Currently I have this code to fetch all dates from my google calendar
https://developers.google.com/calendar/api/quickstart/js
As you can notice, there is client id & client secret key on js code.
I gathered it on my example-main-email#gmail.com
Code this will prompt something like this
So I used example-main-email#gmail.com to login & authorize
As you can see, it lists down all dates from google calendar under example-main-email#gmail.com
But my question is,
Is it possible to fetch calendar dates from different gmail account.
For example, I have 3 users
1st-example-main-email#gmail.com - If I authorize this email, it will fetch calendar dates under this account
2nd-example-main-email#gmail.com - If I authorize this email, it will fetch calendar dates under this account
3rd-example-main-email#gmail.com - If I authorize this email, it will fetch calendar dates under this account
So basically to fetch calendar dates based on gmail account
I'm planning to implement this type of functionality on my laravel project. I just want to know if this case is possible
Yes, this is doable, as long as the account owners provide your application with authorization to do so (either via OAuth token or a client secret)
In case you are referring to a set of Google Workspace Accounts, (and you want to automate it, this will require for you to use a Service Account + enable Domain Wide Delegation for it) plus having your application set to internal, this way it will not require for you to go through an application audit. Your client secret will work for any of these types of accounts inside your domain.
On the other hand, If you are referring to Gmail.com accounts you can use the ‘Test Users’ feature and add those other Gmail accounts there. Be mindful of the limitations though. In this option, your client secret will not work, you will need to change to an OAuth authentication process.
Related
Hi, I want the users of our organization only to use google picker to select files from their google drive.
I followed this example to set up API key and oAuth client in the google developer console.
Here is the summary of what I did:
Enabled Google Picker API in Google API Console
Created API Key
Created OAuth client
Using Official Example google picker is working but it allows all Gmail users as well, I want to allow only those emails which belong to my domain.
I could not found anything related to this in official docs so I have the following questions:
Is it possible?
Is it possible to bypass the consent screen using service account impersonation(User Access Token generated on the server via impersonation)?
This is a high level explanation, but the idea is the following:
Using a server side script, you will generate a token for a user using a service account and impersonation.
On the client side, you will have to call that script on the server side and have the server return the token.
When initializing the picker, you will set the token to what you received from the server using the PickerBuilder.setOAuthToken() method.
That way you not only bypass the consent screen, but also make sure the drive picker presents the drive files of the user you authenticated with the service account.
If you are looking for a low level explanation, edit your question and post your architecture along with your code.
Context:
I am currently working on an embeddable widget, something akin to Intercom or
Hotjar, and have the need to authenticate users. Thus far, I got away with
using Passwordless authentication using Firebase auth but users complain that
it's a high friction process, and they'd rather not do it at all. The ideal
authentication solution would be to let users use their Google or Facebook
account and authenticate via OAuth2.
Problem:
Firebase Auth restricts authenticating via 3rd party auth providers if the
domain the user authenticates via is not whitelisted in the authorized domains
list. So if the user puts the code in abc.com, and tries to auth via Google
firebase rejects it because abc.com is not in the whitelist. Whitelisting the
domain of every client is unorthodox. I feel like the way I'm approaching it
is wrong because I can't correctly build up a mental model of how this would
work out. Technically cookies, sessions, etc. are pointless.
Question:
How would I go about providing the ability to let users authenticate via 3rd
party auth providers? Is this even technically possible?
Potential Solutions:
Host the widget at the main app in a dynamic route (the website where the user
would get the widget's code) and render this route as an iframe in the
client's website. (ex: /widgets/{widgetID} would have the widget). I don't
want to do this really because iframes are a serious pain but this sounds like
the most feasible.
I'd like to know more/better solutions to address this particular situation.
It doesn't matter even if it's from a different cloud provider or a different
authentication service. The goal is to authenticate the user from the widget
ideally via a 3rd party auth provider like Google.
EDIT: This is the error that I currently receive:
widget.js:2 auth/unauthorized-domain This domain (xyz.com) is not authorized to run this operation. Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab.
Based on your use case, you need to verify the domain ownership xyz.com by following this guide
After that you need to add xyz.comto Authorized domains your, as the error message mentioned.
Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab.
For more information please check this guide
Is not possible enable Google Sign In by using a domain unverified or unauthorized, this is to protect the access to your sites/projects by restricting the usage of the Firebase/Google credentials only for configured domains.
There is no way to disable this setting, Google sign in uses Oauth2 as authentication framework
I'm attempting to pull calendar data (FreeBusy query) for employees in our orgs for a web app so that users can know whether or not they should contact that user right now. When trying to hit the FreeBusy api endpoint I get a 403 as expected, how can I authenticate with Google to allow this user (or app) to pull the information from the API?
Is it possible to create an "app authorization" token with a client username/password to pull this data from the google dev console? Or do I have to use some sort of redirect to google auth url and let the user authenticate there and provide a callback url?
Alternatively, is there any way to include google auth when the page loads? Is there a way to sort of "pop up" the google account you want to use and let google then generate an access token based on that?
The simple flow looks like this:
User enters some data about what they need into a frontend form (javascript app)
Call my own API and determine which employees match X criteria.
Take this result set and check the calendars of these matches. If they're available then allow user to contact them.
In order to access data of other employees, not one that initiated the request, you will either need those employees to each consent to your use of their data or (this is what would generally be done) get the admin of your organization to approve your app on behalf of all users in the domain.
If you do the latter, you can use domain-wide delegation [1] using a service account to pull the information you need.
[1] https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority
We have a web app that caters to a small set of users that are guaranteed to have an account on Office 365.
To save them from remembering one more password, and to use Microsoft's infrastructure for OAuth, we decided to allow them to login using their Outlook credentials.
It is a react app, we are using the msal library and we have successfully been able to receive the accessToken from Microsoft. (Thus, authenticating the user's identity.)
What I am not confused about now is what I should do with that token:
I need to have my own User database. What information should I store in it? Should I store the access_token as well?
How do I verify the user's identity on my backend server?
Basically, what is the ideal way of managing this kind of a scenario? Wherein a third party authenticator is used (and solely) used to confirm the identity of the user and get the name, profile image and other things only.
Any references to existing workflows or an explanation of the steps involved will be highly appreciated.
My client has me working on an Event booking/scheduling app in Rails. The user will come to the app's page, select an event and options, and then be displayed an existing Google Calendar that shows available dates and times.
Let's say they want to book Face Painting on November 15, 2016 from 1pm to 5pm, as an example.
I'm stuck here because my client does not want the user to sign in. So I think I'll have to use a session_id to (eventually) pass verified Stripe payment to Google Calendar and create an event on the existing Google Calendar.
I have it working up to the point where the user selects their Event and :event_options, but I don't know how to get the existing calendar events to show to the user and let them select their time/dates to finish booking.
Does anyone know the simplest solution to this problem?
Thank you!
Perform Google Apps Domain-Wide Delegation of Authority
In enterprise applications you may want to programmatically access users data without any manual authorization on their part. In Google Apps domains, the domain administrator can grant to third party applications domain-wide access to its users' data — this is referred as domain-wide delegation of authority. To delegate authority this way, domain administrators can use service accounts with OAuth 2.0.
For additional detailed information, see Using OAuth 2.0 for Server to Server Applications
Though it's not in ruby see this example tutorial by daimto Google Calendar API with PHP – Service Account
For getting the events use Events: list
Returns events on the specified calendar.
Then create a function to show a calendar like UI that will display the given list of events to the user.
Hope this helps!