I want to be able create calendar events in my Action that runs through Google Assistant.
Right now I was able to modify this Quickstart guide (https://developers.google.com/calendar/quickstart/nodejs) and use it in my current Dialogflow fulfillment. However, it's a little tedious to have the user have to copy and paste the authentication code after allowing Google Calendar access. Are there any better ways to do this that doesn't require the copy-paste flow? Thanks in advance!
Use Account linking with Google Sign-In
https://developers.google.com/actions/identity/google-sign-in
Then send a card to the user device with a link to authorise Google Calendar access. Store the authentication code securely against the user. Use the authentication code to make requests.
Broadly speaking, the approach you can take is to use Google Sign-In, as outlined in this SO answer: Google Home Authorization Code and Authentication with Google Account.
With this scheme, you use a website to get the user to authorize your use of the Calendar API scope, and you store the auth token against their UserID. Then you use Google Sign-In with the Assistant to get that ID. This works well if they go to your web page first, but not as well if they go to the Assistant first.
You can also setup an OAuth server that lets users sign-in using Google Sign-In on a web page (or use something like Auth0 and, as part of that sign-in, get authorization for the Calendar scope. Then use OAuth Account Linking in the Google Assistant to get an auth token which you can use to get the user's ID. You can then use this ID to lookup the authorization token.
Related
we are provide saas plugin to our customers, we need to get events for each customer's website without creating seperate GTM container and GA property , All the process will takes place in background.
There should be no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
so we need to use google analytics Api without google sign in
is there a way to do this
we are provide saas plugin to our customers, we need to get events for each customer's website
If you want to connect to the analytics accounts for your customers websites they you need to be authorized to access their private data.
no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
You can not login to anyones google account using login and password that was called client login and google disabled that in 2015. You will need to use Oauth2 request consent and gain authorization to access their private data.
so we need to use google analytics Api without google sign in
Sign in is authentication, the Google analytics api operations on authorization. The user needs to consent and grate you authorization to access their data.
is there a way to do this
No you can not access private user data without the owner of that data authorizing your access to that data.
How can one use Firebase to SSO into some product?
Firebase is a federated IdP, meaning, they handle the auth flows for other IdPs, ie Google, Facebook, Twitter, etc.
So how can I set up a product with SSO that is expecting some kind of Auth flow, ie OIDC, SAML, when FireBase doesn't necessarily do that? Note, I am comfortable building my own login pages and using the FireBase SDK, I'm just not sure where to start.
Let's take Google for example. I can easily setup Google SSO for my product. I just generate a client ID/Secret in the Google Dashboard, and then use Google's OAuth flow.
My product initiates the login and redirects to Google for logins
Google identifies my user and redirects to my product's callback URL
Done, user is logged in
How would I do the same thing in FireBase, which is a sort of middleman between my product and Google?
If you have your own user auth system, and you want to integrate that with Firebase Auth for the purpose of creating accounts that integrate with other Firebase products, you can write a custom authentication provider. Your backend will take the user's credentials and create a custom auth token that the app can use to sign in the user.
Referencing this post
, I tried to create an access token for my Google Actions. I enabled Google sign in, and end up with a user-id. The top post says "You can combine this with a web- or app-based Google Sign-In to get their permission to access OAuth scopes if you need to access Google's APIs" but I honestly have no idea how to do that. What I'm trying to do is get an access token from Google Actions/ Dialog flow to send to my server-end code in order to make a successful API POST request to Google Calendar API.
The post you reference that points to another StackOverflow answer that discusses the approach. It basically says that you need to combine two things to do what you want:
You use Google Sign In on a web page to let the user authorize you to access the calendar on their behalf.
You probably should use the hybrid flow so the access/refresh tokens are only handled on the server side - not in your web client.
Your server will store the access/refresh tokens in some way so you can use them as part of your Action later.
You will use Google Sign In for Assistant to authenticate the user when they connect through the Assistant and determine if they have already authorized you to access their calendar. If they have, you'll be able to get their access/refresh tokens out of your store and access their calendar.
You can't do it completely through AoG/Dialogflow because there is no way for the user to grant OAuth permissions to you by voice alone - this is why you need to direct the user to a web page for them to grant you permission to access their calendar.
I am implementing Google Sign in in my VueJS App and I have a few questions before starting:
How to create a user when a user clicks on Google sign in button?
Do I have to create a custom route just for that?
Do I have to generate a random password because it is mandatory?
When a user is already registered and clicks on Google Sign in.
Do I have to pass Google Token from Vue JS to Symfony, then with google API, verify if token is valid and generate a token from my symfony application?
If you have some good documentation, I'll take it.
To get this started, it's actually a relatively complicated functionality to implement. This is because you'll have to use custom (maybe multiple if one can both login with Google account or register to your own website) guard authenticators. Moreover, you will need to use an OAuth bundle like KnpUOAuth2ClientBundle or HWIOAuthBundle.
The answer to your questions:
You have to create a custom route for that but you do not need to generate a random password, you can just make password nullable and add checks that it is null only for users logged in through Google (if it's not possible for you then just add something random as password). Additionally, I would propose to add a field provider to your User entity if you are providing both google and your own authentication. You should set this to 'google' or 'website respectively.
The user authentication process is being handled by Google and you are getting an access token as response that contains user's information like name, email etc, so you do not really have to worry about validating passwords etc.
This article helps you get started with KnpUOAuth2ClientBundle.
I'm using oauth to authenticate in google calendar, but i'm trying to send user and password to avoid open the authentication popup.
I'ts like automatic authentication.
Is it possible?
Thanks.
Since you want your application to always create events in a single calendar that is under your control, here is how I would do it:
Create a service account in Google Cloud Console - recent instructions on how to do so can be found here: google oauth2 how to get private key for service account
Share your calendar with that service account: https://support.google.com/calendar/answer/37082?hl=en
Write your code to use the service account credentials (private key downloaded in step 1).
I didn't post any sample code, as I'm not sure what language you are using. The following has some discussion of this use-case in PHP: Access Google calendar events from with service account: { "error" : "access_denied" }. No google apps