I've been looking into Google Calendar API as a way to manage calendar/event information for my application. It looks like Google Calendar API is setup to connect to a Google user's account. After you have access to the user's account you can add/update/manipulate calendar and event information. I want this same functionality but on a "user account" that is virtual.. not owned by a real user but an account created specific to my application to use. Is this possible?
The docs mention Google will show a consent page to the user to integrate with the users calendar, how would I go about coding the authentication for my calendar if I (the application) owns the account and calendar?
You could use a service account, which will belong to a project in your dev console, and you can give it credentials to access its own calendar.
See Using OAuth 2.0 to Access Google APIs
Related
we are provide saas plugin to our customers, we need to get events for each customer's website without creating seperate GTM container and GA property , All the process will takes place in background.
There should be no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
so we need to use google analytics Api without google sign in
is there a way to do this
we are provide saas plugin to our customers, we need to get events for each customer's website
If you want to connect to the analytics accounts for your customers websites they you need to be authorized to access their private data.
no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
You can not login to anyones google account using login and password that was called client login and google disabled that in 2015. You will need to use Oauth2 request consent and gain authorization to access their private data.
so we need to use google analytics Api without google sign in
Sign in is authentication, the Google analytics api operations on authorization. The user needs to consent and grate you authorization to access their data.
is there a way to do this
No you can not access private user data without the owner of that data authorizing your access to that data.
I am currently writing an online-booking-module and I want to store events (beside in the database) in a owned google-calendar (this calendar is then added to the responsible employee in outlook).
My idea was just to give the API my auth-data and the calendar-id and then being able to insert and delete events.
The calendar must be private, not public!
Now I see it is more designed to access user's calenders getting their permission etc...
Answer:
Yes, you can authenticate the application as yourself and add the events to a private calendar owned by you.
More Information:
Once the application has been published and contains your credentials and token, there will be no issue running the Events add Calendar API method as you, regardless of who runs the program.
Other option:
Alternatively, you could create a Service account to impersonate your account and run the calendar API queries, though you would need to provide the Service Account with access to your private Google Calendar.
References:
Google Calendar API - Events: insert
Authorizing Requests to the Google Calendar API
Google Developer Admin Console
Google Cloud - Service Accounts
Understanding Service Accounts
Creating and Managing Service Accounts
Creating and Managing Service Account Keys
Granting Roles to Service Accounts
I want to be able create calendar events in my Action that runs through Google Assistant.
Right now I was able to modify this Quickstart guide (https://developers.google.com/calendar/quickstart/nodejs) and use it in my current Dialogflow fulfillment. However, it's a little tedious to have the user have to copy and paste the authentication code after allowing Google Calendar access. Are there any better ways to do this that doesn't require the copy-paste flow? Thanks in advance!
Use Account linking with Google Sign-In
https://developers.google.com/actions/identity/google-sign-in
Then send a card to the user device with a link to authorise Google Calendar access. Store the authentication code securely against the user. Use the authentication code to make requests.
Broadly speaking, the approach you can take is to use Google Sign-In, as outlined in this SO answer: Google Home Authorization Code and Authentication with Google Account.
With this scheme, you use a website to get the user to authorize your use of the Calendar API scope, and you store the auth token against their UserID. Then you use Google Sign-In with the Assistant to get that ID. This works well if they go to your web page first, but not as well if they go to the Assistant first.
You can also setup an OAuth server that lets users sign-in using Google Sign-In on a web page (or use something like Auth0 and, as part of that sign-in, get authorization for the Calendar scope. Then use OAuth Account Linking in the Google Assistant to get an auth token which you can use to get the user's ID. You can then use this ID to lookup the authorization token.
I want to be able to access other users Google Calendars through a service account so I am not prompted for authorization. I am doing this in a simple .net c# console app. When I attempt to create my credentials in the Google API Manager, it gives me the following alert when I specify I am using a non UI app and I want to access User Data. Isn't the purpose of using the service account to access other users data without a UI?
"User data cannot be accessed from a platform without a UI because it requires user interaction for sign-in."
You may have misunderstood the meaning of using a service account to impersonate a user. To help you with Authentication, you might want to check this tutorial : Google Calendar API Authentication with C# by Daimto.
Things to take note of :
To be able to access other calendars by service account, users who own the calendar should share it to the service account.
To impersonate a user, you must know the email address.
From the tutorial:
If you are only accessing data that you own there is no reason to ask a user for permission to access it. You can use a Service account. (Privacy)
If you want to be able to access data owned by someone else you will need to be authenticated.
Hope this helps!
I have built a web application that uses a service account linked to my own Google Account. We use Google Apps, so my Google Account is part of a domain. We have a server with shared contacts, so all of our clients are available as contacts for everyone. In my contacts, this group is called 'directory'.
The application retrieves events from the Google Calendar using the Google Api PHP client. It also retrieves attendees inlcuding all details for those attendees. But if the attendee is not within our domain, it will only retrieve the e-mail address. I also want to get the name for that attendee.
These names are in my contacts in the directory group. When I create an event and invite guests, I can retrieve these contacts and it will show the name and mail adress. But when retrieving the attendees via the API it does not show these names.
Is this a restriction of the API? Is there a solution for this?
I do not want to use the Contacts api with a non-service account, because I don't want to give permission everytime. It is not possible to use the Contacts api with a service account as far as I know.
You are correct that a service account won't work with the Contacts API, however you don't have to authorize it every time you use it. You can provide domain-wide delegation with two-legged OAuth 1.0a instead of 2.0. See https://developers.google.com/google-apps/contacts/v3/index#authorizing_requests_to_the_+wzxhzdk8+_service and https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth.
Depending on your setup, you can also use the three-legged OAuth 2.0 flow for a single administrator account and save the refresh token. This would let you re-use that authorization without requiring explicit permission again.