With the old Google Analytics UI I could easily add service account email addresses, but with the new UI, I am unable to.
Every time I try to add the service account email, it says the email cannot be found.
My service account email looks like: projectName#appspot.gserviceaccount.com
Ah, I needed to create a new service account user, which had the format like:
CUSTOM_NAME#PROJECT_NAME.iam.gserviceaccount.com
Related
Do you have to use the service account email address that is given to you or can you use an existing email address that is connected to the accounts you have access to?
service account credentials are a specific type of credentials created on google cloud console and are used to denote your application. Service accounts also allow for pre-authorized Access to private under data by in the case of google analytics adding the service account email address as a user in google analytics.
No you can't use a standard gmail user account as a service account.
You would need to use oauth2 to request consent of the owner or user of the google analytics account to access it.
I want to be able to access other users Google Calendars through a service account so I am not prompted for authorization. I am doing this in a simple .net c# console app. When I attempt to create my credentials in the Google API Manager, it gives me the following alert when I specify I am using a non UI app and I want to access User Data. Isn't the purpose of using the service account to access other users data without a UI?
"User data cannot be accessed from a platform without a UI because it requires user interaction for sign-in."
You may have misunderstood the meaning of using a service account to impersonate a user. To help you with Authentication, you might want to check this tutorial : Google Calendar API Authentication with C# by Daimto.
Things to take note of :
To be able to access other calendars by service account, users who own the calendar should share it to the service account.
To impersonate a user, you must know the email address.
From the tutorial:
If you are only accessing data that you own there is no reason to ask a user for permission to access it. You can use a Service account. (Privacy)
If you want to be able to access data owned by someone else you will need to be authenticated.
Hope this helps!
I have integrated an asp.net web application with office 365 mail using o365 api client library.I have a specific requirement, suppose I have stored the o365 mail id of other users in my database.The o365 mail username/ password also stored in my local database. Is there any way to see the other user's mail details using the mail id/ credentials?
If anybody has any idea please share.
Thanks in advance.
If your app is using OAuth code flow , it seems that only allow access to mail, calendar and contacts belonging to the authenticated user . You may use OAuth2 client credential flow, for your scenario and the app will be able to make calls to interact with any mailboxes in that tenant. Another choice is to use EWS Managed API ,since you get the password of the other user ,you will get the credentials like:
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
service.Credentials = new WebCredentials("user_with_access#example.com", "password");
Check this thread for a demo.
I'm using oauth to authenticate in google calendar, but i'm trying to send user and password to avoid open the authentication popup.
I'ts like automatic authentication.
Is it possible?
Thanks.
Since you want your application to always create events in a single calendar that is under your control, here is how I would do it:
Create a service account in Google Cloud Console - recent instructions on how to do so can be found here: google oauth2 how to get private key for service account
Share your calendar with that service account: https://support.google.com/calendar/answer/37082?hl=en
Write your code to use the service account credentials (private key downloaded in step 1).
I didn't post any sample code, as I'm not sure what language you are using. The following has some discussion of this use-case in PHP: Access Google calendar events from with service account: { "error" : "access_denied" }. No google apps
I have built a web application that uses a service account linked to my own Google Account. We use Google Apps, so my Google Account is part of a domain. We have a server with shared contacts, so all of our clients are available as contacts for everyone. In my contacts, this group is called 'directory'.
The application retrieves events from the Google Calendar using the Google Api PHP client. It also retrieves attendees inlcuding all details for those attendees. But if the attendee is not within our domain, it will only retrieve the e-mail address. I also want to get the name for that attendee.
These names are in my contacts in the directory group. When I create an event and invite guests, I can retrieve these contacts and it will show the name and mail adress. But when retrieving the attendees via the API it does not show these names.
Is this a restriction of the API? Is there a solution for this?
I do not want to use the Contacts api with a non-service account, because I don't want to give permission everytime. It is not possible to use the Contacts api with a service account as far as I know.
You are correct that a service account won't work with the Contacts API, however you don't have to authorize it every time you use it. You can provide domain-wide delegation with two-legged OAuth 1.0a instead of 2.0. See https://developers.google.com/google-apps/contacts/v3/index#authorizing_requests_to_the_+wzxhzdk8+_service and https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth.
Depending on your setup, you can also use the three-legged OAuth 2.0 flow for a single administrator account and save the refresh token. This would let you re-use that authorization without requiring explicit permission again.