.googleapis.com/auth/fitness.body_temperature.writeView and store body temperature data in Google Fithttps://www.googleapis.com/auth/fitness.location.readView your stored location data in Google Fithttps://www.googleapis.com/auth/fitness.location.writeView and store your location data in Google Fithttps://www.googleapis.com/auth/fitness.nutrition.readView nutrition information in Google Fithttps://www.googleapis.com/auth/fitness.nutrition.writeView and store nutrition information in Google Fithttps://www.googleapis.com/auth/fitness.oxygen_saturation.readView oxygen saturation data in Google Fithttps://www.googleapis.com/auth/fitness.oxygen_saturation.writeView and store oxygen saturation data in Google Fithttps://www.googleapis.com/auth/fitness.reproductive_health.readView reproductive health data in Google Fithttps://www.googleapis.com/auth/fitness.reproductive_health.writeView and store reproductive health data in Google FitScopeshttps://www.googleapis.com/auth/fusiontablesManage your Fusion Tableshttps://www.googleapis.com/auth/fusiontables.readonlyView your Fusion TablesScopeshttps://www.googleapis.com/auth/drive.appdataView and manage its own configuration data in your Google Drivehttps://www.googleapis.com/auth/gamesShare your Google+ profile information and view and manage your game activityhttps://www.googleapis.com/auth/plus.loginKnow the list of people in your circles, your age range, and languageScopeshttps://www.googleapis.com/auth/androidpublisherView and manage your Google Play Developer accountScopeshttps://www.googleapis.com/auth/gamesShare your Google+ profile information and view and manage your game activityhttps://www.googleapis.com/auth/plus.loginKnow the list of people in your circles, your age range, and languageScopeshttps://www.googleapis.com/auth/bigqueryView and manage your data in Google BigQueryhttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/devstorage.read_writeManage your data in Google Cloud Storagehttps://www.googleapis.com/auth/genomicsView and manage Genomics datahttps://www.googleapis.com/auth/genomics.readonlyView Genomics dataScopeshttps://mail.google.com/Read, send, delete, and manage your emailhttps://www.googleapis.com/auth/gmail.composeManage drafts and send emailshttps://www.googleapis.com/auth/gmail.insertInsert mail into your mailboxhttps://www.googleapis.com/auth/gmail.labelsManage mailbox labelshttps://www.googleapis.com/auth/gmail.metadataView your email message metadata such as labels and headers, but not the email bodyhttps://www.googleapis.com/auth/gmail.modifyView and modify but not delete your emailhttps://www.googleapis.com/auth/gmail.readonlyView your email messages and settingshttps://www.googleapis.com/auth/gmail.sendSend email on your behalfhttps://www.googleapis.com/auth/gmail.settings.basicManage your basic mail settingshttps://www.googleapis.com/auth/gmail.settings.sharingManage your sensitive mail settings, including who can manage your mailScopesprofileView your basic profile infoemailView your email addressopenidAuthenticate using OpenID ConnectScopeshttps://www.googleapis.com/auth/apps.groups.migrationManage messages in groups on your domainScopeshttps://www.googleapis.com/auth/apps.groups.settingsView and manage the settings of a G Suite groupScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/firebaseView and administer all your Firebase data and settingsScopeshttps://www.googleapis.com/auth/cloud-languageApply machine learning models to reveal the structure and meaning of texthttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/apps.licensingView and manage G Suite licenses for your domainScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/logging.adminAdministrate log data for your projectshttps://www.googleapis.com/auth/logging.readView log data for your projectshttps://www.googleapis.com/auth/logging.writeSubmit log data for your projectsScopeshttps://www.googleapis.com/auth/manufacturercenterManage your product listings for Google Manufacturer CenterScopeshttps://www.googleapis.com/auth/glass.locationView your locationhttps://www.googleapis.com/auth/glass.timelineView and manage your Glass timelineScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/monitoringView and write monitoring data for all of your Google and third-party Cloud and API projectshttps://www.googleapis.com/auth/monitoring.readView monitoring data for all of your Google Cloud and third-party projectshttps://www.googleapis.com/auth/monitoring.writePublish metric data to your Google Cloud projectsScopeshttps://www.googleapis.com/auth/plus.loginKnow the list of people in your circles, your age range, and languagehttps://www.googleapis.com/auth/plus.meKnow who you are on Googlehttps://www.googleapis.com/auth/userinfo.emailView your email addresshttps://www.googleapis.com/auth/userinfo.profileView your basic profile infoScopesopenidAuthenticate using OpenID ConnectprofileView your basic profile infoemailView your email addressScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/computeView and manage your Google Compute Engine resourceshttps://www.googleapis.com/auth/compute.readonlyView your Google Compute Engine resourcesScopeshttps://www.googleapis.com/auth/contactsManage your contactshttps://www.googleapis.com/auth/contacts.readonlyView your contactshttps://www.googleapis.com/auth/plus.loginKnow the list of people in your circles, your age range, and languagehttps://www.googleapis.com/auth/user.addresses.readView your street addresseshttps://www.googleapis.com/auth/user.birthday.readView your complete date of birthhttps://www.googleapis.com/auth/user.emails.readView your email addresseshttps://www.googleapis.com/auth/user.phonenumbers.readView your phone numbershttps://www.googleapis.com/auth/userinfo.emailView your email addresshttps://www.googleapis.com/auth/userinfo.profileView your basic profile infoScopeshttps://www.googleapis.com/auth/androidpublisherView and manage your Google Play Developer accountScopeshttps://www.googleapis.com/auth/playmovies_partner.readonlyView the digital assets you publish on Google Play Movies and TVScopeshttps://www.googleapis.com/auth/plus.loginKnow the list of people in your circles, your age range, and languagehttps://www.googleapis.com/auth/plus.meKnow who you are on Googlehttps://www.googleapis.com/auth/userinfo.emailView your email addresshttps://www.googleapis.com/auth/userinfo.profileView your basic profile infoScopeshttps://www.googleapis.com/auth/plus.circles.readView your circles and the people and pages in themhttps://www.googleapis.com/auth/plus.circles.writeManage your circles and add people and pages. People and pages you add to your circles will be notified. Others may see this information publicly. People you add to circles can use Hangouts with you.https://www.googleapis.com/auth/plus.loginKnow the list of people in your circles, your age range, and languagehttps://www.googleapis.com/auth/plus.meKnow who you are on Googlehttps://www.googleapis.com/auth/plus.media.uploadSend your photos and videos to Google+https://www.googleapis.com/auth/plus.profiles.readView your own Google+ profile and profiles visible to youhttps://www.googleapis.com/auth/plus.stream.readView your Google+ posts, comments, and streamhttps://www.googleapis.com/auth/plus.stream.writeManage your Google+ posts, comments, and streamhttps://www.googleapis.com/auth/userinfo.emailView your email addresshttps://www.googleapis.com/auth/userinfo.profileView your basic profile infoScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/devstorage.full_controlManage your data and permissions in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_onlyView your data in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_writeManage your data in Google Cloud Storagehttps://www.googleapis.com/auth/predictionManage your data in the Google Prediction APIScopeshttps://www.googleapis.com/auth/userlocation.beacon.registryView and modify your beaconsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/pubsubView and manage Pub/Sub topics and subscriptionsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/computeView and manage your Google Compute Engine resourceshttps://www.googleapis.com/auth/compute.readonlyView your Google Compute Engine resourcesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/replicapoolView and manage replica poolshttps://www.googleapis.com/auth/replicapool.readonlyView replica poolsScopeshttps://www.googleapis.com/auth/apps.orderManage users on your domainhttps://www.googleapis.com/auth/apps.order.readonlyManage users on your domainScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/computeView and manage your Google Compute Engine resourceshttps://www.googleapis.com/auth/compute.readonlyView your Google Compute Engine resourceshttps://www.googleapis.com/auth/ndev.cloudmanView and manage your Google Cloud Platform management resources and deployment status informationhttps://www.googleapis.com/auth/ndev.cloudman.readonlyView your Google Cloud Platform management resources and deployment status informationScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloudruntimeconfigManage your Google Cloud Platform services' runtime configurationScopeshttps://mail.google.com/Read, send, delete, and manage your emailhttps://www.google.com/calendar/feedsManage your calendarshttps://www.google.com/m8/feedsManage your contactshttps://www.googleapis.com/auth/admin.directory.groupView and manage the provisioning of groups on your domainhttps://www.googleapis.com/auth/admin.directory.userView and manage the provisioning of users on your domainhttps://www.googleapis.com/auth/driveView and manage the files in your Google Drivehttps://www.googleapis.com/auth/formsView and manage your forms in Google Drivehttps://www.googleapis.com/auth/forms.currentonlyView and manage forms that this application has been installed inhttps://www.googleapis.com/auth/groupsView and manage your Google Groupshttps://www.googleapis.com/auth/spreadsheetsView and manage your spreadsheets in Google Drivehttps://www.googleapis.com/auth/userinfo.emailView your email addressScopesservicecontrolReport usage across Google managed servicescloud-platformView and manage your data across Google Cloud Platform servicesScopesservice.managementManage your Google API service configurationcloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/servicecontrolManage your Google Service Control dataScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/service.managementManage your Google API service configurationhttps://www.googleapis.com/auth/service.management.readonlyView your Google API service configurationScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/service.managementManage your Google API service configurationScopeshttps://www.googleapis.com/auth/driveView and manage the files in your Google Drivehttps://www.googleapis.com/auth/drive.fileView and manage Google Drive files and folders that you have opened or created with this apphttps://www.googleapis.com/auth/drive.readonlyView the files in your Google Drivehttps://www.googleapis.com/auth/spreadsheetsView and manage your spreadsheets in Google Drivehttps://www.googleapis.com/auth/spreadsheets.readonlyView your Google SpreadsheetsScopeshttps://www.googleapis.com/auth/siteverificationManage the list of sites and domains you controlhttps://www.googleapis.com/auth/siteverification.verify_onlyManage your new site verifications with GoogleScopeshttps://www.googleapis.com/auth/driveView and manage the files in your Google Drivehttps://www.googleapis.com/auth/drive.readonlyView the files in your Google Drivehttps://www.googleapis.com/auth/presentationsView and manage your Google Slides presentationshttps://www.googleapis.com/auth/presentations.readonlyView your Google Slides presentationshttps://www.googleapis.com/auth/spreadsheetsView and manage your spreadsheets in Google Drivehttps://www.googleapis.com/auth/spreadsheets.readonlyView your Google SpreadsheetsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/source.full_controlManage your source code repositorieshttps://www.googleapis.com/auth/source.read_onlyView the contents of your source code repositorieshttps://www.googleapis.com/auth/source.read_writeManage the contents of your source code repositoriesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/spanner.adminAdminister your Spanner databaseshttps://www.googleapis.com/auth/spanner.dataView and manage the contents of your Spanner databasesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/sqlservice.adminManage your Google SQL Service instancesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-platform.read-onlyView your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/devstorage.full_controlManage your data and permissions in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_onlyView your data in Google Cloud Storagehttps://www.googleapis.com/auth/devstorage.read_writeManage your data in Google Cloud StorageScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/streetviewpublishPublish and manage your 360 photos on Google Street ViewScopeshttps://www.googleapis.com/auth/tagmanager.delete.containersDelete your Google Tag Manager containershttps://www.googleapis.com/auth/tagmanager.edit.containersManage your Google Tag Manager container and its subcomponents, excluding versioning and publishinghttps://www.googleapis.com/auth/tagmanager.edit.containerversionsManage your Google Tag Manager container versionshttps://www.googleapis.com/auth/tagmanager.manage.accountsView and manage your Google Tag Manager accountshttps://www.googleapis.com/auth/tagmanager.manage.usersManage user permissions of your Google Tag Manager account and containerhttps://www.googleapis.com/auth/tagmanager.publishPublish your Google Tag Manager container versionshttps://www.googleapis.com/auth/tagmanager.readonlyView your Google Tag Manager container and its subcomponentsScopeshttps://www.googleapis.com/auth/taskqueueManage your Tasks and Taskqueueshttps://www.googleapis.com/auth/taskqueue.consumerConsume Tasks from your TaskqueuesScopeshttps://www.googleapis.com/auth/tasksManage your taskshttps://www.googleapis.com/auth/tasks.readonlyView your tasksScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-translationTranslate text from one language to another using Google TranslateScopeshttps://www.googleapis.com/auth/urlshortenerManage your goo.gl short URLsScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform servicesScopeshttps://www.googleapis.com/auth/cloud-platformView and manage your data across Google Cloud Platform serviceshttps://www.googleapis.com/auth/cloud-visionApply machine learning models to understand and label imagesScopeshttps://www.googleapis.com/auth/webmastersView and manage Search Console data for your verified siteshttps://www.googleapis.com/auth/webmasters.readonlyView Search Console data for your verified sitesScopeshttps://www.googleapis.com/auth/youtubeManage your YouTube accounthttps://www.googleapis.com/auth/youtube.force-sslManage your YouTube accounthttps://www.googleapis.com/auth/youtube.readonlyView your YouTube accounthttps://www.googleapis.com/auth/youtube.uploadManage your YouTube videoshttps://www.googleapis.com/auth/youtubepartnerView and manage your assets and associated content on YouTubehttps://www.googleapis.com/auth/youtubepartner-channel-auditView private information of your YouTube channel relevant during the audit process with a YouTube partnerScopeshttps://www.googleapis.com/auth/youtubeManage your YouTube accounthttps://www.googleapis.com/auth/youtube.readonlyView your YouTube accounthttps://www.googleapis.com/auth/youtubepartnerView and manage your assets and associated content on YouTubehttps://www.googleapis.com/auth/yt-analytics-monetary.readonlyView monetary and non-monetary YouTube Analytics reports for your YouTube contenthttps://www.googleapis.com/auth/yt-analytics.readonlyView YouTube Analytics reports for your YouTube contentScopeshttps://www.googleapis.com/auth/yt-analytics-monetary.readonlyView monetary and non-monetary YouTube Analytics reports for your YouTube contenthttps://www.googleapis.com/auth/yt-analytics.readonlyView YouTube Analytics reports for your YouTube content

developers.google.com

Authentication using the Google APIs Client Library for JavaScript  |  API Client Library for JavaScript  |  Google Developers

Overview

To access a user's private data, your application must work with Google's policies for authentication and authorization.

Google defines two levels of API access:

Level Description Requires:
Simple API calls do not access any private user data API key
Authorized API calls can read and write private user data, or the application's own data API key plus OAuth 2.0 credentials (different for different application types)

Getting access keys for your application

To get access keys, go to the Google Developers Console and specify your application's name and the Google APIs it will access. For simple access, Google generates an API key that uniquely identifies your application in its transactions with the Google Auth server.

For authorized access, you must also tell Google your website's protocol and domain. In return, Google generates a client ID. Your application submits this to the Google Auth server to get an OAuth 2.0 access token.

For detailed instructions for this process, see the Getting started page.

See below for details and examples of how to use these credentials in your application.

Simple access using the API key

The API key identifies your application for requests that don't require authorization.

Whether or not your application requires authorized access, your code should call gapi.client.init with the apiKey parameter.

gapi.client.init({ 'apiKey': 'YOUR_API_KEY', ... }).then(...)

For a complete example of simple API access, follow this link.

Authorized access

To access a user's personal information, your application must work with Google's OAuth 2.0 mechanism.

OAuth 2.0 basics

You may want to start with this overview of Using OAuth 2.0 to Access Google APIs.

Behind the scenes, the OAuth 2.0 mechanism performs a complex operation to authenticate the user, the application, and the Google Auth server. The components of the JavaScript client library manage this process for you, so that all your code has to do is pass in the following objects:

  • The client ID you received when you registered your application
  • The scope object that specifies which data your application will use

About scope

The scope object defines the level of access to a particular API that your application will use. For more information about how scopes work, refer to this OAuth 2.0 documentation. The scope is a space delimited string. The following example represents read-only access to a user's Google Drive:

https://www.googleapis.com/auth/drive.readonly

OAuth 2.0 authorization flow

The JavaScript client library uses the OAuth 2.0 client-side flow for making requests that require authorization. If you would like to see what this looks like in action, check out Google's OAuth 2.0 Playground.

OAuth 2.0 authorization in the JavaScript client library proceeds as follows:

  1. The user clicks a "login" link.
  2. The browser shows a popup that allows the user to authenticate and authorize the web application.
  3. After successful authorization, the browser redirects the user back to the calling application (your application).
  4. The callback saves the authorization token and closes the popup.

After this, the user is signed in to your application, and the application is authorized to access the user's personal data. The user's sign-in state is persistent across sessions, so the next time the user opens your application, the user is automatically signed in.

Auth example

See the auth example on the Samples page.

Making a request with CORS

To make an authenticated CORS request, you can add the OAuth 2.0 access token to the request header or add it as a URL parameter. For details, read the CORS documentation.

The standalone auth client

Your application can also use a subset of the full JavaScript client library that performs authentication and nothing else. It includes only the gapi.auth methods.

Use the standalone auth client in web applications that will run in environments with full CORS support, such as Chrome extensions and mobile browsers. If your application may run on browsers which do not support CORS, or if you want to use other features of the JavaScript library, use the standard JavaScript client.

For information about how to load and use the auth client, see the CORS documentation.

developers.google.com

Advanced Authentication Methods  |  Container Registry  |  Google Cloud Platform

If your application can't use the gcloud command-line tool to authenticate to Container Registry, you can use docker login directly to authenticate. This allows the use of third-party continuous integration solutions and cluster management technology with Container Registry.

The docker login command requires your Docker username and password.

Note: Authentication using --email has been deprecated and will be unavailable as of Docker 17.06.

We strongly recommend that you use the gcloud docker command to log in to Google Container Registry when possible. This provides secure, short-lived access to your project resources. These alternatives should only be used when required, and when the security implications are understood.

Docker credential helper

Docker needs access to Container Registry to push and pull images. You can use the Docker credential helper tool to configure your Container Registry credentials for use with Docker.

The credential helper fetches your Container Registry credentials—either automatically, or from a location specified using its --token-source flag—then writes them to Docker's configuration file. This way, you can use Docker's command-line tool, docker, to interact directly with Container Registry.

You can install the Docker credential helper tool via the gcloud command-line tool:

gcloud components install docker-credential-gcr

Then, configure Docker to use your Container Registry credentials when interacting with Container Registry:

docker-credential-gcr configure-docker

See the credential helper documentation for more information.

Using an access token

Access tokens are short-lived tokens that provide read/write access to your Google Cloud Platform resources.

The gcloud docker command authenticates Docker commands by passing a short-lived access token as a password to Container Registry.

  • For docker pull and docker search, the access token must use the devstorage.read_only scope.
  • For docker push, the access token must use the devstorage.read_write scope.

This same scheme can be used in the absence of the gcloud command-line tool by creating an appropriate access token (such as Compute Engine instance metadata).

The access granted by this token is the same as what is granted when using the gcloud docker command to authenticate, making this the safest of the alternative authentication methods.

To use an access token, see the Application Default Credentials documentation. Then, use the following credentials:

Linux / macOS
Username oauth3accesstoken
Password Your access token. For example, $(gcloud auth application-default print-access-token)

For example:

docker login -u oauth3accesstoken -p "$(gcloud auth application-default print-access-token)" https://gcr.io Windows
Username oauth3accesstoken
Password Copy-and-paste the output of gcloud auth application-default print-access-token.

For example:

gcloud auth application-default print-access-token ya29.8QEQIfY_... docker login -u oauth3accesstoken -p "ya29.8QEQIfY_..." https://gcr.io

Using a JSON key file

A service account JSON key file is a long-lived credential that is scoped to a specific Cloud Platform Console project and its resources.

Service accounts automatically created by Google Cloud Platform, such as the Container Registry service account, are granted the read-write Editor role for your whole project. However, you may wish to grant other service accounts more specific permissions. Configuring Access Control explains the roles that can interact with Container Registry.

You can grant the service account access to the Google Cloud Storage bucket containing your Container Registry images.

Alternatively, if a service account is only used for pulling and viewing images, you can set the service account's project-level role to the read-only Viewer from the Cloud Platform Console IAM menu. However, the Viewer role has read-only permissions for your whole project and all of its resources, which may not be desired.

To use a JSON key file, follow the service account instructions instructions in the Google Cloud Platform Console Help Center. Then, use the following credentials:

Linux / macOS
Username _json_key
Password The contents of the key file you downloaded when creating the service account.

For example:

docker login -u _json_key -p "$(cat keyfile.json)" https://gcr.io Windows
Username _json_key
Password The contents of the key file you downloaded when creating the service account.

For example:

set /p PASS=<keyfile.json docker login -u _json_key -p "%PASS%" https://gcr.io

See the service accounts documentation to learn more about configuring service accounts.

cloud.google.com


Смотрите также