I'm looking at the list of OAuth 2.0 Scopes for Google APIs trying to find the right scope that allows access to business information, but can't seem to find it.
I'm looking specifically to access my client's reviews left by their customers using API. Which scope should I use?
*** EDIT ***
This is the desired scope - https://www.googleapis.com/auth/business.manage
Is this what you are looking for?
https://www.googleapis.com/auth/plus.business.manage
https://www.googleapis.com/auth/business.manage
https://developers.google.com/my-business/reference/rest/v4/accounts.locations.reviews/list
https://developers.google.com/my-business/content/review-data
Related
As the creator of an API ecosystem with OAuth, you want to allow access to your APIs via scopes that can be attached to an access token. My questions are thus:
How do YOU define a scope?
Would you expect any scopes you define to provide access only to resources/methods within a single API, or should a scope include access across multiple APIs?
How likely are you to define scopes in an API definition file like Swagger/OAS or RAML vs. within some sort of API gateway tool?
Should scopes be defined outside of the context of a specific API as part of a separate OAuth management tool, alongside things like IdP registration and client application creation?
I realize there may be several possible answers and perspectives on this - that is exactly what I am looking for.
Thanks for your help!
My OAuth2 server has the ability to create arbitrary scopes. Scopes are similar to 'roles', they describe groups of functionality.
The OAuth2 server is essentially unaware of what theses scopes are. API Resource servers receive Bearer tokens, and based on the bearer tokens find out what scopes are associated with it, and make decisions on what a user can and cannot do with that scope, but to the OAuth2 server, they are opaque strings.
We don't use swagger/RAML.
I am using ng2-adal to integrate my Angular app with Azure AD login. My application should only be accessible to certain groups within my organization. Currently when I query the adal-service for user-info the jwt doesn't contain any groups information.
I figure I would query Microsoft Graph API to get /me/memberOf info but I get Access denied to this information and require an Admin to grant me permissions to view this data.
Is there any other way of getting this information or do I have to bug my IT dept to enable READ permissions for groups?
I'm afraid so, anything that looks at Groups requires Admin Consent.
It certainly seems reasonable that you should be able to see your own membership (/me/memberOf) with User.Read. That said, I'm far from an information security expert there may good reasons for not allowing it.
Regardless, I would highly recommend adding this suggestion to the UserVoice. They do have
I am currently using the old Outlook office REST API v2 to access outlook.com mail of users via oauth (as opposed to microsoft graph, due to a lack of certain desired features)
For authentication scopes, it needs values like
https://outlook.office.com/mail.readwrite
https://outlook.office.com/mail.readwrite.shared
vs microsoft graph's
Mail.ReadWrite
Mail.ReadWrite.Shared
Unfortunately, the documentation that supposedly provides a comprehensive list of supported scopes https://dev.outlook.com/restapi/getstarted has had its links changed to point to microsoft graph's documentation (which doesnt really help at all)
THE FOLLOWING IS FROM THE ABOVE LINK, AND REDIRECTS TO THE BELOW LINK
scope: a space-delimited list of access scopes that your app requires. For a full list of Outlook scopes, see Authenticate Office APIs using the "v2.0" endpoints [https://developer.microsoft.com/en-us/graph/docs/authorization/auth_overview]
I'm not aware of a global list of Outlook scopes but they should be documented along side each REST method under the Minimum Requires Scopes.
I'm trying to access Google spreadsheets using gdata-python-2.0.17 library. In every tutorial, programmaticLogin(uname,pwd) is used but I feel it is not a good practice. I'm trying to overcome this by using OAuth 2.0 authentication(oauth2client.client).
I've managed up to granting access to a Google account by getting user consent.
I'm not sure whether the standard gdata.spreadsheet.service.SpreadsheetsService() can be used in this scenario.
According to this, it is not possible/easy to combine OAuth 2.0 and gdata-python library.
It's highly appreciated if someone know how to handle this with the said APIs or using later versions of Google API which can be used.
Thanks
Can you use oAuth to only authenticate like you can with Twitter?
If you check Google's docs at http://code.google.com/apis/accounts/docs/OAuth2.html you'll find that the scope (meaning, the service you're supposed to ask permission to) is a required field.
It may be a turn off for many users if you ask them to access their contact list when the most you really do is authenticate, so I rather stick with OpenID which is designed just to retrieve the UID.
So, the answer is really NO, unless you're planning on using an additional API with Google.
OAuth is an authorization protocol and can't be used for authentication only unless the provider defines a dummy scope which, in effect, authorizes you to access "nothing", or "basic user info" (name, e-mail, etc.).
AFAIK, Google provides no such "dummy" scope. However, they do implement OpenID for such authentication purposes, as the protocol is better suited for that task, anyways.
Yes you can there are many options it depens on your platform advice you to check
oauth.net
You can find there options for Java, .NET, Cold Fusion,PHP,etc.
There are many Frameworks that have OAuth capabilities, on Spring you can use this
Sounds like there is some plans afoot on this...
http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.html?showComment=1300267218233#c6336940633709651714
some chap:
"Can someone help by pointing to the documentation for the API of "just get basic information for a user"
other chap:
"The problem is, that you get a lot of different login mechanisms because Twitter is using OAuth 1.0 (Or am I wrong?), Facebook is using OAuth 2.0 and Google is using OpenID for login. Please correct me if I´m wrong. So basically I have the same question.
Will Google support login for basic user informations with OAuth 2.0 for Google APIs?"
google dude:
"Today we're supporting OpenID for login, but we've heard your pain about mess of different identity protocols on the web. Stay tuned :)"
Seems to me, as OAuth2 covers authentication and authorization, it would make sense to allow basic info and make it easy on the integrator using one method for all
I'm plumping for this possibility anyway, hopefully by the time I'm ready to put my app live it will be available from Google - Facebook has this anyway and in my case that's a big enough draw