Accessing GCE API from my web site - javascript

I am trying to access GCE information in a read only way to display data about an infrastructure on my web site. Basically I want to get an OAuth2 token using JS API and then pass it to a Python Backend to do the API calls to GCE. My site is not hosted on GCE at all.
I get however confused in the proper way to set this up. I have created a Google application so it can ask for the authorizations and ask for access to the GCE APIs. I did start from the sample available at https://code.google.com/p/google-api-javascript-client/source/browse/samples/authSample.html. However each time I do run the sample I get an error in the first phase of the authorization process, mentioning an error due to 'X-Frame-Options' to 'SAMEORIGIN'.
Trying to isolate the error and comparing with running the Google sample from my site, it seems this is purely linked to the settings of my app (basically the google sample with my app ID does not work ) and I get lost in how to debug this process. Is there any methodology that could be applied here?

The sample you are following is for retrieving a profile in Google Plus, using the 'Public API key'. This type of key is used only to retrieve public data. If you want to access information on GCE, you must use OAuth 2.0 to authorize requests. For implementing this, you have different scenarios as web server, installed app, client-side (JS), etc.

Related

How to setup security for Azure Function so it can send a request to an Azure App Registration and get data from GraphAPI

I am brand new to a lot of Azure technology. I have familiarity with Graph API and JavaScript but have limited knowledge of C#.
Problem:
I need to write an Azure Function that queries an Azure App Registration that has the application permission 'Reports.ReadAll' and I need to do this in a secure method. This is to get data from Microsoft Graph Api. I want to do it in a way without writing the App Registrations Client Credentials in the code as that might be risky.
End Goal:
I am planning on collect the response from the App registration call and getting a url to a CSV file which I will Store somewhere (likely SharePoint). But this questions is about the first part, sending a request to the app registration securely and getting a response.
I have done quite a bit of research so far, and it seems I need to achieve my goal by writing a function in C# or JavaScript (preferably JavaScript, but any solution is welcome). To get the security I need some bits on the Internet say I need to Use Azure Key Vault so I am not store Client Credentials in plain text in the code?
I also need to get the bearer token first it seems according to my research, and I need to then include that in the call for the report's data I need, but I haven't been having much luck their either.

How to couple django oauth2 with javascript (reactjs) frontend correctly?

I've got a big problem to correctly implement (couple) oauth2 within Django project with Javascript (reactjs) frontend.
As a backend we are using Django server - this server offers some APIs to store or retrieve data from SQL database.
I am following this guide: Django OAuth Toolkit Documentation and using password based grant type (there are three others at disposal).
What is working for me is that I can access server's API calls via command line using curl. That is, I know how to acquire token using URL like example.com/o/token and then I can call some of my APIs with granted token within header as "Authorization: Bearer acquired_token".
I am new to OAuth within little knowledge on this topic so far.
For information:
all the stuff is running within Docker container. Reactjs is build using webpack. Within first request (clean browser cache - no javascript/reactjs available) django server is contacted and it servers index.html page with all the javascript stuff. Then Reactjs is present in browser and runs the Reactjs frontend which makes calls to APIs to get data from database and show them within some tables, etc.
My problem and question is what needs to be done on frontend side (javascript - reactjs) and in what order.
Yet I am also not sure, what to use actually within OAuth - password or authorization token and also what yet needs to be done on backend side.
Last note: I know there are lot of resources on this topic on the world wide web. However, somehow I could not find clear procedure how to deploy it.
Any good piece of advice on this perhaps with pointers to some resources is welcome and appreciated.

Google API Client Libraries for react project, Javascript or Node-js ?

I'm building a dashboard using React, Redux and D3. I would like to display some data from the Google Analytics API. I already have my React and Redux app. It's working fine. I'm now trying to import data from my google analytics account. What should I use Javascript or Node-js libraries ? What the differences between them ?
If you want to get data from one of the Google Analytics Reporting APIs via JavaScript, you have two choices:
The JavaScript client libary
The Node.js client library
They both have essentially the exact same reporting capabilities, the only difference is one runs in Node.js on the server and one runs in the browser.
An advantage of the JavaScript client library (which runs in the browser), is it can be easier to authenticate the current user (especially if they're already signed in to their Google account on that browser. (This Hello Analytics guide for JavaScript shows how to get started reporting on your data with the JavaScript client library) Of course, this assumes you want to get data for a view the current user has read access to.
If you want to display Google Analytics data on your website for a view that you have access to, but for which a visitor to your site may not, then you should run your query server side (via Node.js) and then pass the results to your existing D3 code.
To query the Google Analytics reporting API from the server you'll probably want to use a service account to authenticate your requests. This Hello Analytics guide for Python shows the concepts. I know it's not Node.js, but the basic ideas should all be the same.

how widget is created only through script

I have come across few chat application and the website which I don't know how these things work. can someone tell me how these application works in the website.
I have seen some website with a chat widget for helping the customer for respective to their business. On signing in these application, a script file is send to email, when it is pasted over the website. Automatically a widget is created. And this widget and the application is connected externally.
Sorry, if my question is not clear. I will give some links of application and website which give you some idea what I'm trying to ask.
Website
http://www.a1000yoga.com/
http://www.voyzek.com/contact-us/
Application
https://www.zopim.com/
https://my.livechatinc.com/
What you mean is called providing Web API,
Wikipedia's definition of Web API is :
A server-side web API is a programmatic interface consisting of one or
more publicly exposed endpoints to a defined request-response message
system, typically expressed in JSON or XML, which is exposed via the
web—most commonly by means of an HTTP-based web server. Mashups are
web applications which combine the use of multiple server-side web
APIs.
In brief, They implement their service in their servers, and let you access their services by HTTP requests.
You sign up in their website and they generate a API token(a random string maybe), then when you want use their services, you send them your requests with your API token as authentication or identifying mean, and they process your request throw their application and with your data on their servers, and send you respond.
For example when you use this messaging services(or Captchas, Ads networks, etc), they provide a piece of Javascript containing your API code, then when someone views your web page, the code will send request with your API token to API provider servers and they process data for you.
You can then access to your data through their website, another API, email or etc.

Access the force.com REST API with a pure Javascript page

I want to develop a front-end in Javascript (possibly with one of the fancy frameworks around such as AngularJS) that consumes the REST API of my Salesforce org.
I don't want to embed my project in Salesforce technologies, so basically
no Visualforce pages
no Force.com Sites
I do want to write my own front-end on a separate server that just makes AJAX calls to the Salesforce back-end.
In addition, I want the application to be accessible for any user, even if he/she does not have a Salesforce account. So the AJAX calls should not require that the user logs in on Salesforce. I want anonymous users to be able to retrieve public data from my organization and create new entries when it is useful (in the case of a survey for instance).
Even though these requirements generate some security concerns, I can imagine that Salesforce takes care about the requests rate limits on their API endpoints and that it is possible to restrict the access to the API on a host name base (e.g., only requests with origin host my-trusted-domain.com should be allowed, send a 403-Forbidden otherwise). I would be surprised if SF does not provide such basic features.
How would you proceed? Is there a minimal Javascript code that works out-of-the-box on any domain without getting into troubles with CORS?
All REST API calls to Salesforce must be authenticated. If you want anonymous API access then you will need to proxy authenticated calls through a server (like on Heroku) that adds the auth token. Or you can use Heroku Connect to expose your Salesforce data to a Heroku app as a Postrgres database.
If you go the REST route then checkout the ForceServer and my CORS Proxy for Salesforce. Both are not setup out-of-the-box for the anonymous access you are looking for but could easily be tweaked to support that use case.
BTW: When allowing anonymous access to your Salesforce data through a proxy make sure you are dealing correctly with security and request limits.

Categories