GNOME Online Accounts - Single sign-on framework for GNOME ========================================================== Facebook -------- OAuth 2.0: https://developers.facebook.com/docs/authentication/ https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow https://developers.facebook.com/docs/reference/dialogs/oauth/ https://developers.facebook.com/tools/explorer/ Scopes: https://developers.facebook.com/docs/authentication/permissions/ Notes: The client-side flow returns the access_token and expires_in in the URI's fragment, and does not provide a refresh_token. However, if the user denied access then the error is returned in the URI's query. The URIs look like this: - ?#access_token=... - ?error=access_denied...#_=_ Flickr ------ OAuth 1.0: http://www.flickr.com/services/api/auth.oauth.html Foursquare ---------- OAuth 2.0: https://developer.foursquare.com/overview/auth Google ------ OAuth 2.0: https://developers.google.com/accounts/docs/OAuth2InstalledApp https://developers.google.com/oauthplayground/ Scopes: https://developers.google.com/accounts/docs/OAuth2Login https://developers.google.com/google-apps/calendar/auth https://developers.google.com/google-apps/contacts/v3/ https://developers.google.com/drive/web/scopes https://developers.google.com/google-apps/gmail/oauth_protocol https://developers.google.com/picasa-web/docs/2.0/developers_guide_protocol https://developers.google.com/talk/jep_extensions/oauth https://developers.google.com/cloud-print/docs/devguide Sometimes the documentation does not mention the OAuth2 scopes that need to be specified in the source code. In such cases, the following can be useful: https://developers.google.com/oauthplayground/ https://discovery-check.appspot.com/ Notes: We are allowed to embed the client_secret in the source code. See https://developers.google.com/accounts/docs/OAuth2InstalledApp#overview Pocket ------ OAuth 2.0 variant: https://getpocket.com/developer/docs/authentication Authenticating with a Firefox Account is not documented. These slides are useful: http://www.slideshare.net/KuoE0/pocket-authentication-with-oauth-on-firefox-os Todoist ------- OAuth 2.0: https://developer.todoist.com/ Windows Live ------------ OAuth 2.0: http://msdn.microsoft.com/en-us/library/live/hh243647.aspx Scopes: http://msdn.microsoft.com/en-us/library/live/hh243646.aspx http://blogs.office.com/b/microsoft-outlook/archive/2013/09/12/outlook-com-now-with-imap.aspx Notes: We do not need the client_secret because we are marked as a desktop or mobile application, and we use https://login.live.com/oauth20_desktop.srf as the redirect_uri.