I have basic code for getting google contacts and printing out their information as a desktop application. Currently I do this with OAuth2 to get the access token, etc. But I'm having an issue because I want this to be as automated as possible, and the initial setup requires one to get credentials just to access their contacts. Is there a way around this or a way to automate it? My end goal is to (ideally) be able to put in a users email address and be able to get their contacts, without them ever having to go through the developer's console. I know they only have to do it once, but it can be a pain for users who don't understand.
Related
I have a mobile app that does two things. The first one is to use Firebase to implement a chat. On the other side, the apps, uses a REST API to retrieve some info from a database and do some writes on it. Simple as that. The app provides a login system: two text fields and a button. The user provides an email address and a password then I used the standard Firebase function to do the login using signInWithEmailAndPassword(). The thing is that I should use the same credentials to do the login using the REST API to access the other database. At first I decided to do the call to Firebase and to the REST API in the same function. One other possible solution could be a web service. I'll explain how. A web services written in Python, PHP or JavaScript generates a JWT token that is sent to the mobile app after the user asks to sign in. I'm pretty sure that this is possible like shown here: https://firebase.google.com/docs/auth/admin. The latter seems too over-complicated to me. Now, the question is. Can someone suggest a solution, the most simple one, that can be used is a scenario like this? Thanks all in advance.
I'm trying to find a way to retrieve my company updates feed. The question is, is it possible without user login/ interaction?
When searching the docs I found https://learn.microsoft.com/en-us/linkedin/marketing/integrations/community-management/shares/share-api to retrieve this information. But if I'm correct, you can't do this without first logging in (r_organization_social requires 3-legged).
Is there another endpoint that could do this with only a key/secret? Or is the only way for this to work, login and make a cronjob that automatically refreshes the token. With the downside that I need to login again if the cronjob fails.
Some other relevant info, when trying to generate an application token I get the following error "This application is not allowed to create application tokens". But I think this is normal because a 2-legged OAuth is not available for Marketing APIs.
to summarize:
I want company updates feed without user interaction
Maybe using the wrong endpoint
Maybe something wrong with the app creation
Maybe something wrong with generating Application key
Credential docs used: https://learn.microsoft.com/en-us/linkedin/shared/authentication/client-credentials-flow
When adding the sdm.service scope to the Oauth consent screen, it triggers a warning that verification is required. I'm wondering if verification is required even if I am just creating a test app that won't be published?
Through my many many weeks of trying, I've only been able to actually link my test app to an account twice, and I still don't know why it only worked those two times. I usually end up on the No Partner Connection Found screen after the Google Nest Permissions screen. There is no redirect and so no authorization code to actually access anything. I've tried with clean, brand new projects, with different email accounts, and even through different means of access. At this point, the only thing left that I can think of is that maybe my Oauth consent screen needs to be verified. But, the verification process requires information that I just do not have.
Any ideas are welcome.
You should be able to link your personal account through the API for personal use without going through OAuth Verification. What type of Client ID are you attempting to create?
Have you tried to get through the entire flow using the process described in the Quick Start guide? https://developers.google.com/nest/device-access/get-started
I created a Actions on Google app with the Actions SDK. For this i used as said before the Actions SDK, firebase function for the fulfillment and firestore for storing data. All works fine.
Now i want to implement account linking to provide user specific information. I start to read the full documentation for account linking with the refers to integrate a Oauth 2.0 Server and soon. That is my first time i working with account linking and Oauth servers and now i'm totally confused. I don't understand where my auth server have to sit, how to setup it and what parameters it have to process. After reading more and searching for results i found that firebase provide Account authentication. Is it right that this firebase product is similar a Oauth server?
My next big problem is how to enabling account linking in my Actions app. In the Actions on Google documentation i found a topic how to expand the Action Package for account linking. My problem is to unterstand which information the probiertes need.
So summary, if the firebase authentication is really a Oauth server what i need to do that my app and firebase authentication works together.
Maybe everyone knows a good website for understanding the process of account linking and how it can be implemented.
UPDATE 1:
After getting the first answer for my question i started studying more about account linking and the authentication process.
After this i created following roadmap:
Create an website with a google account sing-in form and host it with firebase hosting
Set up the Oauth2 server
Interact with the linked account. Save account informations in my firestore database
So i started with step one. In the firebase authentication documentation i find a example for a google login form. After modifying and hosting the example i try it. It works fine. After sing in by using the hosted website, my google account linked with my project. I checked this in my google account settings. Also the example response with a lots of data like the profile name, email address and so on. So my question at this point is. Why do i have to set up a OAuth server now? After sign in with the example form i linked my account to my project successful. And so i can start saving the received data in my firebase database and act with them in my Actions app.
UPDATE 2:
Okay . Maybey i have a general problem of understanding the right use of account linking. I try to identify the user who use my action to offer special content when he comes back next time. Or maybe create a question with his name from his google account inside the question. So in my understanding i have to link the users google account with my action and save the account information in a database to identify the use next time. So is account linking for this task the right way?
No, Firebase Authentication is not an OAuth2 server.
Firebase Authentication provides a way for you to manage user accounts for your Firebase-based web or mobile app. With the Auth UI it gives a way for users to log into that account using a variety of means (including their Google account, Facebook account, or phone number). It does not, however, provide components that an OAuth2 server provides.
Most notably, it does not provide any way for a user to log in through another client (like the Google Assistant) to gain authorization for that client. You cannot, with Firebase Authentication, issue a token to the Assistant, nor accept a token from the Assistant and verify if this is a user inside Firebase Authentication.
You need to build these components yourself. Google describes the minimum tasks that it needs to do as part of this authentication. You can use Firebase Authentication as part of this as you build such a server (for example, it is a great way to have people log in to their account and for you to verify that account), and it is reasonable to use a Firebase Database to store user tokens if you go that route, Firebase Functions might be a useful place to implement the token exchange point, and Firebase Hosting would be good to host the login page itself - but you'd need to write code that "puts it all together".
Your auth server can sit anywhere. As I said - you can do it through Firebase Functions, but you don't have it. It just needs to be able to provide some responses through web URLs at HTTPS endpoints.
Once you have done this, you need to configure the endpoints on the actions console and implement a request for account linking in your code or in the action package.
Response to Update 1
After sing in by using the hosted website, my google account linked with my project. I checked this in my google account settings.
From an OAuth perspective - no, the Google Account is not "linked" to your project.
Google has issued a token to you (that is to say, the service that you've written) that gives your service access to certain resources. Those resources include information about a particular user.
This may sound like I'm splitting semantics, but it isn't. It is fundamental to what OAuth is offering and what it means when you get an issue a token. You currently have authorization to do certain things.
Why do i have to set up a OAuth server now? After sign in with the example form i linked my account to my project successful. And so i can start saving the received data in my firebase database and act with them in my Actions app.
You haven't linked your account. You have permission to do certain things.
Furthermore, aside from "that's how they do it", you need to setup an OAuth server because you now need to do the same thing for Google - give them permission to do specific things on your server (like use it). Normally this would be involved with "logging in".
Account Linking is really a fancy term for "logging in". You need a way for users to be able to log into your server. You have an access token, but that is roughly the equivalent of having logged into Google's server.
So why do so many websites, for example, have things like "Log In using Google" or "Log In using Facebook"? Because those sites are willing to trust that if their servers can get permitted to certain information at Google or Facebook, then they can trust you. And you might be willing to accept that when they login to your site (either through the web or through Actions), but the Assistant can't assume that. They need to make sure users actually log into your site - that user's deliberately want to do so and that you deliberately want to let them in.
I'd like to show some map layer on my webpage, so I decided to give a try to this Google service. As the data is collected in a database in my server, I chose to use a service account as explained here and then use the private key generated in my php script.
Everything works fine when creating a table and inserting some test values. I get the table Id and I'm able to play with it from my script. The problem is that I don't know how to access these table from the web browser. In my API console usage stats are shown fine, but when logging with my account to Google Drive I don't see any table in there.
Where am I supposed to access them if at all possible? Do either the apps.googleusercontent.com or developer.gserviceaccount.com accounts play any role to log into some other service to get access through web?
I also got an api key associated, but when trying to query a table I get a 401 error.
Any hint? I'm feeling a bit lost now. Thanks.
You are using a Service Account right?
So when you create a table with this account, this account will be the table owner. No one else has permission to see this table.
When you access the Fusion Tables web interface with Your Personal Account, you will only see tables that you createdwith your Personal Account.
If you wish to inspect the tables created with your Service Account, you have to use the Google Drive API with your Service Account credentials to give access permission to your Personal Account.
Also if you wish to make your table (or any other type of document) public, you need to use this Google Drive API again.
See more about the topic here:
https://developers.google.com/drive/v2/reference/permissions/insert
Tip: if you want to achieve something on behalf of your Service Account that you only need once (so no need to implement a logic for it in your webapp) I'd seriously advise you to consider using the OAuth2 Playground. You can set your Service Account credentials in the "Settings" and issue authorized requests on behalf of your Service Account. Very usefull tool, no coding needed.