Google recommends migrating from the deprecated Clientlogin to OAuth 2.0. Let's assume I've got OAuth 2.0 working.
How can I then give the user a link that grants him authorization to one of his google pages without having to enter all login data again? (How to skip the login process?)
With Clientlogin this was possible - you could receive all needed tokens and start a TokenAuth. This was tricky because it wasn't documented, but worked.
How can I do this with OAuth 2.0?
Just to make it clear - I'm developing an installed application.
Okay, I've found a way.
I'm switching to OAuth2 and in the process hijack the google cookies.
OAuth 2 isn't more secure than the older ClientLogin. At one point, the user has to enter his credentials and once authenticated, I gain access to the SID
and LSID
.
With SID
and LSID
I can go the old way with TokenAuth OR directly merge sessions.