>>>> BACKGROUND ON THE ISSUE <<<<
We were using Google Apps for Business when we started with the project. This allowed us to use the Google Developer Console (https://console.developers.google.com/) with our #company.co.za accounts and also to “login with Google” using our #company.co.za accounts. It turns out that the Google Developer Project (where the API keys are) was created using an ex-colleague's #company.co.za Google account.
When we moved from Google Apps for Business to Office 365, we lost the ability to login to the Google Developer Console with our #copany.co.za accounts. By then the colleague wasn’t working here anymore and I guess it all happened so quickly that we didn’t make sure to tie up all the loose ends.
Now we need to transfer development of the app and subsequently all related 3rd party projects and things, to the client for future development, but I cannot access the Google project.
This will require them to create a project on their side, generate new API keys for using the Google Maps API etc. And then update the apps (Android and iOS) with the new API keys.
>>>>> THIS IS MY QUESTION <<<<<
However, and this is where my question comes in, the apps are still working and happily accessing Google Maps. This makes me think that the project must still be somewhere.
I tried to access the Google Help pages, but because we're on a Bronze package, we can only find support information in their developer communities and online documentation listed here:
Join a Community
Service Disruption Notification
Best Practice Guides
But I thought to ask here too because SO is very reliable with answers :)
So, any idea if the project is still live somewhere? Or should we just create a new project with new API keys?
I don't think this is a stackoverflow question since it's not directly programming related. However, if you want to regain access to you project, this should be fairly simple and i hope this helps:
Create a new Google Apps for Business account with your domain (or maybe your old apps domain still exists?) and a single account. If you choose monthly payment the costs will be only a few bucks.
As the Google Apps domain administrator you should be able to access all appengine projects that belong to users of the same domain. If it doesn't you can contact Google support to reassign the projects. Alternatively: You may be able to recreate an account that owned the app. If you don't know the owner email, it is shown in the consent screent for oauth. With that email, try to access the project.
Create a Gmail account and transfer project ownership to this Gmail account
Delete the Google apps domain to avoid additional costs
All this is doable within an hour.
In case it doesn't work i would suggest you contact your Google sales representative or reseller and tell him, that you would like to purchase silver level support, but only if he can restore the permissions for you. This will cost you more, but if you have to access the project it may be the only way.
Last but not least:
You can contact Google support. You don't need silver level support for that. It will just take a lot longer to process your request. While in contact with the Google support you will have to prove that you are in fact the owner of the domain, which is usually done by adding a TXT record to your domain or uploading a file to your web server, so make sure you have access to your domain's DNS zone files / settings or web server document root.
Related
The educational organization that I'm working for have for some years been using a custom built Firebase site as a Learning Management System: custom email/password authentication, access of pedagogical recources with custom built frontend exercise modules/learning games, user administration etc.
Now, this organization is to an increasing extent using Google Workspace for user administration, resource sharing etc. However, Workspace itself can't be used as a replacement for the Firebase site due to the limits in design possibilites, lack of customization of pedagogical content etc.
So, does Google Workspace provide api's that would make it possible to use it as a "backend" for a Firebase frontend?
The most basic and inportant thing is authentication/authorizaion: Users should get access to the Firebase site and its resources via their Workspace account group and membership(s) in Workspace group(s).
When it comes to content, it would be great to - apart from the custom Firebase documents/pedagogical modules - also be able to present documents/resources from associated Workspace groups.
All in all: as much as possible of user auth, user adminstration, document resources should be kept on the Workspace side, with Firebase used as a facade communicating with workspace via api's, and also providing the customization possibilites when it comes to special content not possible in the Workspace context.
How much of this can be done with the combination of Firebase and Google Workspace today?
Preferrably using api calls, not by first copying/syncing database information back and forth?
There is a warning on the Firebase best practices documentation against using Firebase with multi-tenant applications: https://firebase.google.com/docs/projects/learn-more#multi-tenancy
This is what I am most concerned about: "Multi-tenancy can lead to serious configuration and data privacy concerns problems, including unintended issues with analytics aggregation, shared authentication, overly-complex database structures, and difficulties with security rules."
There is also plenty of official Google documentation supporting the use of Firebase for multi-tenancy, for instance: https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication .
Do you know why they would have these conflicting recommendations and examples? Does use of Google Identity Platform fix the core security deficits mentioned in the warning?
I am re-posting this question, with additional clarification in the title, and a few edits/removals from the body, to specify that I am only looking for why this widely used product has this particular warning in its official documentation. I have removed most subjective content. I have no opinion on this that is relevant to the question - I am only looking to understand the warning. It seemed there was one good answer before the previous question was closed, so I will link that here for reference: Why is Google Firebase not recommended by Google in their own documentation for multi-tenant applications?
That does make sense if you manage 2 separate applications which have no relation with each other. Let's say you have an app that manages a school's information and other one is a restaurant management app. Now in this case I don't see any event that the school app might need access to restaurant data.
If you use the same project, then all the firebase services (auth, database, analytics, etc) will be shared among them. It'll be hard for you to separate analytics for each of the app. As the database is shared, you'll have to explicitly separate data of both apps by separating the path in db. (/apps/school for school, /apps/restaurant for restaurant).
That being said, any user registered on the school app can login on restaurant app without creating a new account there as you are sharing the same project among them.
Now if your client pays you a the Firebase costs every month, you cannot distinguish between how much should the school client pay. Now even if both the apps are your, the complexity will increase significantly if you go on using it.
https://firebase.google.com/docs/projects/learn-more#multi-tenancy <-- this explains how "Firebase Projects" works and https://cloud.google.com/identity-platform/docs/multi-tenancy-authentication explains about "Google Identity Kit" multi-tenant auth. So that's not a Firebase-only thing.
I'm trying to find a way to allow users to create and setup firebase project on their own google account from a client app, and get all their project information, urls and so on.
I took a look at the new project management api but can not figure out how to achieve this.
The management API currently does not support the creation of a new Google Cloud project. You are free to file a feature request for that, but it's worth pointing out that project creation is a complex issue and needs to be gated by abuse prevention measures.
You might also want to look into Google Cloud APIs for dealing with projects.
I am working on a web app that includes a map using the Google Maps Javascript API. It works on our development server, but whenever trying to access it on stage or production using our company domain, I get an RefererDeniedMapError.
The docs at https://developers.google.com/maps/documentation/javascript/error-messages#referer-denied-map-error clearly state that this error means Google has blocked our domain for violating ToS. An appeal was submitted but Google claims the domain is not blocked and to see further help here. I've already turned off all API restrictions and removed all referrer restrictions as well, but are still getting the same problems.
I can access the app by going directly to the web app server, but anytime I go through our company's domain name, the error returns, which leads me to believe that we are in fact blocked.
Has anyone experienced an issue like this or know of a workaround for this? I've looked through the related posts on the topic but have not found anything useful info to help resolve the problem.
Edit:
The website is using sensors to track packages in the mail for our customers and alerts them if the sensor gets too much light, is dropped, etc. There are no restriction methods at all. I've added a couple screenshots showing the maps working on development but not during testing.
Map working in development
Map not working on test server
At first look, it just seems to be a normal restriction error, however, since you've said that there are currently no restrictions applied in your API key and is working properly in server-side but not in production, this seems to be an issue with your API key, can you try to generate a new API key and use it in your website? If the issue still persist, then this will require a technical support from Google Maps Platform as this may be an issue in the GCP Console. You may file a support case via https://console.cloud.google.com/google/maps-apis/support in order to open personalized communication channel.
My company uses Google Apps for our e-mail/business app provider. Every employee has an account here.
I'm looking into creating an asp.net web app that would allow users to sign-in (using their Google Apps account) and then accomplish certain things (first goal: keep a current record of the employee's skillset).
Before I get started, I wanted to find out if an OpenID login system using Google Apps is any more difficult than doing it the standard way, or if I need to be aware of any pitfalls.
We have one domain, and the only requirement would be that the user has an open account that exists.
Thanks in advance for your thoughts on this!
I have slides for you from a talk I gave a month ago: Google Apps Account As OpenID
http://www.slideshare.net/timdream/google-apps-account-as-openid
Basically there are two ways of doing this.
Follow the Google documentation, patch your ASP.net OpenID library to accept Google Apps OpenID that is not really discoverable from the claimed URL.
Install a set of discovery information on the claimed URL (/openid?id=XXXX on your website) to make your Google Apps OpenID behaviors the same way present OpenIDs do.
Either way, after completion user will be able to login to your ASP.net app with following URL:
https://www.google.com/accounts/o8/site-xrds?hd=[yourappsdomain]
My solution to this issue was to use the DotNetOpenAuth library -- I was unaware that the latest version has Google Apps support.
Highly recommend the product -- you can find it here.
I modified one of the example files and was up and running in no time.
Thanks to all who answered!