I'm trying to make a portal where users can authenticate their Google credentials and then access their Google Calendar by creating and deleting events all via my website. However, I can't seem to find where on the Google Developers Console where to whitelist my site because of this following error:
{
"error": "idpiframe_initialization_failed",
"details": "Not a valid origin for the client: https://maxstechandmathsite.azurewebsites.net has not been whitelisted for client ID (my client ID).
Please go to https://console.developers.google.com/ and whitelist this origin for your project's client ID."
}
The JavaScript code I'm using is in reference to this Github page: https://github.com/gsuitedevs/browser-samples/blob/master/calendar/quickstart/index.html. Besides having to verify my site ownership, the issue may also be having an incorrect client ID or API key. For Google Calendar, I'm assuming you use the client ID and API key for the Google Calendar itself, but would I possibly have to use my Google Sign-In client ID for the OAuth 2.0 authorization? I tried that client ID, but no error message came up in the first place, unlike with the Google Calendar client ID, so I think I'm on the right track. I just can't find any Google docs on this error.
Turns out I was right. I did have to use my OAuth 2.0 client ID instead of the Google Calendar client ID generated for me when enabling the Calendar API. Not only that, but I had to use a previous API key I made on the Google Developers Console.
Related
Hi, I want the users of our organization only to use google picker to select files from their google drive.
I followed this example to set up API key and oAuth client in the google developer console.
Here is the summary of what I did:
Enabled Google Picker API in Google API Console
Created API Key
Created OAuth client
Using Official Example google picker is working but it allows all Gmail users as well, I want to allow only those emails which belong to my domain.
I could not found anything related to this in official docs so I have the following questions:
Is it possible?
Is it possible to bypass the consent screen using service account impersonation(User Access Token generated on the server via impersonation)?
This is a high level explanation, but the idea is the following:
Using a server side script, you will generate a token for a user using a service account and impersonation.
On the client side, you will have to call that script on the server side and have the server return the token.
When initializing the picker, you will set the token to what you received from the server using the PickerBuilder.setOAuthToken() method.
That way you not only bypass the consent screen, but also make sure the drive picker presents the drive files of the user you authenticated with the service account.
If you are looking for a low level explanation, edit your question and post your architecture along with your code.
I want to extend a project in a way that it can save files to Google Drive. To learn how this works I tried the Quick Start Example from the docs: https://developers.google.com/drive/v3/web/quickstart/js
Following the example I noticed that the example is creating an API key in the developer console. Following the same steps only returns a Client secret. I suspected this to be a naming problem and hoped that the two are the same.
Unfortunately, the example code does not work but loggs the following error:
{"error":{"errors":[{"domain":"usageLimits","reason":"keyInvalid","message":"Bad Request"}],"code":400,"message":"Bad Request"}}
In the request to:
https://content.googleapis.com/discovery/v1/apis/drive/v3/rest?pp=0&fields=kind%2Cname%2Cversion%2CrootUrl%2CservicePath%2Cresources%2Cparameters%2Cmethods%2CbatchPath%2Cid&key=[[my key]]
I checked that the right secret appears in the request url. Setting var API_KEY = '<YOUR_API_KEY>'; to an empty string is a workaround.
How can I debug this further? where do i get the right api key?
I run into this error recently. It is certain that Google Documentation is usually quite good, but in this case, the Google Drive API (https://developers.google.com/drive/api/v3/quickstart/js) it wasn't that clear. For this API in particular, you will require two credentials.
Under your project credentials section, you must create an OAuth 2.0 client for a web application and a API Key.
(Sorry for the Spanish in the screenshots)
Regarding the OAuth 2.0 client, not that I have restricted it to http://localhost
Concerning the API Key, note that I have restricted it to my Google Drive API
Then, in the index.html provided by the documentation, you can set your CLIENT_ID to the one obtained in the OAuth 2.0 client generation, and the API_KEY to the the one generated in the API Key process.
{"error":{"errors":[{"domain":"usageLimits","reason":"keyInvalid","message":"Bad Request"}],"code":400,"message":"Bad Request"}}
Means that the request you have made has not been properly authenticated.
API key is for accessing public data. Oauth2 client id and secret will be used to access private user data which file.list is. So i dont think this is a naming problem. Your code should be popping up requesting access of the user.
I have been looking for an open google api to get google authentication token by using a user's google username and password. I have came across google-auth node package. And according to it, I first need to log in to create a project in google developer console and then use the key to access the information.
But I want to know whether there is any open api where I can directly pass the username and password, without creating any project in google developer console. And get the authentication token as part of response.
This is my first project using google apis, so if it sounds naive please let me know the right way of authenticating a google account user using a node project.
Sorry, I can't provide any code, as I am stuck at understanding the initial part itself, about how to authenticate different users.
Thanks in advance
You can't use google or any social login, without first creating a project and using it's api key.
That is just how oAuth is designed.
I am using a chrome extension that calls the chrome.identity api to get an access token (using google plus login scope).
I then try to call a Google endpoints API with this token. For this, I set a request header with 'Authorization'='Bearer <token>' format.
I have added the client_id from the manifest.json of my chrome extension to the list of allowed client ids for the endpoints API. But, I still cannot connect to it, even when I run the API on localhost.
The allowed list of client ids includes those clients that I defined on the API credentials page on Google Developers Console. My chrome extension is present as a client in that list, but it's client_id is different.
The error I keep getting on the server side:
WARNING 2016-04-22 03:01:35,068 users_id_token.py:372] Oauth token doesn't include an email address.
Can anyone please give me some pointers to try? Please let me know if any clarification is necessary.
The Google Oauth2 APIs are commons of all types of clients, so i will answer in general which applies to all.
The google plus login scope(plus.login or plus.me) will not return email address, in order to get the authenticated user's email address you need to pass an additional scope https://www.googleapis.com/auth/userinfo.email which will returns users email address. Hope that is what you are looking for.
if you wants to experiment it, visit https://developers.google.com/oauthplayground/
My purpose is to provide service on my server based on Google Drive platform. The most importantly user don't need to sign in or have google account to access this service.
As developer I want to authorize my web site URL and the Google Drive that will be mine.
I went through various solution but don't get actual one.
You may want to look at this documentation about service accounts which enables your web application to interact with google servers. The docs says:
A service account's credentials include a generated email address that is unique and at least one public/private key pair. If domain-wide delegation is enabled, then a client ID is also part of the service account's credentials.