GoGPS Authorization Method
User data protection has always been our top priority. To increase authorization security in GoGPS Hosting and GoGPS Local, we’ve integrated a more up-to-date and safe oAuth-based solution into the system.
GoGPS oAuth-based Authorization: Basic Principles
- For security reasons, an authorization form can be accessed only from trusted DNSs, which have a form of *.gogps.eu (or your extra site DNS). It means that it is allowed to authorize to GoGPS using a form located on GoGPS server only;
- Once you’ve successfully authorized, the server automatically generates a token and saves it in User settings. The token helps you enter websites and use applications. You can also pass it to other users if your token was generated with restricted access rights;
- A token has a number of properties including time of activation, expiry date, access rights, name and so on. You can restrict rights to a token and change its expiry date if needed. By default tokens are created for 30 days and their access rights correspond to those of a User;
- All the tokens you’ve generated can be seen in monitoring interface (User menu – Manage Applications – Authorized Applications). Token access rights are also displayed there. Using the dialog, you can delete the tokens you no longer need;
- Expired tokens are deleted automatically. Tokens are also deleted when unused for 100 days and more. To generate a new token, you have to enter login and password again;
- One user can have no more than 1 thousand tokens;
- When you enter GoGPS websites, both User and token access rights are considered. Therefore, token rights can restrict those of a User or leave them as they are.
You can use our oAuth form for a website and app authorization. There are 2 types of forms available (simple and advanced).
Advanced Authorization Form
The advanced authorization form is suitable for different applications (including mobile ones). On top of the form your logo is displaced; we take logos from your “skin” (personal design). At the bottom of the form, you can find login and password tabs as well as the button to submit the form. Advanced authorization form also includes a section with access rights and their description.
Simple Authorization Form
The simple authorization form can be integrated into business card websites through iframe. You can also use it to enter tracking sites after authorization. The logo is placed at the top of the form and tabs for login and password along with authorization button – at the bottom of it.
The simple form is meant to replace self-made authorization forms on our partners’ websites. It is small size, contains no sophisticated parameters and excessive requests.