Develop Reference

How do I authenticate to Microsoft.Graph using the Beta client?

I'd like to call the CloudPC rest API using a C# client. The C# client is in the beta nuget package Microsoft.Graph.Beta. Here is a sample client that illustrates how to authenticate using the the non-beta client.
// Build a client application.
IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder
.Create("INSERT-CLIENT-APP-ID")
.Build();
// Create an authentication provider by passing in a client application and graph scopes.
DeviceCodeProvider authProvider = new DeviceCodeProvider(publicClientApplication, graphScopes);
// Create a new instance of GraphServiceClient with the authentication provider.
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
When I try to use that sample client with the non-beta nuget I get discover I cannot resolve DeviceCodeProvider. So what I can I use instead of DeviceCodeProvider?
Michael Mainer tells me I can use DeviceCodeCredential which does resolve. Still the sample is not yet functional. So now I'm trying to adapt this sample Michael sent me.
Michael also sent me a pointer to LinqPad samples which are useful for poking at the API.
I have a bunch of queries setup MIchaelMainer/graph-test-harness: This repository contains samples for a Microsoft Graph test harness to quickly and easily test SDKs (github.com) to help try out the libraries. I have an option for DeviceCodeCredential.

That is in the Microsoft.Graph.Auth package, which will be deprecated soon. If you use the preview version of Microsoft.Graph.Beta, which takes a dependency on preview Microsoft.Graph.Core, you'll be able to use the Azure.Identity DeviceCodeCredential which is the equivalent of DeviceCodeProvider and is the future of auth in the graph SDK.
https://github.com/andrueastman/TokenCrendentialAuthProvider/blob/master/TokenCredentialSample/Program.cs
The preview version of Microsoft.Graph (4.x.x-preview), Microsoft.Graph.Beta (4.x.x-preview), and Microsoft.Graph.Core (2.x.x-preview) supports Azure.Identity TokenCredential. This will allow you to use the same auth library for both Azure and Microsoft Graph development work.
using Microsoft.Graph;
using Azure.Identity;
DeviceCodeCredentialOptions options = new()
{
ClientId = "public_clientid",
TenantId = "tenantId"
};
GraphServiceClient client = new (new DeviceCodeCredential(options));

Google Sheets Add-on error: authorisation is required to perform that action

I have an add-on that worked for years inside my domain/company until Google decided to change stuff.
I republished it and now I can run it but nobody else in the company can.
The error they receive is:
"Authorisation is required to perform that action".
I cannot pinpoint exactly where the error is because the GCP Log only tells me the function not the line, but it seems most of the times the error appears when showing a sidebar.
I do not use any kind of API, simply GAS but "just in case " I added in OAuth consent screen these scopes: .../auth/script.container.ui and .../auth/spreadsheets.
In Google Workspace Marketplace SDK OAuth Scopes I've just left the default.
Also I tried adding in appscript.json this (at top level):
"oauthScopes": [
"https://www.googleapis.com/auth/script.container.ui",
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/script.scriptapp",
"https://www.googleapis.com/auth/spreadsheets",
"https://www.googleapis.com/auth/userinfo.email"
]
What else can I try ?
Update: as requested in comments here's the offending code:
// clientside
google.script.run.
withSuccessHandler()
.withFailureHandler(failureHandler) // failureHandler gets called
.aServerFunc()
//serverside
function aServerFunc(){
Logger.log('REACHED') // NO REACHED APPEARS IN CLOUD LOGS !
var docProp = PropertiesService.getDocumentProperties();
return docProp.getProperty(key)
}
So I guess the problem is nobody else but me can run google.script.run in an add-on !
Update 2:
I've removed the PropertiesService calls so it's just a blank function on the server. So it's clear that nobody but me can run google.scripts.run.
Update 3:
As required in the comments here's the procedures I did to publish the add-on:
I created a google cloud project, then configured the OAuth consentscreen (with the same scopes as appsscript.json - see above list), then in Google Workspace Marketplace SDK I've set the script ID and deployment number and the same scopes and published.

It turns out the add-on was just fine !
It's just this 4 years old bug that Google refuses to fix
If the user is logged in with multiple accounts the default one will be used.
If the default account is non-domain and the add-on is restricted to a domain the add-on will fail to authorise.

TextRotation angle is never set in Google Sheet API

I'm using Google Sheets API v4 from Java Client. I'm trying to get format from Cell class. Everything goes fine.
TEXT ROTATION
I'm succeed in getting TextRotation element with Vertical property set but, angle property is never set, what ever I put on source Google Sheets document.
Whatever the angle value selected in Google Sheet App, angle property is never set.
I've tried to inspect returned JSON, to know if the issue is in Java Client.
But JSON REST API also never returns this property.
Current Result:
.
Expected Result:

Issue and workaround:
When I saw CellFormat of the official document, I thought that the value of textRotation can be retrieved by the fields of sheets(data(rowData(values(userEnteredFormat(textRotation))))) when the method of "spreadsheets.get" is used. But when I tested this, no values are returned. So I thought that this might be a bug. And, when I searched this at the Google issue tracker, I found https://issuetracker.google.com/issues/146274218. From this situation, in the current stage, it seems that the values of textRotation cannot be retrieved by the method of "spreadsheets.get" of Sheets API.
When you want to retrieve the value of textRotation using a script, as a current workaround, you can achieve it using the Web Apps created by Google Apps Script as a wrapper. In this answer, I would like to propose the workaround.
When this workaround is reflected to the flow for your situation, it becomes as follows.
Usage:
1. Create new project of Google Apps Script.
Sample script of Web Apps is a Google Apps Script. So please create a project of Google Apps Script.
If you want to directly create it, please access to https://script.new/. In this case, if you are not logged in Google, the log in screen is opened. So please log in to Google. By this, the script editor of Google Apps Script is opened.
2. Prepare Web Apps side. (server side)
Please copy and paste the following script (Google Apps Script) to the script editor. This script is for the Web Apps. This Web Apps is used as an API.
Server side: Google Apps Script
function doGet(e) {
const key = "sampleKey";
const id = e.parameter.spreadsheetId;
const sheetName = e.parameter.sheetName;
if (e.parameter.key != key || !id || !sheetName) {
return ContentService.createTextOutput(JSON.stringify({message: "Error."})).setMimeType(ContentService.MimeType.JSON);
}
const sheet = SpreadsheetApp.openById(id).getSheetByName(sheetName);
const textRotations = sheet.getDataRange().getTextRotations().map(r => r.map(c => ({angle: c.getDegrees(), vertical: c.isVertical()})));
return ContentService.createTextOutput(JSON.stringify(textRotations)).setMimeType(ContentService.MimeType.JSON);
}
3. Deploy Web Apps.
On the script editor, Open a dialog box by "Publish" -> "Deploy as web app".
Select "Me" for "Execute the app as:".
By this, the script is run as the owner.
Select "Anyone, even anonymous" for "Who has access to the app:".
Of course, you can use the access token for this situation. But in this case, as a simple setting, I use the access key instead of the access token.
Click "Deploy" button as new "Project version".
Automatically open a dialog box of "Authorization required".
Click "Review Permissions".
Select own account.
Click "Advanced" at "This app isn't verified".
Click "Go to ### project name ###(unsafe)"
Click "Allow" button.
Click "OK".
Copy the URL of Web Apps. It's like https://script.google.com/macros/s/###/exec.
When you modified the Google Apps Script, please redeploy as new version. By this, the modified script is reflected to Web Apps. Please be careful this.
3. Testing.
As a simple test, when it requests to the Web Apps using a curl command, it becomes as follows. Please set the spreadsheet ID and sheet name. When the Web Apps is correctly deployed, the values are returned.
$ curl -L "https://script.google.com/macros/s/###/exec?spreadsheetId=###&sheetName=Sheet1&key=sampleKey"
Result:
The data range is used for retrieving the values. So for example, when the values are set to the cells "A1:C3" in "Sheet1", the following result is returned.
[
[{"angle":30,"vertical":false},{"angle":0,"vertical":true},{"angle":0,"vertical":false}],
[{"angle":30,"vertical":false},{"angle":30,"vertical":false},{"angle":0,"vertical":false}]
]
In this case, the cells "A1, A2, B2" have the text rotation with 30 degree. And, the cell "B1" has the vertical direction.
Note:
When you modified the script of Web Apps, please redeploy the Web Apps as new version. By this, the latest script is reflected to Web Apps. Please be careful this.
References:
CellFormat
getTextRotations()
Web Apps
Taking advantage of Web Apps with Google Apps Script

Finally, I've written a JS Library : screen-rotation.js to manage all this stuff.
screenorientation().change(function(){
// My event management
});
It supports iOS, Android & desktop browsers

How to authenticate to Cloud Storage from a Docker app on Cloud Run

I have a Node.js app in a Docker container that I'm trying to deploy to Google Cloud Run.
I want my app to be able to read/write files from my GCS buckets that live under the same project, and I haven't been able to find much information around it.
This is what I've tried so far:
1. Hoping it works out of the box
A.k.a. initializing without credentials, like in App Engine.
const { Storage } = require('#google-cloud/storage');
// ...later in an async function
const storage = new Storage();
// This line throws the exception below
const [file] = await storage.bucket('mybucket')
.file('myfile.txt')
.download()
The last line throws this exception
{ Error: Could not refresh access token: Unsuccessful response status code. Request failed with status code 500"
at Gaxios._request (/server/node_modules/gaxios/build/src/gaxios.js:85:23)
2. Hoping it works out of the box after setting the Storage Admin IAM role to my Cloud Run service accounts.
Nope. No difference with previous.
3. Copying my credentials file as a cloudbuild.yaml step:
...
- name: 'gcr.io/cloud-builders/gsutil'
args: ['cp', 'gs://top-secret-bucket/gcloud-prod-credentials.json', '/www/gcloud-prod-credentials.json']
...
It copies the file just fine, but then the file is nor visible from my app. I'm still not sure where exactly it was copied to, but listing the /www directory from my app shows no trace of it.
4. Copy my credentials file as a Docker step
Wait, but for that I need to authenticate gsutil, and for that I need the credentials.
So...
What options do I have without uploading my credentials file to version control?

This is how I managed to make it work:
The code for initializing the client library was correct. No changes here from the original question. You don't need to load any credentials if the GCS bucket belongs to the same project as your Cloud Run service.
I learned that the service account [myprojectid]-compute#developer.gserviceaccount.com (aka "Compute Engine default service account") is the one used by default for running the Cloud Run service unless you specify a different one.
I went to the Service Accounts page and made sure that the mentioned service account was enabled (mine wasn't, this was what I was missing).
Then I went here, edited the permissions for the mentioned service account and added the Storage Object Admin role.
More information on this article: https://cloud.google.com/run/docs/securing/service-identity

I believe the correct way is to change to a custom service account that has the desired permissions. You can do this under the 'Security' tab when deploying a new revision.

Getting Authentication working on Mono for Android with servicestack

I've got ServiceStack working nicely on the server and with a Windows test client, and now need to get it working in my Mono For Android application.
I've downloaded the following:
ServiceStack.Common.dll
ServiceStack.Interfaces.dll
ServiceStack.Text.dll
from the github tip, and added references to these in my Mono for Android project.
However, we need to use authentication, so need the ServiceStack.ServiceInterface.Web namespace to be available for the client, so I can do the following:
var c = new JsonServiceClient("http://localhost:53434");
var authResponse = c.Get(new Auth { UserName = "myusername", Password = "password", RememberMe = true });
Looking at my working test client, Auth is defined in ServiceStack.ServiceInterface.dll, so presumably I need to get hold of this DLL, or its source and compile it in my project.
Am I on the right lines here, or is there a simpler way to set things up? I've searched around but can't find a good resource on how to use ServiceStack with Mono For Android - if there is one, please feel free to point me to it!
I note this StackOverflow indicates I'm on the right lines - all I might need is ServiceStack.ServiceInterface.dll compiled for Mono For Android.
James

You shouldn't have to compile the server ServiceStack.ServiceInterface.dll for use in any client library as there is a copy of the Auth DTOs is also available in the ServiceStack.Common.dll client library at ServiceStack.Common.ServiceClient.Web.AuthDtos.cs.
This is possible since both server and client DTOs generate the same wireformat.