I'm creating a chrome extension, I'm using chrome.identity.getAuthToken() to get the access token. I'm authenticated with firstName.lastName#company.com. I set following scopes
"https://www.googleapis.com/auth/contacts.readonly",
"https://www.google.com/m8/feeds/",
"http://www.google.com/m8/feeds/contacts/"
Header has GData-Version: 3.0 set.
I'm able to access my own contacts through https://www.google.com/m8/feeds/contacts/default/full/?access_token=...
If I try to access the domain shared contacts through https://www.google.com/m8/feeds/contacts/company.com/full/?access_token=... I get an error 403 with Your client does not have permission to get URL /m8/feeds/contacts/company.com/full/ from this server
My goal is to get an extension that is able to create shared contacts that can be accessed by everybody from the company.
Any help would be appreciated
My account didn't had the necessary read/write rights. It seems just superadmins are allowed to edit the domain shared contacts.
If I don't want to grant the user superadmin rights I would need to create a backend that takes care of the contact creation.
I would need to create a service account to impersonate superadmin level user, this account would update the contacts. All necessary information can be found here
Related
I am working on an application using Firebase and Node as Back-End.
My app has an admin access and I want to create temporary access to users accounts.
I also wanted to have a history of all the logins on users account with infos such as web browser, localisation etc... for security purposes.
My idea is to create a one time use temporary auth token for an user and give it to the auth function from Firebase.
But I want to stay connected as an Admin still, so I thought about an iFrame inside the main window.
I am having trouble finding infos on the web, wanted to know if you had any leads or better ideas/way to do it.
Thanks in advance,
Firebase Authentication on its own does not provide a log of user sign-in actions, but with the new, optional Firebase Authentication with Identity upgrade you get User activity and audit logging. From the feature overview:
User activity and audit logging
Monitor and log administrative access and end-user activity.
When you upgrade your project, you automatically enable admin activity audit logs in Cloud Logging. You can also enable user activity logging on the Authentication Settings page of the Firebase console.
To learn how to view and analyze your logs, see the Cloud Logging documentation.
Creating a custom token for the user you want to impersonate and then using that to sign in should work. If you want to sign in with two different users, you can create two instance of FirebaseApp, and sign in to the auth member for each user.
Is it possible to use the salesforce APIs in a JS application to authenticate users of multiple, unknown organizations that I do not control or have access to and import their account names?
I want users of my application, all of which belong to different companies, to be able to import their salesforce contacts into my application. All of the tutorials I have come across seem to focus on creating applications for organizations that the developer has access to via "connected apps". I assume that creating a connected app will only allow access to that specific organization and that if someone from a different organization tried to authenticate and access their data it would fail? Pointers to the product I should be using to accomplish this are much appreciated!
You have the right idea, to get data from a salesforce org, you are going to need the user with the Salesforce account to authorize your application to access the data. The connected app is basically just a way for you to get the auth code that you need to access that data.
It is possible to define the connected app in one org, and have it be used by multiple different salesforce orgs. The data that one auth code provides access to is limited based on the data available to the user that grants access.
I have created a web app which is making use of OneDrive API (https://learn.microsoft.com/en-us/onedrive/developer/rest-api/) to perform actions such as create/update/rename/delete of documents etc. I am authorizing requests with OAuth 2.0 (client side - that means every access token is valid for ~1h and then silently I am getting a new token) and then perform previous actions using that token.
I have a new requirement for the authorized user to share his/her documents for writing/updating them (I found out that API has option for inserting permissions (https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_invite).
Is it possible for a non-authenticated user to be able to write/update documents (programmatically - via OneDrive API or some other API?) that have been created from the authenticated user that shared these? (something that is similar to Microsoft Word online when a user is sharing his document and offline/ guest users are able to edit it?
Thanks.
Some Update:
First of all documentation for REST API/ endpoints is chaotic. (https://github.com/OneDrive/onedrive-api-docs/issues/839)
I found out that I can get shared document via these endpoints:
GET: https://api.onedrive.com/v1.0/shares/encodedUrl/driveItem
And update shared document only if I have an access token
PUT: https://api.onedrive.com/v1.0/shares/encodedUrl/driveItem/content?access_token=accessToken
where encodedUrl can be obtained as : https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/shares_get
(check example on C# with sharing url )
So, I am still wondering how possible is to update a document without any authentication but just a share url.
Using Oauth2 and Google's API I have set up access with a service account, but am struggling to set up access to a specific folder within our team organization.
Currently I am able to do the method calls I want (list, permissions, copy) but the items in the drive that come are only the get started file. I'm not entirely sure which drive this is pulling from as that doesn't exist in any of the accounts I've set the service up in.
My Questions:
When setting up drive integration using a service account, what is the default drive used and how do I access it via the dev console or gmail account?
Are you able to access Organization/Team folders and add files to it?
Thank you again for the help!
The drive resource used will be the the Google account which generated the service account in the Google Dev console.
A service
account
is a special type of Google account that belongs to your application
or a virtual machine (VM), instead of to an individual end user. Your
application calls Google APIs assuming the identity of the service
account,
so that the users aren't directly involved. A service account can have
zero or more pairs of service account keys, which are used to
authenticate to Google.
Are you able to access Organization/Team folders and add files to it?
If you're application is using a service account to login, yes people you've granted permission can definitely access it and modify the contents depending on the roles you've given them.
You can read more of service accounts in Using OAuth 2.0 for Server to Server Applications.
Is it possible to access public Facebook information, such as user's name, without using Facebook Connect?
I've been reading the docs on http://developers.facebook.com/docs/reference/javascript/
and they have mentioned "public" information and "private" information.
It is still unclear to me if any attempt to access the visitor's facebook information requires Facebook Fonnect first.
I'm assuming the user must go through the Facebook Connect process before any data may be accessed.
Yes and no. If you are a first timer accessing Facebook, then you have to go through FBConnect. And then if you have opted for extended permission offline_access your access token will never expire and you can use that token to access the facebook info without FBConnect
You can access a users public information via the graph api without an access token if you know their user id or user name. For example these will return info:
http://graph.facebook.com/4
http://graph.facebook.com/zuck
The problem though is that without having an instant personalization deal signed with Facebook, you won't be able to tell who the current user until they authenticate with your application.