I am having some trouble figuring out how I can let users set their API credentials to get read-only data from the Google Calendar API.
I have it set up to use OAuth to allow a fallback. It allows the user to click for an access key to copy over and save.
However, I am finding an issue when I try to make it so users can enter their own API settings.
I tried the same method I used for the fallback, but even if they enter those credentials in they would still need to authenticate it with an access key.
So I guess my question is how can I just include a simple API key to be saved and used to get the data?
I haven't been able to find very many resources or documentation on this so even pointing me in the right direction will be very helpful.
Thanks!
EDIT:
So here is a link to the part of the Calendar API I need to use: https://developers.google.com/google-apps/calendar/v3/reference/events/list
And if you compare it to the top of the page of this API page: https://developers.google.com/google-apps/calendar/v3/reference/events/delete
You will see the delete specifies that it requires Authorization, but the List does not. All I need is the list but when I have tried to connect with it without any authorization it does not work. Am I missing something?
If the data is not public, the users will have to authenticate with Google and enter the access code on your plugin configuration. Google Analytics for WP does this, check its source.
I don't see the problem with having the users authenticating, but one alternative is to add support for service account, like the Google Drive WP Media does. In this case users of your plugin will enter the service account email and upload the private key file (I'm not sure if the Drive WP plugin implements it in a secure way).
Related
I have two web application sharing one firebase (auth, db etc), it all works well, but i when users want to do a reset password, the email i can see in the Password reset template allows me to change it but i don't want to be hard specific on the url, given the password request might come from either application, is there a way to let firebase know which link to use or possibly set it from the code ?
It is not possible to change it to a fully customized URL(like mywebapp1.com), the reason for that is that it won't be possible to check if the modified URL is a valid one.
You have 2 options:
You can get a custom domain like authApp.com and follow these steps on the documentation so you can have a more personalized experience for both apps.
You can create dedicated emails based on the app (the URL will stay the same) using action links , this will show a nice layer of customization to your emails based on the specific web app being used.
I am going over to a Wordpress and my WP plugin is asking me about "Authentication Code" And I have no idea where to find it.
Without the plugin name it is hard for me to determine what specific authentication code is needed, so I'll assume that you mean the OAuth Client ID. Please, forgive me if I am mistaken. You can generate a new OAuth Client ID following this steps:
Open Google Cloud Console and select your project.
Go to Navigation menu ⮞ APIs & Services ⮞ Credentials.
Select +Create credentials ⮞ OAuth client ID at the top.
You'll be prompted to select an application type. In case of a Wordpress plugin you need to choose Web application and give it a descriptive name.
Click on +ADD URI and include your webpage URL. This action will whitelist your webpage to authorize this OAuth client.
Tick Create to finish the process and annotate your client ID and secret.
With this procedure you would have created an OAuth client ID and its secret. Now we can take this client/secret pair and use it to request an authorization code over some Calendar API scopes.
After getting an authorization code, you can ask Google to exchange it for a pair of refresh and access tokens that you can use on every call to the Calendar API.
Following these steps you would have created every authentication code possible, you just need to determine which one is the required for that specific plugin. Please, don't hesitate to ask me any additional doubts.
Can't login using Google Auth,
Error 403: org_internal
This client is restricted to users within its organization.
Go to cloud console (https://console.cloud.google.com/apis/)
APIs and services
Credentials
Oath consent screen
Ensure Application type is set to "public" and not internal.
Obviously assuming that you are creating an app that should be accessible outside your org. If this is related to testing and phones, it is possible to create testusers that are excepted from company policy rules.
The reason for this error is indeed because the Application type is set to "internal".
But setting it to public is not always the right answer...
Add "&prompt=select_account" to the authentication url. This will force the user to select the correct (organization-)account.
Without the parameter, Google tries to show the consent screen for the logged in Google-account, but as it is not an organization-account it will just display the 403 page without giving the user this choice.
https://developers.google.com/identity/protocols/OpenIDConnect#prompt
I had an Internal app that I was trying to authenticate with one of our YouTube channels using an organization account, and I was getting the same error:
Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.
After contacting Google Workspace Support, they asked me to Change the restriction on it from Limited to Trusted.
Steps are mentioned in this support thread: https://support.google.com/a/answer/7281227
Open the Google Admin Console.
From the sidebar menu, choose: Security → API Controls.
Click on MANAGE THIRD-PARTY APP ACCESS button.
Hover the cursor over the required app and click on Change access.
Choose the option: Trusted: Can access all Google services
And save the CHANGE.
Once you've done, take note that there will be 24 hours of propagation on it before it gradually takes effect.
Make sure, for the browser you are using, that you have logged out of "All" Google account(s). This should force the "select account" windows to display.
We have almost exactly the same problem while trying to configure WP Mail SMTP for Wordpress.
The OAuth Client's Application Type has to be "Internal" so changing it to "External" was not an option for us.
Hope this helps.
I had the same issue and in my case was because the project didn't had a support email address set it.
I fix it by adding one on the Firebase Console > Project Settings > General under the Public settings section.
This error is most likely due to the configuration of your application in Google Cloud Platform.
Setting your application to "internal" is causing this error. Try making your app "external" in the OAuth consent screen, but make sure it is in a "testing" status. Then, add yourself to the test users. This configuration will work well for an internal, lightweight application.
Once complete, try to authenticate with the channel again.
I had the same issue with a project. The error only appeared if I tried to log in to my app while already logged in with an account outside the organization (worked just fine while logged out of all accounts, or while logged in with an internal organization account). I had to change the OAuth Client's Application Type from Internal to Public in the Google Dev Console.
More info can be found at https://support.google.com/cloud/answer/6158849?hl=en
Maybe you have another google email to login, not the correct one.
I know there is a way to log in anonymously with Google Firebase, but I haven't gotten it working. The issue I am having is that my app needs to be accessible on any device without logging into any account with the app.
It needs to have full control of the app's database, both reading and writing. This app isn't really meant for public use, so I am OK with anonymous authentication. I also should not have to click a button in order for it to authenticate, it should do it automatically. I tried adding the code that Google provides, but it still wont authenticate. It does work with a Google account.
Thanks!
It was an issue related to the database rules. The default rules are set so that only authenticated users are able to read and write to the database. I set both so that anyone can read or write to the database from any device without logging in.
For some reason, my firebase project apikey associate with database changed. I can still create another api key, update into the application.
But when user try to reset password, the link use the old key and lead to "Your request to reset your password has expired or the link has already been used" (I think I read this problem somewhere and now I found the reason).
Is there anyway to update new api key for an existing firebase project?
Thank you
Somehow, my original apiKey was recovered. You can find the original key (which were deleted from console.google.com) associated with the application on the main firebase page, through
Overview > Project settings > GENERAL
Basically, when users requested to recover the password, firebase will send an email with recovery link. If you have a look at the link, you will see the API included in the link is the one that no longer exists.
I recommend you to contact firebase support. I don't have an official way to solve the issue but here is quick I can think of, following as
Create new API at console.google.com > choose your firebase project
Create a page with a function that can read URL parameters. Make it receive firebase recovery password URL and replace dead API with new
one, then redirect you to new firebase recovery password URL
Edit email template by adding the page you created on step 2, with firebase recovery full URL as a parameter
To be more accurate, here is an example.
I have my project called "MyFirebaseProj", my domain is "example.com"
I go to console.google.com, choose "MyFirebaseProj", on API Manager panel, choose Credentials > Credentials. Click on Create credentials > API Key. So I got a new API key call "MyNewLongAPI".
I created a recover-password.html password and have this javascript function https://codepen.io/hieunc229/pen/mWwVbv (this one will read the firebase url, get oobCode and generate new URL). Edit the javascript so it will redirect the user to new URL. Upload this one into my host (mydomain.org/recover-password.html)
On Firebase console, Authentication > Email Template > Reset Password. Change the link to something like
<a href='http://example.com/recover-password.html?url=%LINK%'>%LINK%</a>
Then save it
Now when user go into your recover password page, they will be redirected into firebase url with new API and it should works
Hope it helps!
If anyone run into the same issue, as I get in touch with Firebase team and they are investigating about it. Currently there haven't been a way to help it.