I have question regarding google calendar, and hope you can help me.
I have access_token from google calendar and that access_token was stored in localStorage.
const googleAccessToken = e.vc.access_token;
localStorage.setItem('googleAccessToken', googleAccessToken);
Now please help me understand how can I use this to avoid authorization every time.
For example I want to delete all events, And for that I wrote this code, and this code every time wants from me authorization:
const handleDisconnect = () => {
gapi.load('client:auth2', () => {
console.log('loaded client');
gapi.client.init({
apiKey: API_KEY,
clientId: CLIENT_ID,
discoveryDocs: DISCOVERY_DOCS,
scope: SCOPES_CLEAR,
});
gapi.client.load('calendar', 'v3', () => {
console.log('sdsd');
});
gapi.auth2
.getAuthInstance()
.signIn()
.then(() => {
var events = bb;
var makeRequest = resource => {
console.log(resource);
var request = gapi.client.calendar.calendars.clear({
calendarId: 'primary',
});
request.execute(resp => {
console.log(resp);
});
};
for (var j = 0; j < events.length; j++) {
makeRequest(events[j]);
}
});
});
};
Please help me to fixed that code with access_token for avoiding authorization
Access tokens expire after one hour. Once the access token has expired you will need to authorize the user again order to have access to their data again.
Normally with Oauth2 you can request something called off line access this will then give you something called a refresh token. Refresh tokens for applications that are in production are long lived and for the most part do not expire. You can use a refresh token to request an new access token when ever needed. This way you will not need to authorize the user after an hour.
Unfortunately refresh tokens are not supported by client sided authorization using JavaScript. You will need to switch to a server sided language.
If you are trying to access a static calendar account owned by you the developer as opposed to calendar accounts owned by your users you could use something called service accounts. However service accounts only work with Google calendar if you use domain wide delegation to a google workspace account it will not work with standard Gmail calendar accounts. Also service accounts are not supported by JavaScript you will need to switch to a server sided programming language.
After all that I hope you can see if you are sticking with JavaScript you will need to request authorization of your users when ever the access token expires.
Related
I have an application that uses Google APIs in some places, and I want to avoid having the user login every time. Currently, I only receive a Google access token in the response, not a refresh token. How can I obtain the refresh token?
This is the function I use to when the user click to login with google:
authenticate() {
const client = google.accounts.oauth2.initTokenClient({
client_id: 'MY_CLIENT_ID',
scope: [
"All_NECESSARY_SCOPES",
].join(" "),
callback: (res) => {
this.accessToken = res.access_token
this.loadClient()
}
})
client.requestAccessToken()
},
It works for getting the access token. And I need the refresh token, Please Help Me :)
Client side JavaScript does not return a refresh token. It would be a security risk.
If you want a refresh token you need to use a server sided language like Node.js
I'm currently integrating a frontend with a 3rd party backend that offers sign-in with social media. I'm using the Google JS SDK https://accounts.google.com/gsi/client which works fine with the one-tap login as it returns an ID Token which the backend requires. However, the downside is, if the user doesn't have a Google session, the prompt won't show.
If the user isn't logged in to Google, I've managed to prompt a login form and request a token on successful login, however, it only returns an access token. Is any way to request an ID token?
Example:
google.accounts.id.prompt(async notification => {
if (notification.getNotDisplayedReason() === 'opt_out_or_no_session') {
const tokenClient = google.accounts.oauth2.initTokenClient({
client_id: googleClientId,
scope: 'openid email profile',
})
tokenClient.callback = response => {
// response only has access token and no ID Token
}
tokenClient.requestAccessToken({ prompt: 'consent' })
}
window.addEventListener('load', () => {
google.accounts.id.initialize({
client_id: googleClientId,
callback: (user: CredentialResponse) => {
const { credential: idToken } = user
// I need idToken in the above requestAccessToken too
},
})
})
})
You are initializing two different namespaces in the example you have provided. The first one initializes oauth2 namespace, which starts the authorisation flow. This flow results in the acquisition of an access_token as you've realised.
The second one initializes the id namespace, which is responsible from the authentication flow. This returns an id_token, which is what you need indeed.
To keep using authentication flow beyond the capability of one-tap log in, you can render a Sign-In with Google button using the authentication initialisation. Simple initialise google.account.id.initialize() as you would. Then call one-tap prompt.
google.accounts.id.prompt();
Then in addition to that, you can render the button:
google.accounts.id.renderButton(document.getElementById("g-btn"), {
type: "standard",
logo_alignment: "left"
});
And
<div class="google-button" id="g-btn"></div>
Regardless of how the user decides to sign-in, it'll lead to the same callback method you've defined in the initialize() call.
I am trying to use firebase authentication to get a google access token in order to call the youtube API.
I am able to initially get the access token like this:
const provider = firebase.auth.GoogleAuthProvider();
cosnt scopes = []; // ...scopes
scopes.forEach(scope => provider.addScope(scope));
firebase.auth().signInWithPopUp(provider)
.then(userCredentials=> {
const oauthCredentials = userCredentials.credentials;
// using credentials for API calls
axios.get("some-google-api-path", { params: { access_token: oauthCredentials.accessToken } }); // and so on...
});
This works fine until the access token expires.
As far as I can tell, it seems like firebase automatically refreshes the session, but I can find a way to get the new access token.
I tried:
firebase.auth().onAuthStateChange(user => {
// could not find the access token on the user object
});
And since that failed, I tried to do it manually using:
const token = firebase.auth.GoogleAuthProvider.credential(
oauthCredentials.idToken,
oauthCredentials.accessToken
);
const authResult = await firebase.auth().signInWithCredential(token);
The issue is that authResult will only contain the idToken or the accessToken, but not both, depends on what I give the firebase.auth.GoogleAuthProvider.credential function.
Am I missing something?
Is there another/better way to do it?
There are two tokens in play here:
The refresh token, which is only available after the user actively signs in. Since it doesn't change, you can cache this token - which is what the Firebase SDKs actually also do.
The ID token, which is available at any moment from the current user. This token expires in an hour, and is auto-refreshed by the Firebase SDKs.
So if you want to retain access to the refresh token, you will have to store (typically in local storage) yourself when the user first actively signs in.
So apparently firebase doesn't refresh tokens of other providers for you (not event google) according to this (thank you Frank van Puffelen!)
So what I did instead, is authenticate manually to google (since I use react, I used react-google-login), and got all tokens from there.
Then, once the session is initiated/refreshed, I create a firebase session using:
const token = firebase.auth.GoogleAuthProvider.credential(
oauthCredentials.idToken,
oauthCredentials.accessToken
);
const authResult = await firebase.auth().signInWithCredential(token);
I hope that this helps anyone, and I will accept another answer if firebase ever changes this.
I am setting up new cypress tests to test some functionalities in Dynamics 365 application. But, I'm left with a browser window with the url https://login.microsoftonline.com/__/ and the text Whoops, there is no test to run.
describe('Initial Cypress Tests', () => {
it('navigate to D365', () => {
cy.visit('https://wipropoc.crm8.dynamics.com')
})
})
Would suggest you to directly do a POST call for getting SSO authentication token and fire cy.visit('https://wipropoc.crm8.dynamics.com') with the obtained token.
Here are the steps to follow from official documentation,
Login when authentication is done on a 3rd party server.
Parse tokens using cy.request().
Manually set tokens on local storage.
Map external hosts and point to local servers.
cy.request('POST', 'https://sso.corp.com/auth', { username: 'foo', password: 'bar' })
.then((response) => {
// pull out the location redirect
const loc = response.headers['Location']
// parse out the token from the url (assuming its in there)
const token = parseOutMyToken(loc)
// do something with the token that your web application expects
// likely the same behavior as what your SSO does under the hood
// assuming it handles query string tokens like this
cy.visit('http://localhost:8080?token=' + token)
// if you don't need to work with the token you can sometimes
// just visit the location header directly
cy.visit(loc)
})
You can read more about this here - https://docs.cypress.io/guides/guides/web-security.html#Form-Submission-Redirects
Real time example - https://xebia.com/blog/how-to-use-azure-ad-single-sign-on-with-cypress/
I am using Skype Web SDK to get a user's contact list in the following manner.
Skype.initialize({
apiKey: 'a42fcebd-5b43-4b89-a065-74450fb91255',
}, function (api) {
var Application = api.application;
var client = new Application();
client.signInManager.signIn({
username: sip,
password: pwd
})
This works fine when I provide the username(sip) and password. However, when I reload the page, I have to provide the credentials again because the app re-initializes. Is there a way to maintain the user's sessions for a while after the initial login so that the page refreshes wouldn't need ask for credentials again?
I have looked through the samples and docuementation that Microsoft has and couldn't find a way. I've also tried to store the client object in the localStorage after the initialization and sign in, but when I tried to reuse the object from localStorage to get the contact list, it did not work.
http://officedev.github.io/skype-docs/Skype/WebSDK/model/api/interfaces/jcafe.signinmanager.html#signin last example explains that you can store oauth token and use it as unexpired token.
To connect to an existing app's event channel, specify id of that app:
sm.signIn({
username: "user1#company.com",
password: "password1",
id: "273867-234235-45346345634-345"
});
To sign in to Skype for Business Online using OAuth while handling the
logic of retrieving OAuth tokens yourself:
sm.signIn({
client_id: '123-456',
origins: [ 'https://webdir.online.lync.com/AutoDiscover/AutoDiscoverservice.svc/root' ],
cors: true,
get_oauth_token: function(resource) {
// Return a valid unexpired token for the specified resource if you already have one.
// Else, return a promise and resolve it once you have obtained a token.
return 'Bearer eyJ0e...';
}
});