Is there a way to pull the user data(leads)from the Google Workspace marketplace SDK? For example: Say to an HTTPS endpoint that we can route to our CRM or maybe simply download the user data CSV
Related
We are working on a Migration App for Google Drive (Google Workspace) and are relatively new to Google APIs. I read that administrator need to grant domain-wide delegation of authority to third-party and internal applications so that they can access users' data such as read Google Drive files.
Control API access with domain-wide delegation: https://support.google.com/a/answer/162106
For delegating domain-wide authority to service account, a super administrator of the Google Workspace domain must complete 6 steps as described in the documentation link below:
Delegating domain-wide authority to the service account: https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority
As I understand these 6 steps have to be manually performed by Super Admin of the Google Workspace. I would like the super administrator should be able to do these steps easily and quickly. Can this process be automated or guided using some sort of Consent Grant screen in Web Portal.
Instead of using service accounts, can we use OAuth 2.0 Client ID (created within third party app's Google workspace) and consent of Administrator to provide delegated access of their Google Workspace to third party application.
I am asking this because I would need to get list of all users in that Google workspace and have read access to their google Drive files.
Directory API: Authorize Requests" using Admin SDK: https://developers.google.com/admin-sdk/directory/v1/guides/authorizing
Scope for only retrieving users or user aliases: https://www.googleapis.com/auth/admin.directory.user.readonly
Thanks!
I am afraid it is not possible at this moment to manage the domain wide delegation settings through APIs or any different way to automate the process. The Google Workspace Directory API is the only possible way you can use to manage Admin console related settings using the Google APIs, however there is no API method that can make changes like this.
Now, about this:
Instead of using service accounts, can we use OAuth 2.0 Client ID (created within third party app's Google workspace) and consent of Administrator to provide delegated access of their Google Workspace to third party application.
The only possible way is by adding the application to the domain wide delegation settings, but again, only the admin can add the app manually to their Google Workspace admin console.
Since this is a feature that is not available yet, you could submit a feature request in the Directory API to suggest this as an actual feature and maybe Google can make it available in the near future.
Reference:
Admin SDK: Directory API
Feature request
I am trying to use Graph API to automate the process of creating a Microsoft Teams app with a Bot app feature.
I found this Graph API endpoint called publish teamsapp which allows me to POST a Teams app package and instantiate a Teams app. Below, the "Appr 4 - MS Teams Test" app was created by uploading an app package to the aforementioned endpoint.
App published through Graph API
However, in order to complete this automation, I need to create a Bot app feature under "Configure > App features" of my Teams app.
My problem is that the publish teamsapp doesn't seem to support creating the Bot app feature. The app package' that you upload contains a manifest.json. The schema of this manifest only allows you to provide a Bot ID (presumably for an existing bot). You cannot specify the webhook URL for this bot and there do not appear to be any APIs to generate the bot's client secret.
App features
My question is, are there any Microsoft APIs that would allow me to create, read from, and write to bot app features? Ideally, I would like to be able to do the following:
Create the bot app feature
Retrieve the bot ID associated with the bot
Set the webhook URL of the bot
Create a client secret associated with the bot
Retrieve the client secret so I can store in my own database.
Is this step 1 to step a loop you would like to follow? I will consider Azure Logic APP to do the bot API call to create a bot - https://learn.microsoft.com/en-us/azure/logic-apps/quickstart-create-first-logic-app-workflow
Also, there is a forum actively monitoring by Teams-dev member you may want to check there as well - https://learn.microsoft.com/en-us/answers/questions/topics/single/58062.html
I have a web application and a Google Docs add-on that work together. The Docs add-on passes the web application the Google Drive file id of the Doc it's currently running in.
My web application needs to be able to be able to access/download the file content. I want the web application to use the drive.file scope, so that would require the user to authorize the web application access to the file in Google Drive.
I haven't found any APIs which let me request the user authorize the web app permission to a known file id. I could use the File Picker API, but then the user has to find the file in their Drive (annoying user experience given we already know the file and prone to errors).
Is there any way we can just redirect the user to a Google Drive URL where it asks them to confirm they want to open the file with my web app? Or to preselect the file in the File Picker?
I don't think you completely understand how scopes work.
The is no way to request permission for just a single file id. Scopes are all or nothing. If you have read only access then you have read only access to all of the files on the users drive account. Same for write access.
Now lets look at Scopes#Drive
https://www.googleapis.com/auth/drive.file See, edit, create, and delete only the specific Google Drive files you use with this app
If you request authorization of the user using the drive.file scope. It will allow your application to create files on the users drive account, and access those files which your application created and only those files.
So there is no way to get access to only a single file on a users drive account. If you want access to a file on the users account that wasn't created by your app then your going to have to use drive.readonly or drive. Depending upon if you want read or write access.
I have created a project with Google Big Query.
I have one table with data. A service performs insert every hour in the table. The service uses a service account with a p12 file to authenticate without user interaction.
I have developped also a desktop application which authenticate via the browser (OAuth2Authenticator). It works well but eveyone who have a google account can login and accept to use my application, and I don't want that !
Is it possible to specify a list of authorized google accounts for a google big query project ?
Thanks,
Luc.
Yes, you can control who has access to your BigQuery datasets, as well as who is a member of the Google Developer Project that your BigQuery datasets are attached to.
If you are creating a Desktop application, the best way to provide authorization to BigQuery for specific users of a restricted dataset is to use an "installed application" Oauth2 flow. Are you currently using this flow?
Currently Google is migrating their old Google Data API to the new Google API.
When we do API queries over the old Google Data API, we usually use Zend Framework and the given consumer key/secret to do the authen/autho, which is fine.
Question is, is it possible to use the given consumer key/secret (from the Google Apps Marketplace listing) and the new OAuth 2 Library to call the API? What I have been having is the error message redirect_uri mismatched issue and obviously Google Apps Marketplace provides no way to change this value. Even though they had provided a link for us to go to the API Console from the listing page, I cannot see the OAuth 2.0 options in my API Access page at all.
Did I missed out anything?
If let's say I need to use the Google Apps Admin Settings API, does it mean I need to separately create a new OAuth 2.0 API Access in the API Console, then, when I need to access user data, I need to do the Auth flow again using this new consumer key/secret/redirect? I can't set this permission in the Listing Manifest? (Not supported?)
Thanks for the clarifications!
Google Apps Admin Settings is not yet migrated to the new google-api, AFAICS. Check out this list : http://code.google.com/p/google-api-java-client/wiki/APIs ;
you can however use the new google-api client libraries but you have to roll your own XML model for the given API, it is not so hard, I did a similar thing for the Contact API;
The consumer/key secret can be re-used normally if it is sufficiently scoped. A related project for your market app is automatically created in the Google Api console from what I remember..