My question is how to grab the the correct information from the developers console and than apply that to my chrome extension. So far i understand that permission "Identity" need to be included within the manifest. Also that oauth2 with client_id and scopes also need to be added.
https://developer.chrome.com/extensions/app_identity#update_manifest
The website itself explain to grab the client id within the old versions of the website.
Information that i need to acquire from developers website:
API_Key
Scopes
Key
If possible i would liked further advice concerning the js to be able to grab the usernames first and last name and other ability such as google drive document creation or edits.
I've found a wizard on google api site
https://developers.google.com/drive/v3/web/quickstart/js
That gives me all the information i need <3
Related
I am attempting to create an angular application that authenticates to the Google APIs as our administrator account so that it can gather details, such as a user's Google Drive info (number of files, total size, etc.)
I'm attempting to use OAuth 2.0 to give the application our "administrator" credentials. The examples provided in the Google API documentation shows how to accomplish such tasks by allowing a user to log themselves in, but I've yet to find anything demonstrating how to programmaticly authenticate an application as admin (or anything else, for that matter).
Is this possible?
After a bit more research, I finally found a question relevant to the issue with what appears to be a detailed solution! It's all about using the right key words... "programatically" was the word that finally got me there :)
Of course, I'll be using JavaScript/Angular, not Python, but I believe the concepts will be the same.
I'm making an open source Node module that will require access to each user's private Google Drive files. I've been trying to wrap my head around all of these different authentication types, and have come to a road block. From what I've gathered, there are two primary types of authentication
I, the library author, provide in my library the public and private keys necessary to authenticate each user with OAuth2. This means giving them a URL to go to to give my app permission to access their data, and have them copy and paste an access code back into their terminal. I was able to run through this tutorial and get it working, but this method seems dangerous, because of the keys I have to package with my library, and unnecessarily difficult.
Have the user go to the Google API console, get their own API key, and provide that to my library through some sort of configuration file. No URL redirection, no copying and pasting, just some private credentials that only they have access to.
2 sounds a lot better to me: This library has absolutely nothing to do with me once it's in the user's hands, so it feels incorrect to have them authenticate with me. But from what I can find, the only way to do this with Google's API is to create a Google Service account, download the JSON they give you, go through a flow similar to the top comment on this blog post, and then manually give the service account email access to my personal Google Drive files. This seems hacky, and a lot of work to gain access to my own private data. Is there a better way to go about this? It seems strange to me that this fairly standard flow in other APIs is only available in Google's API through service accounts, but maybe there is a way and I'm just not seeing it. I'm fairly new to authentication, so any help at all is appreciated. Thanks!
First off I want to say that you cant release your open source project with the client id and client secrete that you created on Google Developers console this is against googles terms of service.
1.Developer credentials (such as passwords, keys, and client IDs) are intended to be used by you and identify your API Client. You will keep
your credentials confidential and make reasonable efforts to prevent
and discourage other API Clients from using your credentials.
Developer credentials may not be embedded in open source projects.
My Answer on another question about exposing client id in open source projects.
Second you could instruct your users to use either Oauth2 or a service account or both its really up to you.
If the user will only be accessing their own data and wont need to access someone else's data then they can use a service account you will need to instruct them in how to share a folder on Google Drive with the service account. However from your side permissions can be tricky when they are uploaded the service account will own the file uploaded to the users google drive account you will need to have the service account add permissions for the user so the user will then also be able to access said file.
The easiest way to go will be Oauth2 when the code uploads files they are owned by the authenticated user so you wont have the same permissions issue you had with a service account.
I'd like to allow a user to visit one of my sites, enter some information into a field, and then save that information into a Google Spreadsheet via JavaScript.
I don't want the user to login via Google or have to do any special authentication.
It's Ok if the spreadsheet needs to be open to public; the data's not sensitive.
I don't want to use a Google Form, I want to have full control over the client-side UI.
I've been reading through the Google developer docs, but they only make mention to an OAuth login solution. The Google Developer Console allows you to create a "Public API access key", but does not explain how it's used.
All of the examples are for the scenario where the user is using your app to access his own files. In your case, you want the app to access your own file. This isn't easy. The only ways I can see are :-
Use a server app (appengine works well) to do the access
Very carefully set up permissions and store a refresh token in your app.
Option 2 could be your worst security nightmare if you don't do it carefully, and even then may be an infringement of Google T's and C's since it's akin to distributing your password.
Once you figure out the auth, you'll need to check out the spreadsheet API (https://developers.google.com/google-apps/spreadsheets/), as this is the API that allows you to update an existing spreadsheet. The Drive API can only upload an entire new spreadsheet.
I am looking at developing an app to leverage the Google Doc side of Google Apps Scripts. I have a couple of questions about the security of Google Apps Scripts.
How easy is it for a user to copy the code from a shared Google Apps Script? Is there any way to prevent this?
Are there any plans to create a similar API for the Google App Engine for manipulating Google Documents( not just listing what documents are available) so that document manipulation could be done on the server side?
Is there a way planned to share out Google Apps Scripts per Google User or per group, and not just "Publish to the World" or "Within a domain" as is currently the case?
Thanks
Bob
About copying the shared script: dont share it there is no need to share. Publish as webapp and share the url. Nobody can get to the script that way.
About opening the api: no plans that i know of (im not from google), but note that apps script does run server side.
The last one: publish to your domain and run as owner, then in your handler (Roget) use user services to tell the active user email. Use group services to see it she belongs to a group. If user shouldnt access show an access error.
Voila.
I wish to access Google Analytics data through their API using Javascript.
Basically I want to display on a website a list of the most visited pages for the past week/month. I can only use javascript for this.
I found this example on the official site http://code.google.com/p/google-api-javascript-client/wiki/Samples#Google_Analytics_API
Is there any way of accessing Google Analytics data without authentication? Do I need to somehow load a username/password in? To be clear, I want a website (that has Google Analytics tracking) to load analytics data from its own account.
I thought there might be a way to make certain data public, then query that somehow... Or perhaps create a limited user to access it. I can find no examples of either.
You can't access GA withouth authentication for rather the same reason you cannot access you bank account without authentication (because that would allow everybody else to access your account without authentication which might cause some inconvenience).
Google provides a complete example for GA access via Javascript: https://developers.google.com/analytics/solutions/articles/hello-analytics-api. However I don't think that's what you want (I think for that you need to be logged in to Google to actually retrieve data).
You could however use Google Apps Script to pull data into a Google Spreadsheet and embed that into your page (at least I think that should be safe).
Updated: Google has since released the Google Analytics superProxy which allows to share Analytics data with the public safely.