I need to sync Google calendar with my Asp.NET MVC 5 application. I have a calendar in my application which is similar to Google's calendar, when I checked the Google documentation where they describes a sample console application. In that application, we need to download a client secret file and which can be used with the application for fetching the data from Google calendar. I can do this in a test environment, but in a production environment its difficult because the client need to download the file himself. How is it possible to get the details of the calendar without any file downloads but with a google login.
I think the clients will be reluctant to download a file and do the processing, how can I forward with syncing the calendar with out any client IDs and secrets.
I know OAuth is there to setup an authentication, but is that possible to forward with out downloading a client secret file ?
You can access the data from outh2 with out client permission and use your client-id and client secrete(Client for the API ) then fetch the client user details using the interface.use a library managing the authentication flow.
Refer Google API Client Libraries.
You have tried the sample console application right, try to use your credentials and to fetch client details.
Hopes it helps you.
Related
I need to build APIs integrations to connect my Rails 6 B2B app to any other service such as Google Drive, Microsoft Excel, Zapier.
What I've done so far is to ask clients for their client_id and client_secret (or api_key), store them and then use them to authenticate to the API with OAuth2.
Storing clients' secrets is not the ideal solution. I would like to do the same thing but without asking for secrets.
Just like Trello or TypeForm are doing it.
I have no clue on how to authorize my app to read/write data of an other service without authorizing through an URL with the secrets.
Here is an example of TypeForm connecting to GoogleSheet API :
Connects to the Google account
Asks for permissions
Asks for the spreadsheet link
Writes data in the spreadsheet (form responses)
https://www.typeform.com/connect/google-sheets/send-responses-to-google-sheets/
The usual way is that you register your own "app" in the console for those API providers, and then you use your own client id/secret pair to request access to the end user's data. That's what usually brings up those authorization screens like: "jdps app1 would like to access your google account".
More information for Google APIs specifically: https://developers.google.com/identity/protocols/oauth2
i will develope a wordpress plugin to access google analytics and visualize the data in a widget. So i checked some existing wordpress plugins, like the famous known "Google Analytics Dashboard for WP (GADWP)" - https://wordpress.org/plugins/google-analytics-dashboard-for-wp/. I was looking for a way how the user authorizes and get refresh and access token to access ga data in behalf of the user (who installed the plugin). And there i found that this plugin (and all other google analytics wodpress plugins) publish there secret. Because in a plugin (which the user downloads) it is impossible (i think) to hide the client secret, because the user of course see's the source code.
As the google documententation describes (https://developers.google.com/identity/protocols/OAuth2WebServer): Important: Do not store the client_secrets.json file in a publicly-accessible location. In addition, if you share the source code to your application—for example, on GitHub—store the client_secrets.json file outside of your source tree to avoid inadvertently sharing your client credentials.
So in this case i think the authentication of the request is lost. If i get or guess a refresh token of any other website that uses the plugin, i will be able to exchange refresh token with access token (because i know the client id and secret) and access the ga data. I already tested that.
So i am looking for a more secure way to access the ga data in my plugin without letting everybody know my secret. Are there any solutions or hints? I thought about sending every request through my server, so nobody know's my secret, but this is also not the solution of the problem. When exchanging the authorization code and receiving the refresh token maybe i have to exchange something like a key pair that will be used to encrypt every following request? Every following request will be to get a new access code for a refresh token.
Of course every user can create his own client id and secret. But this is now very user friendly.
Maybe is it possible to create a new api project and oauth authentication via api (what you normaly do via the google api console)?
Thanks for your help and hints,
Harald
It is possible to authorize some MS apps using OAuth and login form. If the user logins and allows the permissions the app wants then as a developer you can read (and write) some data via API.
Is it possible with https://botframework.com? I don't want my clients to have to write down the client_id and client_secret in my administration. I just want them to give me permission via logging in and let me download this data.
I've read MS docs about OAuth and have seen that the possible scopes doesn't include the bot platform.
To demonstrate what I mean here is a demo application from the docs.
I recommend you to check AuthBot.
AuthBot is a .Net library for Azure Active Directory authentication on
bots built via Microsoft Bot Framework.
In short, when using AuthBot, your users will receive a link that they will open and perform the OAuth flow. The users won't have to write the credentials in the bot (which could be a security concern) and instead will be done in the MS login page. Then a callback (already provided by the library) will be called and the conversation with the user will be resumed.
You can also check AzureBot as an example of a Bot that uses AuthBot and that retrieve information only available if you are logged.
I am building an iOS application with swift and this application has a web client that's using Microsoft Azure services. I want to add sign in and login functionality to the application using Microsoft Azure. I am not using any cloud applications or services. I will just have simple forms for signing up and logging in. I want to be able to save user credentials to authenticate and authorize them when they are using the application. I tried reading over their documentation and It seems to me that I need to use Azure Active Directory but I am not clear on that.
I am fairly new to Microsoft Azure, Can anyone clarify to me if I can use it and provide resources of how to do that.. ?
The simplest way to implement that is to use Azure Mobile Apps - it is the backend-as-a-service. You are able to connect your backend with the authentication providers of a choice - Facebook, Azure Active Directory, custom provider, etc. Then, when user will try to authenticate, all of the authentication code will be handled by a cloud platform - user will enter his credentials, these will be sent to the auth provider and if they are valid it will send the auth token that you will be able to use in your app to get his information, etc.
Here is the tutorial for Mobile Apps for iOS.
Or, you may use Azure Active Directory directly as a provider (it will serve as a catalogue of your users). Using that tutorial or the samples from the official library. But i would highly recommend to look at Mobile Apps as it is the fast and simple way to implement what you need.
My goal is to offer a service for user of my website to store their private notes.
I want that users can trust the service, therefore the data should not be accessible for my company.
Can i realize this with google-cloud-storage and oauth-2.0 authentication? I would use the Google Cloud Storage JSON API to send the notes directly from the browser into the cloud.
What would be the basic steps to implement this?
There are a couple of ways to handle this, depending on how you want to handle authentication. If you want to make sure that your application cannot access the objects and only the users can, you'll need the users to have Google accounts and authenticate your app to act as their agent using OAuth 2.
Your app could involve a piece of JavaScript that would prompt the user to authenticate with Google and grant it access to Google Cloud Storage under their name. It would then receive a token that it could use to act as them. From there, it would upload the note using that token with an ACL granting permissions only to the uploader.
The uploaded object would go into your bucket, but it would be owned by the end user. You'd have the ability to delete it, but not to read it, and your bucket would be billed for storage and access.
The downside here is that all of your users would need to have Google accounts that they could entrust to your application for short periods of time.
Here are some details on the OAuth 2 exchange: https://developers.google.com/accounts/docs/OAuth2UserAgent
Here's the JavaScript client that does a lot of the authorization heavy lifting for you:
https://code.google.com/p/google-api-javascript-client/
And an example of using that library for authorization:
https://developers.google.com/api-client-library/javascript/samples/samples#AuthorizingandMakingAuthorizedRequests
Another alternative would be for the user to upload directly to the cloud using YOUR credentials via signed URLs, but if you went down this road, you would be able to read the notes after they were uploaded.