Google Verification

[iRhonin]

Description

Added google verification.

Refers/Fixes

gitcoinco/skunkworks#187

Testing

This feature uses Google as a third-party, so can not test easily, but if you insists, I will find a way.

Senario

[iRhonin]

you should research mate the best node. and the best issue regarding to this project. why dont you try to read first mate. and you can create a good result regarding to this plan. and project. i alrready answer this yesterday. its about the verification and access in working in github.

Hi @rodgz1622,
I did not find your comment, the link you provided is a link to this PR.

[thelostone-mc]

cc @apbendi

[thelostone-mc]

@iRhonin Could you share a video with the whole flow where a user is not Google verified and what the steps are to get themselves verified ?

[thelostone-mc]

@iRhonin Could you share a video with the whole flow where a user is not Google verified and what the steps are to get themselves verified?

[thelostone-mc]

^ not very keen on having 2 new endpoints
Ideally I'd say we have one common endpoint

handle/verify/ as a POST operation and based on a body param -> we could decide which flow to send it into

cc @apbendi

[iRhonin]

Seems good, I will going for that.

[iRhonin]

I realized google callback URL can not be dynamic, so we can not include the handle parameter in the callback URL.
Another issue, google uses the GET method to call callback URL.
But existing twitter callback uses POST and getting a handle parameter in the URL. to merge them I need to change that.
@thelostone-mc what do you think?

[apbendi]

I think it's fine to have separate endpoints

[iRhonin]

@iRhonin Could you share a video with the whole flow where a user is not Google verified and what the steps are to get themselves verified ?

Added to the first comment.

[apbendi]

Is it possible to ask Google if the account is at least 6 months old? We do this for Twitter, and I think we should here as well.

[iRhonin]

@apbendi Unfortunately, I did not find any programmatic way to retrieve the account creation date.

[apbendi]

Awesome work @iRhonin! I left some feedback, but overall it looks great. Thanks for your contribution :)

[apbendi]

hey @iRhonin, I'm regression testing Google Verification as part of the preparation for Grants Round 8. Can you give me some instruction on how to properly set up a Google OAuth app as a part of my dev environment. I know I need these two env vars:

GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

...but I don't know what to do on the Google side to get these running from my own account for dev purposes. Could you provide some guidance?

[iRhonin]

Hello @apbendi, please check this documention

[owocki]

@iRhonin
the google account id of the user stored anywhere on the DB? during our testing we realized that multiple users could connect to the same google account id , which is def a problem for anti-sybil design.

would you be able to PR a fix for that? happy to pay in ETH :)

[iRhonin]

@iRhonin
the google account id of the user stored anywhere on the DB? during our testing we realized that multiple users could connect to the same google account id , which is def a problem for anti-sybil design.

would you be able to PR a fix for that? happy to pay in ETH :)

Sure, that is wired, I will fix that.