this is what I would like to do: I wanted to create an app for my colleagues where, given a google sheet, you can send a form that would save some info on this google sheet.
I would like that, after the first login where the user gives permissions, it should not be required for the user to login again, they will be able to check the result directly on Google Sheet.
Some more info: Let's say we have the author of the Google Sheet and their customer, ok? The author of the Google Sheet creates some questions on Google Sheet, this web app will read this questions from the Google Sheet. when the customer fill an answer, in another tab of this google sheet, you will find all the answers. I want to use this single google sheet (for this specific user) as persistency. The Google Sheet, if possible, should not be public.
I was checking the documentation for Google API and Google Sheet but it seems this product doesn't fix my use case. I could be wrong though.
I checked the following links:
https://developers.google.com/identity/protocols/oauth2/web-server
https://developers.google.com/sheets/api/quickstart/js?authuser=2
https://developers.google.com/identity/protocols/oauth2
What I understood from this is that, best case scenario, after you log in, you receive an access token and a refresh token. The refresh token could be used for my use case when the access token expires, but the refresh token can be used for a limited amount of time (6 months) and you cannot use it for more than 50 times.
This would not work for me because when you give the form to other people so that they can use it, it could pass some time and they could be more than 50 so the refresh token will expire quite soon.
Is there any solution with Google Sheet API to just have an api key that I can you use in my backend without the risk of having an expiration (unless my user remove the permissions, in which case that would be fine)?
PS: I found this answer on SO already but only works for public sheets, I would need it to work for sheets that stay private: HTTP Google Sheets API v4 how to access without OAuth 2.0?
Related
Requesting a sanity check on a question of how to structure Google Oauth in my app.
The app I'm trying to build - call it AppX - will let users create an account with the app (ideally with username/password or with Google login), and then the user will be able to connect their AppX account with several of their Google accounts for the sake of pulling up their various calendars. This is handy when, for example, a user has separate personal and work Google accounts, but they want to be able to see both calendars in AppX.
To accomplish this, I was originally going with the oauth2 token model which can happen purely on the client side. I was then going to send the resulting token back to the server to save onto the user object, and then figure out a way to allow the user to do several of these oauths.
However, this SO question is making me think that with that client-side approach, the UX for refreshing the token is jarring for the user. So I'm thinking I actually need to do this on the server-side using these instructions, which will allow me to store the tokens for multiple oauths and create a more transparent refresh token experience.
Is this server-side approach considered best practice?
I have a Google App Script that receives users' spreadsheet urls and attempts to set data to their documents. This process works when I am signed in on my own gmail account and setting entries to my own spreadsheet, but it doesn't work with my other gmail account's spreadsheet url corresponding with the former's App Script.
I know that the documentation explicitly states:
Spreadsheet: Read only (can use most get*() methods, but not set*()).
Cannot open other spreadsheets (SpreadsheetApp.openById() or SpreadsheetApp.openByUrl()).
But is there some way that I'm unaware of that can potentially circumvent these rules? Can I have users give me read and write access so that I can set() data to their provided spreadsheet url? I've added the follow oauthscope to my appmanifest.json in my App Script:
"oauthScopes": ["https://www.googleapis.com/auth/spreadsheets"]
So the spreadsheet url just needs to have a sharing permission of "anyone can edit."
At the moment I have created two versions of my app - for iOS and Android - Where I use the OAuth workaround of posting to a Google Form to indirectly add to a Google Sheet.
However, I am now planning to remake the app in Google's Flutter (using Dart of course), and would prefer to use the proper direct way of POSTing to the sheet (it will simplify the situation for my client), but am having trouble trying to figure out how to do it.
I've found a simple explanation of how to to do the POSTing, but it requires an Access Token - what appears to just be a string.
After searching for an explanation of this, all I've found is explanations of how to create an OAuth token for the user using the app, but I just want to be able to post from within the app - totally separate from the user.
I guess I want a 'static' token that will just allow me to post to my sheet from my app indefinitely - is this possible, and can someone please explain it to me?
It sounds like you want to use what Google calls a service account for access to a sheet that belongs to your app rather than user's account for access to a sheet that belongs to a user.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
I'm developing a blog poster software and in that software, there is a text area that my user writes the content of a blog post, and two text boxes for specifying username and password.
Now I want to login with the specified authentication information into Google quickly. Google API doesn't ask me for authentication data and it seems to me that Google doesn't implement the ability to login with custom username. Is there anyway to do that?
What you mean is that you want user can log in your software by enter their username and password in the text box of your app. And your app can authenticate user by call some Google API. But this is improper, and Google does not support this.
What you need is OAuth 2. By authorized by Google user via OAuth, you can call Blogger API v3 to to create new blog posts, edit or delete existing posts, and query for posts that match particular criteria. The Google official docs have given detailed reference.
So follow this document and I think you'll get to be clear about it.
I am thinking to embed google calendar in my website to achieve the following and was wondering if this is doable in google calendar. Otherwise I have to go find another solution.
I have groups of users with one super user, and rest are regular users as follows:
GroupA
Super User 1
Regular User 1
Regular user 2
etc
Group B
Super User 2
Regular User 3
Regular User 4
etc
Each group have their own calendar. Users in each group can not see the other group's calendar. Only able to see their own group's calendar.
Super users of each group have all access to the calendar (add, modify, delete) and have the ability to control how much access regular users have in their group. (read only? read/write etc)
All users are registered to my website, therefore I am thinking to use only one google calendar account (my own account) to create a calendar for each group. Which leads to a question of authenticating my website to google's API. I need the authentication process to be automatic, hidden away from the user and be done on the server side.
My site is built using PHP/Mysql
Q1:
I have tried the Javascript client library provided by google, however it require the user to type in username/password to log into google so that the authentication (OAuth2) process can work. As mentioned in previous paragraph, I only want the user's to log into my website, they do not need to login again into google account. This should be done on serverside.
I even went as far to create a login form with information prepopulated (hidden from the user, the username/password will be visible in "view page source") and send the request to https://accounts.google.com/ServiceLoginAuth, and make the form automatic submit once the user successfully login into my website. However this causes cross domain issues.
Q2:
I may potentially have 10's of thousands of groups registered on my website. each group may have couple hundred users. Can one single google account create that many calendars?
Q3:
Once the calendar is embedded into my website, it seems to be read-only. Is it possible to make it interactive so super users in each group can add/delete/modify events?
Any ideas/suggestions is much appreciated.
Thank you
No answers? It seems like your question is straightforward. If I understand correctly, you want to access calendars from several Google accounts/users. Each user needs to authorize this access, but they only need to do so once. You could generate these requests and send them out via email, for example. When the user grants permission, Google forwards a grant code to your specified callback_uri. The grant code is extremely volatile. It's used to request a token from Google that apparently lasts indefinitely. So there's no requirement that users continually log into Google.
In Google's calendar/simple.php example. The token is stored as a SESSION variable. Even though the token is persistent, the SESSION variable is not. Users have to grant authorization every time the SESSION variable expires. Storing persistent data in a volatile variable is absurd and probably gives the wrong impression about the OAuth2 token mechanism.
I spent a lot of time writing documentation that I couldn't find anywhere else. Please take a look if you think it might help: http://www.tqis.com/eloquency/googlecalendar.htm
What you're asking isn't possible in Google Calendar.
If you're looking to support thousands of groups and each group needs it's own calendar, then you're saying that you'd need thousands of calendars with access control and you'd need authentication to the calendar to be transparent.