I need to develop a new PHP script which connects to my LinkedIn company page and then backup some datas. I read the official documentation on company pages management and the one about the OAuth2, but why should I use it ?
I don't understand : I don't want people to login on my website thought their linkedin account, I only need to connect to my company page in order to grab some datas.
PS : I already created an application on https://developer.linkedin.com/my-apps. What URL should I request with the "Client ID" and "Client Secret" keys ? I'm lost
LinkedIn requires you to use OAuth2.
A workaround for this is to authenticate under your account or your company account, get the access token, and store it in a database. The application then reads the token from the database to be submitted with any API calls, bypassing the need for users to authenticate themselves when they hit the website. This will allow you to display the company updates from LinkedIn on your homepage without prompting visitors for OAuth2 login.
If you take this approach, the token expires every 90 days and needs to be renewed. Depending on the amount of traffic you get, it might also be worthwhile to look into caching the API response so you're only making an API call every hour or so. Your developer account limits the number of API calls you can make in 24 hours, and if you exceed the threshold you will be locked out of making any additional requests until the following day.
Related
I am going over to a Wordpress and my WP plugin is asking me about "Authentication Code" And I have no idea where to find it.
Without the plugin name it is hard for me to determine what specific authentication code is needed, so I'll assume that you mean the OAuth Client ID. Please, forgive me if I am mistaken. You can generate a new OAuth Client ID following this steps:
Open Google Cloud Console and select your project.
Go to Navigation menu ⮞ APIs & Services ⮞ Credentials.
Select +Create credentials ⮞ OAuth client ID at the top.
You'll be prompted to select an application type. In case of a Wordpress plugin you need to choose Web application and give it a descriptive name.
Click on +ADD URI and include your webpage URL. This action will whitelist your webpage to authorize this OAuth client.
Tick Create to finish the process and annotate your client ID and secret.
With this procedure you would have created an OAuth client ID and its secret. Now we can take this client/secret pair and use it to request an authorization code over some Calendar API scopes.
After getting an authorization code, you can ask Google to exchange it for a pair of refresh and access tokens that you can use on every call to the Calendar API.
Following these steps you would have created every authentication code possible, you just need to determine which one is the required for that specific plugin. Please, don't hesitate to ask me any additional doubts.
I know how to sync with Google Calendar API. We are trying to build a system where to sync the Google Calendar continuously without asking for the consent screen.
I did search a lot but it seems they sent nextsynctoken to get the full event list. but If I want to restart the sync after 2 weeks. how can I do it? without asking auth window or consent screen to the user?
Please let me know if its possible.
Thank you in advance
Saravana
All requests you are making to the Google Calendar API must be authorized by an authenticated user.
But since you are encountering a problem that looks like token expiration to me, why don't you try and refresh the access tokens you are using?
According to the Using OAuth 2.0 to Access Google APIs documentation
Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.
The nextSyncToken is a piece of data exchanged between the server and the client, and is used in the synchronization process.
You can keep on using the nextSyncToken but you will have to use a refresh token in order for you to not use the consent screen every time.
Here is a sample code from the Using OAuth 2.0 for Web Server Applications used to exchange authorization code for refresh and access tokens, using Python:
state = flask.session['state']
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
'client_secret.json',
scopes=['https://www.googleapis.com/auth/youtube.force-ssl'],
state=state)
flow.redirect_uri = flask.url_for('oauth2callback', _external=True)
authorization_response = flask.request.url
flow.fetch_token(authorization_response=authorization_response)
# Store the credentials in the session.
# ACTION ITEM for developers:
# Store user's access and refresh tokens in your data store if
# incorporating this code into your real app.
credentials = flow.credentials
flask.session['credentials'] = {
'token': credentials.token,
'refresh_token': credentials.refresh_token,
'token_uri': credentials.token_uri,
'client_id': credentials.client_id,
'client_secret': credentials.client_secret,
'scopes': credentials.scopes}
I suggest you check the following links since they can provide more information on your issue:
Using OAuth 2.0 to Access Google APIs
Authorizing Requests to the Google Calendar API
Synchronize Resources Efficiently
For other programming languages used for the refresh token, you can check this:
Using OAuth 2.0 for Web Server Applications
I am something of a Google Analyitcs novice.
I have a PHP website that allows client to add their website names in order to advertise for services. When they add a website they own they have to validate it by allowing my server to login to their google analytics via the standard OAUTH permission screen etc, find their property and read their number of visits for the last month. The authorisation is stored in a session access token as $_SESSION['access_token'], which is then lost as soon as the session is closed or the user cleans out their browser. I think Google calls this a "web server application".
The problem is I would now like to run a cron every day on my server that accesses the google analytics of each of these customers who have authorised me and downloads the last days visitor numbers in order to be able to display them on the website. The problem I have is obviously I cannot be asking for the users OAUTH permission because it is occuring every day and without the user being present.
1) Would this new use case that does not require OAUTH and the users presence if they have already previously authorised me be a different type of application? What google analytics calls a "Service application"?
2) If it were a different type of application such as "service application" would I be able to loginto these accounts to pull the readonly data already authorised in the previous OAUTH web application, without requiring any further user input. Basically do the authorisations previously granted transfer over to a different type of application if I limit myself to using the same email address and using only the readonly properties I was granted access to?
I would appreciate any pointers or help - thanks.
So in the end I solved this by setting up OAUTH for a web app and then using refresh tokens to avoid having to ask for authorisation each time.
Referencing this post
, I tried to create an access token for my Google Actions. I enabled Google sign in, and end up with a user-id. The top post says "You can combine this with a web- or app-based Google Sign-In to get their permission to access OAuth scopes if you need to access Google's APIs" but I honestly have no idea how to do that. What I'm trying to do is get an access token from Google Actions/ Dialog flow to send to my server-end code in order to make a successful API POST request to Google Calendar API.
The post you reference that points to another StackOverflow answer that discusses the approach. It basically says that you need to combine two things to do what you want:
You use Google Sign In on a web page to let the user authorize you to access the calendar on their behalf.
You probably should use the hybrid flow so the access/refresh tokens are only handled on the server side - not in your web client.
Your server will store the access/refresh tokens in some way so you can use them as part of your Action later.
You will use Google Sign In for Assistant to authenticate the user when they connect through the Assistant and determine if they have already authorized you to access their calendar. If they have, you'll be able to get their access/refresh tokens out of your store and access their calendar.
You can't do it completely through AoG/Dialogflow because there is no way for the user to grant OAuth permissions to you by voice alone - this is why you need to direct the user to a web page for them to grant you permission to access their calendar.
In Webserver Grant Flow
After I obtain the Authorization Code from the authorization authority (after the user has authorized my access) how long is that code usually valid form?
The reason i am asking is, can my webserver store that code and use it in later sessions to retrieve a new access token without the need for the user to re-authenticate again? Should that be the flow?
FYI my goal is make requests from Adobe Analytics and Google Analytics on behalf of my customer. So i would want to ask my customer for authorization once until he revokes my access.
Speaking strictly of Google Oauth. There are three types of codes or tokens you should be aware of.
Authorization code
Access token
Refresh token
Authorization code is return when the user clicks accept to your application accessing their data. This code is used to exchange for an access token and a refresh token. This code can only be used once and is extremely short lived 10 minutes I believe.
Access tokens are used to access private user data. They are valid for approximately one hour.
Refresh tokens are used to gain a new access token when the access token has expired. For the most part refresh tokens do not expire however if it has not been used for six months it will no longer be valid and of course the user can always remove your access.
Answer: No storing the authentication code would be pointless. You will need to store the refresh token. make sure you are requesting offline access of your users.
I cant help you with adobe analytics however I suspect it is similar this is standard Oauth protocol we are talking about.