Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am building a Chrome Web Store application with the Google Drive API, and am wondering how I should authenticate the user.
The Chrome Web Store documentation recommends using the OpenID.
The Google Drive SDK documentation recommends using oauth2.
Should I support both? If a user logs in with OpenID, and then opens a file from Google Drive, is there a way I can know that the OpenID and oauth authentications should be linked to the same account?
The thing is that The Chrome Web Store only “recommends” to use OpenID (v2 I guess). However Drive forces the use of OAuth 2.0 when you create or open a file from Drive. I would recommend that you then use OAuth 2.0 based authentication – which is called OpenID Connect – since it is compatible with Drive and since you don’t have to use Chrome auth. You can simply trigger the OpenID Connect (OAuth 2.0-based) authentication flow from your web application when users are not coming fro Google Drive but are coming, for instance from the New Tab page in Chrome.
The only notable exception I can think of is if you are using Chrome’s billing API, then you might have to use OpenID v2.
In short: Use OpenID Connect (which is OAuth 2.0 based) since Drive forces you to use it and since it is also a more recent technology.