We're about to implement processing Google Analytics report data in a web application.
Is there a "consent window way" to grant access rather than having to manually generate access tokens and configuring access to report views?
Google analytics data is private user data. In order to access a users data you must have their permission. To gain the permission of a user you request their consent to your application accessing their data.
To do this we use Oauth2 there is no other way to access a users data you are going to have to request consent of the user. Oauth2 always shows a constant screen to the user the first time
Related
we are provide saas plugin to our customers, we need to get events for each customer's website without creating seperate GTM container and GA property , All the process will takes place in background.
There should be no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
so we need to use google analytics Api without google sign in
is there a way to do this
we are provide saas plugin to our customers, we need to get events for each customer's website
If you want to connect to the analytics accounts for your customers websites they you need to be authorized to access their private data.
no login requried ,insted we will send the username and password to Google Aalytics through code(JavaScript).
You can not login to anyones google account using login and password that was called client login and google disabled that in 2015. You will need to use Oauth2 request consent and gain authorization to access their private data.
so we need to use google analytics Api without google sign in
Sign in is authentication, the Google analytics api operations on authorization. The user needs to consent and grate you authorization to access their data.
is there a way to do this
No you can not access private user data without the owner of that data authorizing your access to that data.
I am something of a Google Analyitcs novice.
I have a PHP website that allows client to add their website names in order to advertise for services. When they add a website they own they have to validate it by allowing my server to login to their google analytics via the standard OAUTH permission screen etc, find their property and read their number of visits for the last month. The authorisation is stored in a session access token as $_SESSION['access_token'], which is then lost as soon as the session is closed or the user cleans out their browser. I think Google calls this a "web server application".
The problem is I would now like to run a cron every day on my server that accesses the google analytics of each of these customers who have authorised me and downloads the last days visitor numbers in order to be able to display them on the website. The problem I have is obviously I cannot be asking for the users OAUTH permission because it is occuring every day and without the user being present.
1) Would this new use case that does not require OAUTH and the users presence if they have already previously authorised me be a different type of application? What google analytics calls a "Service application"?
2) If it were a different type of application such as "service application" would I be able to loginto these accounts to pull the readonly data already authorised in the previous OAUTH web application, without requiring any further user input. Basically do the authorisations previously granted transfer over to a different type of application if I limit myself to using the same email address and using only the readonly properties I was granted access to?
I would appreciate any pointers or help - thanks.
So in the end I solved this by setting up OAUTH for a web app and then using refresh tokens to avoid having to ask for authorisation each time.
Referencing this post
, I tried to create an access token for my Google Actions. I enabled Google sign in, and end up with a user-id. The top post says "You can combine this with a web- or app-based Google Sign-In to get their permission to access OAuth scopes if you need to access Google's APIs" but I honestly have no idea how to do that. What I'm trying to do is get an access token from Google Actions/ Dialog flow to send to my server-end code in order to make a successful API POST request to Google Calendar API.
The post you reference that points to another StackOverflow answer that discusses the approach. It basically says that you need to combine two things to do what you want:
You use Google Sign In on a web page to let the user authorize you to access the calendar on their behalf.
You probably should use the hybrid flow so the access/refresh tokens are only handled on the server side - not in your web client.
Your server will store the access/refresh tokens in some way so you can use them as part of your Action later.
You will use Google Sign In for Assistant to authenticate the user when they connect through the Assistant and determine if they have already authorized you to access their calendar. If they have, you'll be able to get their access/refresh tokens out of your store and access their calendar.
You can't do it completely through AoG/Dialogflow because there is no way for the user to grant OAuth permissions to you by voice alone - this is why you need to direct the user to a web page for them to grant you permission to access their calendar.
Hi generated secret file using OAuth 2.0 client ID. In that secret file, I do not see any google mail address to authenticate or access permissions to that mail address. Still facing below error.
Arg, there was an API error : 403 : User does not have sufficient permissions for this profile.
How come I know, to which user, we do not have sufficient previliges?
Please help me with this
You have created an Oauth2 client for use with your application. When the application runs a user will need to login using their Google account and grant the application (client) access to their data. I have an article that explains how google oauth2 works if you are interested. Oauth2 for beginners
User does not have sufficient permissions for this profile.
Means that the user you have authenticated with does not have access to the Google Analytics profile you are trying to request data form. Try doing an Accountsummires.list this will return a list of the Google Analytics accounts that the current authenticated user has access to and the ones you will be able to request data from.
Question: How come I know, to which user, we do not have sufficient privileges?
You have a profile id you are trying to access find someone who has access to that profile and have them run your application. When they have logged in and authenticated they will be able to see the data.
I want to be able to access other users Google Calendars through a service account so I am not prompted for authorization. I am doing this in a simple .net c# console app. When I attempt to create my credentials in the Google API Manager, it gives me the following alert when I specify I am using a non UI app and I want to access User Data. Isn't the purpose of using the service account to access other users data without a UI?
"User data cannot be accessed from a platform without a UI because it requires user interaction for sign-in."
You may have misunderstood the meaning of using a service account to impersonate a user. To help you with Authentication, you might want to check this tutorial : Google Calendar API Authentication with C# by Daimto.
Things to take note of :
To be able to access other calendars by service account, users who own the calendar should share it to the service account.
To impersonate a user, you must know the email address.
From the tutorial:
If you are only accessing data that you own there is no reason to ask a user for permission to access it. You can use a Service account. (Privacy)
If you want to be able to access data owned by someone else you will need to be authenticated.
Hope this helps!