I have checked answer how to get user info via Google API, but it does not help to resolve the issue because of API was changed and some links are incorrect.
Google uses oauth2, so to load any user info via js we need follow next steps:
invite user to authorize in google service to get his personal oauth token;
get users token from google service answer;
make request to load users info (request should be subscribed his personal token).
Am I correct with this steps?
In google guide they wrote to authorize user should be used next API https://accounts.google.com/o/oauth2/v2/auth. If I login myself I can see request sends to https://accounts.google.com/signin/challenge/sl/password
Can I have a curl example how to get users oauth token (to use it in next requests to load users data)?
Related
I'm attempting to pull calendar data (FreeBusy query) for employees in our orgs for a web app so that users can know whether or not they should contact that user right now. When trying to hit the FreeBusy api endpoint I get a 403 as expected, how can I authenticate with Google to allow this user (or app) to pull the information from the API?
Is it possible to create an "app authorization" token with a client username/password to pull this data from the google dev console? Or do I have to use some sort of redirect to google auth url and let the user authenticate there and provide a callback url?
Alternatively, is there any way to include google auth when the page loads? Is there a way to sort of "pop up" the google account you want to use and let google then generate an access token based on that?
The simple flow looks like this:
User enters some data about what they need into a frontend form (javascript app)
Call my own API and determine which employees match X criteria.
Take this result set and check the calendars of these matches. If they're available then allow user to contact them.
In order to access data of other employees, not one that initiated the request, you will either need those employees to each consent to your use of their data or (this is what would generally be done) get the admin of your organization to approve your app on behalf of all users in the domain.
If you do the latter, you can use domain-wide delegation [1] using a service account to pull the information you need.
[1] https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority
Below is my understanding of the process of oauth2.0(using google as the oauth2.0 server)
my customer click 'login with google account' button on client side.
the browser redirect to google's login page.
my customer inputs it's credential and click 'login'.
if my customer succeeded in previous step,the browser will redirect to my server's url
(www.[myserver].com/auth/google/callback) with some extra query
data.
then my server will do some work to get some token from google and finally get my customer's information.
My question comes from the next step. I want to use token based authentication.Then I have to make my customer to store my own token in localStorage. I can't figure out how to achieve this in the 6th step(how to send a new token to client side and store it in localStorage?).
(I know that every thing will be easy if I am using cookie-based authentication. because I can just utilize 'set-cookie' in the 6th step, and the client side will be easily store the credential data in client side's cookie)
Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications.
I figure out that I can use some type of template engine on my server side(just like discussed here). So I can render my template file using variable before send it to my customer.
I am having a bit of a hard time wrapping my head around how to connect to my OAuth2 Freshbooks API from my bot. Currently I have my API set up such that hitting the /auth route will take the user to the Freshbooks login page and once successfully authenticated the token is returned back to the user. After we have the token the user can get all of their invoices in my web app.
Now, when I build a DialogFlow bot, how do I go about this? What I have thought about is that the user first hits the /auth route which returns the authorization URL which the user can then open in their browser and log in...but after login, how do I return back to my bot?
After a successful login, the /callback route is called by my api with the authorization code to get the token...but this will not be returned back to the bot since it is all happening in the browser...I think.
What is the best approach for this?
Also, after getting the token from my API, should this be stored in a context in my bot?
Thanks for the help and sorry if this is a beginner question. I tried finding an answer online but I just cant wrap my head around this one.
Assuming that your OAuth service is configured correctly you don't have to worry about any of this. The procedure works roughly as follows:
Account linking is triggered via one of two ways:
If you need a linked account to fulfill a certain intent you can simply check the Sign in required box of that intent in the Google Assistant integrations page in your Dialogflow project. If you check this for all intents that are listed for invocation the user can only use your agent once they have an account linked.
The other option is to manually call the sigin helper. This can be done at any point during the conversation, i.e. it does not have to be tied to a particular intent.
When the account linking procedure starts the Google Assistant will load your login page in an in-app browser.
Once the user has authorized your client the OAuth service should (like any OAuth service) redirect the user back to the client. On the Google Assistant this happens via a redirect url of the format https://oauth-redirect.googleusercontent.com/r/<google developer project ID>.
After that Actions on Google calls your fulfillment service with the original intent (the one that triggered account linking), only this time with a valid access token for your service.
Such an access token will from now on be included in every fulfillment request your receive from Actions on Google. You do not have to store this token, you should always use the one that is send in the request.
For more details see the Implement Account Linking documentation.
I am using the YouTube API 3 for my app. When a user logs in for the first time he/she is asked to give consent for the app to access their YouTube account.
window.location = 'https://accounts.google.com/o/oauth2/v2/auth?
client_id='+client_id+'&
redirect_uri='+redirect_uri+'&
scope=https://www.googleapis.com/auth/youtube&
response_type=token';
If the user logs out using a request to https://accounts.google.com/o/oauth2/revoke?token='+token, the default behavior is that when they are redirected to the first link above, they are automatically logged in without being required to click for consent. I want the user to re-approve the application for YouTube access each time after logging out.
As described in the docs, I added the parameters prompt=consent&include_granted_scopes=false to the url request, but this only prompts the user to re-allow Google offline access. It does not re-prompt the user for YouTube access.
How can I get the auth link url to request permissions for the YouTube API scope on a repeat login?
Please try revoking a token wherein part of the removal process can include an API request to ensure the permissions granted to the application are removed.
To programmatically revoke a token, using HTTP/REST, your application makes a request to https://accounts.google.com/o/oauth2/revoke and includes the token as a parameter:
curl https://accounts.google.com/o/oauth2/revoke?token={token}
Important Note: Following a successful revocation response, it might take some time before the revocation has full effect.
I am using Box V1 API in conjunction with scheduled scripts (javascript) running in Netsuite
With the new V2 API and Authorization procedure, can I obtain Authorization Tokens without any user interface being required?
Does anyone have an idiots guide (ie for me) to the steps required to obtain a valid token.
Andy, with the V2 API the user must log in to Box and confirm that your application can access his/her data. Box has put together an authentication primer to walk you through the process. Once authorized, you'll receive an access token and a refresh token for the user. Your scheduled scripts can use the refresh token to indefinitely update the access token.