I have a bot ready, but when it tries to access my gmail account (to sort through my spam etc.) it keeps on getting blocked. How can I get it unblocked and authorized to access my gmail?
You will need to provide OAuth client through the developer console.
Goto https://console.developers.google.com/ and log in with your google account, from the my project dropdown select new project, give it a meaningful name and then create. Then select credential, create credentials -> OAuth client ID and complete the creation
Related
My current application supports Microsoft and Google oAuth verification sign in. The idea is to give users the option of signing in with their personal accounts for ease of access. This is working fine with google, but AAD will only allow users with emails that end in the App ID URI domain to sign in
eg: App Id URI = someOrg.com/guid and their sign in = someUser#someOrg.com.
Attempting to sign in with a Microsoft account like an outlook or hotmail account redirects to a page saying
"We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later."
Is there a way to allow AAD to accept any Microsoft account in the login, or can it only accept users in a single domain?
Basics
Yes! Checkout https://aka.ms/aadv2. The v2 endpoint allows both personal Microsoft and Azure AD accounts to be signed in from a single app reg. You'll need to hit this special endpoint (can be done using the MSAL libraries) and setting your app audience in the Azure portal.
Details...
By default and using the following URLs (note the common piece):
https://login.microsoftonline.com/common/v2.0/authorize
https://login.microsoftonline.com/common/v2.0/token
If set to common, your app can sign in any domain and personal Microsoft accounts.
Other options
For the sake of covering everything, here's the other options:
common->organizations: Only allow Azure AD accounts
common->consumers: Only allow personal Microsoft accounts
common->[tenant_id]: Only allow accounts from the specified tenant
MSA as a guest
The edge case you may need to address is a personal Microsoft account added as a guest to an Azure AD tenant. When the user hits common, they'll be signed in as a personal Microsoft account; however, they may intend to sign into their domain. You can build around this by introducing a "enter your email" screen, then passing this as a hint to Microsoft via the common endpoint.
I am creating an iOS app for internal use. We have a Google Domain. As part of the functionality of the app, I want to be able to search for all users in that domain. This can already be done in Gmail, the Apple Mail app, and others.
I found that you can use the Admin SDK for users.list to do exactly what I want to do. I created a Client ID for the iOS app and authorized my app to perform users.list.
However, now I get a permissions error for users who sign in with OAuth2:
I found that you can create a service account to make API requests on your behalf if you delegate it to have the authority. I'm not sure if this is what I want to do since this seems more like something for a secure server to do rather than an app. I'm also not sure how this integrates with a user (from our domain) who signs in with OAuth being able to list our users.
Is it possible to list/search the users in a Google domain purely through OAuth / frontend app?
Aside from caching your own list, I think there are two ways to give users the ability to list all users:
A. Undocumented call to this GAL API:
https://www.google.com/m8/feeds/gal/your-domain-goes-here/full?alt=json (source). You can test this in the Google OAuth Playground by selecting the scope for the Contacts V3 API or using the string https://www.google.com/m8/feeds/.
B. In the Admin console, create an "all users" group. Assign to a newly created Admin Role. Grant the admin role "read" in Privileges > Admin API Privileges > Users > Read (checked).
I'm trying to create a new Service Account to access API data but the options are:
Web application
Android
Chrome App
iOS
PlayStation 4
Other
It was previously answered here but now the options don't include "Service Account":
google oauth2 how to get private key for service account
Here are the instructions from Google's page (https://developers.google.com/analytics/devguides/reporting/core/v3/quickstart/service-py#clientId)
Create a client ID
From the Credentials page, click Create new Client ID under the OAuth heading to create your OAuth 2.0 credentials.
For the APPLICATION TYPE select Service account.
Click Create Client ID.
For the KEY TYPE select P12 key.
A dialog box appears. To proceed, click Okay, got it.
We have some old configurations which make use of an OAuth Client ID, and we're trying to determine which Google Developer account created it.
We have both the client ID and secret. Is is possible for us to determine which Google account they're associated with? We'd prefer to not have to switch to a new account. Any help is appreciated, thanks!
Is this client ID still used on some website for sign-in? If so, you could try to sign-in with an account that hasn't authenticated yet, and in the auth window click on the App name to get the developer info including the email address, which should match the Google account you are looking for.
I wanted to show GA data to each one client on my website. Each one of them has create own GA profile, I store in database profile_id.
Credentials to GA data are my personal, the same for all profiles, all profiles are in my account. For settings oAuth I used this article: http://www.sitepoint.com/google-analytics-api/.
Clients don´t know my credentials and I don´t want to create them permissions to see the stats. I need the only login into my website (login data are URL|password). After they logged into the client section, I select from database their profile ID and need to show them their stats (without showing Google login dialog). I´d like to pass my credentials directly somewhere in the PHP script.
So, question is:
Is possible to show GA data using oAuth directly without showing Google login dialog? To login in app´s backend?
Thanks.
Yes, if you do the OAuth 2 flow correctly, you will get an access token. Once you have that access token you can use it to query any Google Analytics view (previously called profile) to which you have access.
To do the query, simply append the access token as a query parameter when making your request to the Core Reporting API. This reference shows how to add the access token to the request:
https://developers.google.com/analytics/devguides/reporting/core/v3/reference#q_summary
If you don't want to build the charting yourself, you should also look into using the Embed API. You can use the Embed API's serverAuth option when authorizing to avoid having to have your users log in with their Google accounts:
https://developers.google.com/analytics/devguides/reporting/embed/v1/component-reference#auth