I'm trying to create a login button "Sign In With Google" and get additional information about the user (name, email + gender and date of birth) using the People API.
I have done this before with https://apis.google.com/js/api.js.
This library provides tools for authorization and requests, but Google stops support and offers to use a new option.
I followed this guide Load the client library + Display the Sign In With Google button.
In the end result (after decoding the JWT token) I get the name and email. To send a request to People API, I need an access_token. Where and how can i get it without server-side scripts?
Can someone tell me how to send a request to People API with JS in this case?
There's demo javascript code on the People API docs website:
https://developers.google.com/people/quickstart/js
It lists the account's contacts, but you can easily modify that to only get the user's details.
I have checked the documentation from the new Google Sign in Library and it seems that the access token is not included in the JWT token that is retrieved, it seems that this has been changed to handle the information gathered from the token response as documented here.
Related
I am looking to send emails to users showing all of the new posts the people they follow had in the last week. I have the site looking as I want, is there a way to embed the html from a website into an email using an API?
Some examples of this are when Facebook sends you an email with all of the recent posts your friends have had, or when Asana sends each user an email with their outstanding tasks.
Anyone have a good idea on how to tackle this?
I have tried using mailchimp and a few competitors to see if I could just pass them the posts for each user but after talking to their support it doesn't seem possible
You could use EmailJS in order to do this, which is a service providing you an API to send eMails based on templates you can create using their UI. The bad side is that it adds Sent by EmailJS at the end of the mail if remember correctly.
Or you can build your own API with Express on NodeJS (or anyother langage: PHP, Python..) and use a library like nodemailer.
Hope it helps :) Good luck !
I am working on a POC (a Vue based web application) for which I require a database. I want to use the google sheet as a database
I followed the official Google Sheets API v4 documentation and I am able to perform all kinds of database operations on the google sheet. But, it requires the user to explicitly click on a button and sign in to authenticate. I want it to be done from the code itself.
I have the following keys which are required along with the user consent to use the google sheets API
// Client ID and API key from the Developer Console
var CLIENT_ID = '<YOUR_CLIENT_ID>';
var API_KEY = '<YOUR_API_KEY>';
Apart from this I also have a client secret which I have absolutely no idea how to use it in the code. From what I have read over the internet and what I have understood, it is used to authenticate the access to google sheets API from the code. But, I don't know how.
I did come across some of the third-party services like Sheetsu and SheetDB which I don't want to use. So, is there a way I can use google sheets as a database for simple CRUD operations just as we will do with any traditional database?
It is behaving that way - expecting a user to authenticate - because you are using OAuth2 authentication which is meant for scenarios where a user grants your program access to their spreadsheet.
For your scenario you want to use the other type of authentication: service account.
Actually, you can use a service account with OAuth, as described here:
Using OAuth 2.0 for Server to Server Applications
https://developers.google.com/identity/protocols/oauth2/service-account
And you could consider this because the code examples tend to use OAuth, but I'm suggesting that you instead go back to the sheets API in the console:
https://console.cloud.google.com/apis/api/sheets.googleapis.com/credentials?project=yourProjectId
And click 'create credentials' and choose a service account instead of OAuth. This method has a simpler authentication flow since it is meant for your scenario: no end-user.
Also, I haven't done this in a while, but I think I took the service account client_email (the email address of the account - the main identifier) and give it permission to access the sheet, ie. share your sheet with it.
Finally, I would note - and you probably already know this - but you mention using sheets like a database and it doesn't have the performance characteristics for this. It is more like a CRM: eg. suitable for a building a static site.
Google provides a simple sign-in button:
https://developers.google.com/identity/sign-in/web/sign-in#before_you_begin
This button calls a function, "onSignIn" on successful login as such
<div class="g-signin2" data-onsuccess="onSignIn"></div>
I am thinking about calling one of my APIs inside "onSignIn" function and generate a token and save in users' browsers. Next time when users send API requests, I plan on using these tokens in the header to verify API access.
Is this a legitimate way of using this Google widget? Or I actually have to use OAuth and such?
Frankly, you would not need the additional complexity of token generation at your API endpoints as the Google ID tokens facilitates your exact need.
Hence consider sending the user's ID token to your API and then, on the server, verify the integrity of the ID token to accredit the user authority.
Moreover, if you require association of additional information with each user session/account the same architecture can be used with a supplementary database. For a more comprehensive guide refer this article.
I have been looking for an open google api to get google authentication token by using a user's google username and password. I have came across google-auth node package. And according to it, I first need to log in to create a project in google developer console and then use the key to access the information.
But I want to know whether there is any open api where I can directly pass the username and password, without creating any project in google developer console. And get the authentication token as part of response.
This is my first project using google apis, so if it sounds naive please let me know the right way of authenticating a google account user using a node project.
Sorry, I can't provide any code, as I am stuck at understanding the initial part itself, about how to authenticate different users.
Thanks in advance
You can't use google or any social login, without first creating a project and using it's api key.
That is just how oAuth is designed.
I'm building client server REST application.
Client side is based on Angular while server is PHP (not that it matters much anyhow).
What I am wondering if there are any best practices, good examples of captcha implementation in this case? Captcha would be used for user registration etc.
I'm not limited to any specific libraries, only requirement is that there cannot be any calls to 3rd party servers on client side (js libraries hosted on 3rd party servers or req api key etc).
thanks
When google captcha approves one user, it provides you a token.
So imagine this scenario. A User is about to save, and uses the captcha, the captcha does its business and gives you a token, it is all that matters.
If you want to see a "tentative" flow of requests for this.
The User should pass the captcha before registering and retrieve the token that it provides in the front end.
User clicks save, you receive the captcha token in the backend as form data. You validate the token with Google via an API. If Google verifies the token as valid, you can save the user or reject if Google returns an error.
The frontend listens for success or error and what kind of error. IF error is captcha, force a retry, get a new token.
Backend receives a new token in form data and repeats step 2.
You can have a look on google-recaptcha. Its angular implementation is here
vcRecaptcha
Google's new-ish reCaptcha is pretty slick. They have several easy to understand examples and usage scenarios.
https://www.google.com/recaptcha/intro/index.html
Edit: To address your specific question of how to implement this in a RESTful application, I'd make two files. One would be a public-facing file like index.php and the other would be a back-end file that would hold the private information.
I could copy/paste my previously-written how-to here, or I could just link you to the article I wrote 2 months ago.