Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
cordova-plugin-googleplus
Advanced tools
This plugin allows you to log on with your Google account on iOS and Android. You will not only get the email address of the user, but also stuff like their full name and gender.
Android
iOS
To communicate with Google+ you need to do some tedious setup, sorry.
To get your iOS API key, follow Step 1 of this guide
get a configuration file here.
This GoogleService-Info.plist
file contains the REVERSED_CLIENT_ID
you'll need during installation.
To configure Android, follow Step 1 of this guide
Make sure you execute the keytool
steps as well or authentication will fail.
This plugin is compatible with Cordova Plugman, compatible with PhoneGap 3.0 CLI, here's how it works with the CLI (backup your project first!):
Using the Cordova CLI and npm
$ cordova plugin add cordova-plugin-googleplus --variable REVERSED_CLIENT_ID=myreversedclientid
$ cordova prepare
To fetch the latest version from GitHub, use
$ cordova plugin add https://github.com/EddyVerbruggen/cordova-plugin-googleplus --variable REVERSED_CLIENT_ID=myreversedclientid
$ cordova prepare
GooglePlus.js is brought in automatically. There is no need to change or add anything in your html.
Add this to your config.xml:
<gap:plugin name="cordova-plugin-googleplus" source="npm">
<param name="REVERSED_CLIENT_ID" value="myreversedclientid" />
</gap:plugin>
Check the demo app to get you going quickly, or hurt yourself and follow these steps.
Note that none of these methods should be called before deviceready
has fired.
You'll want to check this before showing a 'Sign in with Google+' button.
On iOS it will check whether or not the Google+ app is installed. If it's not and you invoke the login
function,
your app will redirect to Safari which seems an app rejection reason these days.
On Android it will check whether or not Google Play Services is available. It's more likely than not that it is.
window.plugins.googleplus.isAvailable(
function (available) {
if (available) {
// show the Google+ sign-in button
}
}
);
window.plugins.googleplus.login(
{
'scopes': '... ', // optional space-separated list of scopes, the default is sufficient for login and basic profile info
'offline': true, // optional and required for Android only - if set to true the plugin will also return the OAuth access token, that can be used to sign in to some third party services that don't accept a Cross-client identity token (ex. Firebase)
'webApiKey': 'api of web app', // optional API key of your Web application from Credentials settings of your project - if you set it the returned idToken will allow sign in to services like Azure Mobile Services
// there is no API key for Android; you app is wired to the Google+ API by listing your package name in the google dev console and signing your apk (which you have done in chapter 4)
},
function (obj) {
alert(JSON.stringify(obj)); // do something useful instead of alerting
},
function (msg) {
alert('error: ' + msg);
}
);
Note that if you're only targeting Android you can pass {}
for the first argument.
The success callback (second argument) gets a JSON object with the following contents, with example data of my Google+ account:
obj.email // 'eddyverbruggen@gmail.com'
obj.userId // user id
obj.displayName // 'Eddy Verbruggen'
obj.imageUrl // 'http://link-to-my-profilepic.google.com'
obj.idToken
obj.oauthToken
// these are only available on Android at the moment
obj.gender // 'male' (other options are 'female' and 'unknown'
obj.givenName // 'Eddy'
obj.middleName // null (or undefined, depending on the platform)
obj.familyName // 'Verbruggen'
obj.birthday // '1977-04-22'
obj.ageRangeMin // 21 (or null or undefined or a different number)
obj.ageRangeMax // null (or undefined or a number)
When the user comes back to your app and you're not sure if he needs to log in,
you can call trySilentLogin
to try logging him in.
If it succeeds you will get the same object as the login
function gets,
but if it fails it will not show the authentication dialog to the user.
The code is exactly the same a login
, except for the function name.
window.plugins.googleplus.trySilentLogin(
{
'offline': true, // optional and required for Android only - if set to true the plugin will also return the OAuth access token, that can be used to sign in to some third party services that don't accept a Cross-client identity token (ex. Firebase)
'webApiKey': 'api of web app' // optional API key of your Web application from Credentials settings of your project - if you set it the returned idToken will allow sign in to services like Azure Mobile Services
},
function (obj) {
alert(JSON.stringify(obj)); // do something useful instead of alerting
},
function (msg) {
alert('error: ' + msg);
}
);
This will clear the OAuth2 token.
window.plugins.googleplus.logout(
function (msg) {
alert(msg); // do something useful instead of alerting
}
);
This will clear the OAuth2 token and forget which account was used to login. On Android this will always force the user to authenticate the app again, on iOS using logout seems to do the job already. Need to investigate this a bit more..
window.plugins.googleplus.disconnect(
function (msg) {
alert(msg); // do something useful instead of alerting
}
);
Q: After authentication I'm not redirected back to my app.
A: You probably changed the bundle id of your app after installing this plugin. Make sure that (on iOS) the CFBundleURLTypes
bit in your .plist
file is the same as the actual bundle id originating from config.xml
.
Q: I can't get authentication to work on Android. And why is there no ANDROID API KEY?
A: On Android you need to execute the keytool
steps, see the installation instructions for details.
4.0.3: On iOS isAvailable
always returns try since that should be fine with the new Google SignIn framework. Re-added imageUrl to the result of SignIn on iOS.
4.0.1: Login on Android would crash the app if isAvailable
was invoked beforehand.
4.0.0: Removed the need for iosApiKey
, reverted Android to Google playservices framework for wider compatibility, documented scopes feature a bit.
3.0.0: Using Google Sign-In for iOS, instead of Google+.
1.1.0: Added isAvailable
, for issue #37
1.0.0: Initial version supporting iOS and Android
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Use your Google account to authenticate with the app.
The npm package cordova-plugin-googleplus receives a total of 1,774 weekly downloads. As such, cordova-plugin-googleplus popularity was classified as popular.
We found that cordova-plugin-googleplus demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.