问题
First of all, sorry for my bad English :)
I am building a Gmail addon which integrates file uploading to an external website using their API. The API have an auth endpoint which uses plain authorization flow i.e. takes email and password of a user to authorize and return authorization token. That token is then used in the subsequent call of file uploading process.
My question is, it has been mentioned in gmail addon guide that an app should use oAuth when connecting to a third-party service. However, the related website's API do not have oAuth but use plain authorization flow. If I create a login form with email and password fields using the card service, would that be okay and approved by google to be listed in the addons directory? Creating oAuth on third party service is not in my hands
Thank you!
回答1:
Q: would that be okay and approved?
My experience is that it is OK to use basic authentication (since a lot of APIs still use basic auth, it would be devastating if the use of API was prohibited), most likely you will be approved. However, if there ever be a version of the API that supports OAuth, please, migrate as soon as possible.
Caveats
- You mentioned creating a login form in
CardService- please, be aware that there are no "password"-styleTextInputs, so all characters will be visible all the time + there isn't, as of yet, any support for input event, so you won't be able to emulate the behaviour easily. - If you are planning on storing the credentials, try to avoid using
PropertiesService- it isn't considered a secure storage (though if credentials are to be entered only once, storing the token should be fine). - You will still be asked to implement the
authorizationCheckFunction.
来源:https://stackoverflow.com/questions/60668319/log-in-to-an-external-site-from-gmail-addon