We have some old configurations which make use of an OAuth Client ID, and we're trying to determine which Google Developer account created it.
We have both the client ID and secret. Is is possible for us to determine which Google account they're associated with? We'd prefer to not have to switch to a new account. Any help is appreciated, thanks!
Is this client ID still used on some website for sign-in? If so, you could try to sign-in with an account that hasn't authenticated yet, and in the auth window click on the App name to get the developer info including the email address, which should match the Google account you are looking for.
Related
Google enterprise accounts does not have the common domain "gmail", example tom#miracle.com, hela#bran.com. So there is no way of telling if an account is a google enterprise account or from a different email provider just by looking at it.
Is there any api provided by google of knowing if the account (say tom#miracle.com) is a google account or not
We can detect if the account belongs to google or any other enterprise by doing a simple DNS look up of the MX data.
One such example is
GET: https://dns.google/resolve?name=miracle.com&type=MX
You can't tell from an email address: bob#example.com could be a consumer account, a managed user account, or even both (if it's a conflicting account).
Once the user has authenticated, you can identify managed user accounts by checking the hd claim.
I am trying to add Google Sign In to my application. I want to limit who can sign in to a list of allowed companies (ie. a company that has a billing account with me). I intended to do this by limiting sign in to only G-Suite accounts. Is there any way to check if a user is trying to log in with a G-Suite account and is there any way to uniquely identify who owns the G-Suite (some kind of corporate identifier inside google)?
For G-Suite you can use the Hosted Domain (hd) parameter within OpenID Connect.
Be sure to heed the details as this only manipulates the UI and does not ensure the Authorization request. The APP must code the verification.
Apologies if this is a newbie question but I'm hoping someone can offer some advice.
I am fulfilling my Google Assistant intents via an Express app. I would like for users of my action to be able to get and modify data from their Strava account. Strava supports Google Authentication and I wondered if I could use node libraries such as Passport (https://www.npmjs.com/package/passport-strava-oauth2) to allow users to sign in to their strava account so that my action can make calls for their data?
I have a welcome intent that gets some Google profile data so wondering if I can pass through some details from this response?
googleApp.intent('Default Welcome Intent', (conv) => {
conv.ask(new Permission({
context: 'Hi, can I get your details from your Google account?',
permissions: 'NAME'
}));
});
Yes, but probably not in the way you're looking at.
The Permission helper requests access to specific types of information - name and location. You're looking to establish more of an identity relationship (using their email address or Google account).
You can do this using Account Linking.
If you're sure you're using Google Sign In on the Strava side then things are even easier and you can take advantage of Google Sign In for Assistant. With this, once they sign in, your Action will get an Identity Token which you can use to get information including their Google ID and the email address associated with the signed-in Google account. They only need to sign-in once - afterwards, you'll be given an Identity Token whenever they connect.
If your Strava project and your Action are both using the same Google Cloud Project, things get even easier for your users. Once they have signed in on either client, they're signed in on the other one. So you'll know who they are immediately through the Identity Token.
I'm truing to figure out how to create an adwords developer token in new google interface. It was in settings tab formerly (right here at the screenshot http://take.ms/9lBlZ) but now it's gone. I looked through almost all links and didn't find an answer. So I really appreciate your help guys! Thanks!
If you create a campaign in your MCC (manager account), the MCC became normal Account, and you cant find "AdWords API Center" option.
I had to re-create another MCC
This thread is kind of old, but I just went through this so I can highlight the things that were confusing to me.
You need to create a legitimate MCC account, AND a test account. In the real one you need to apply for a developer token. You want to put this token in the properties file here api.adwords.developerToken
From your test MCC you need to create a test client. Use the clientId from the TEST client you just created in api.adwords.clientCustomerId in the properties file.
You need to get an API token for your app (and an OAuth token) through Google's developer console https://console.developers.google.com
Make sure the active google account session for your browser is for the email you registered your TEST Account to. Run the script they give to get the refresh token and put it here api.adwords.refreshToken in the properties file.
Now you're using your test developer token from your real account and given permissions to use the test account.
Google made this way more confusing than it had to be in my opinion...hopefully this helps someone figure it out though!
There are two types of Adwords Manager accounts, normal and testing.
How to get a testing account
With the normal one, I got the developer token but I cannot run nothing throught the API because the account was not approved.
So I created a testing account, which allows to work with the API without the need of being approved.
With the testing account I didn't saw the Adwords API Center link under Account Settings.
Reading documentation I saw the developer token of a normal account can be used with a different Adwords account.
So I'm using the info (client_id, client_secret, oauth_token) of a testing Adwords account and the developer token a normal Adwords account.
To get the Oauth_token you can use the OAuth Playground (remember to set the Playground link for redirection on your Oauth credentials).
Instructions to get a OAuth Playground with Adwords
Please complete the billing details after creating MCC account.
Once that is completed you can see API Center option under Tool Icon.
By filling billing details doesn't charge you but its just for verification purpose.
I just had the same issue.
Go here: https://ads.google.com/home/tools/manager-accounts/
Click "Create a manager account", follow the prompts and voila.
I am trying to use DNOA for OpenId support to my app, in order to leave the Janrain solution I have been using so far. The problem is that the users I have so far have profile based identifiers (https://www.google.com/profiles/11223344556677... ), while the identifier retrieved by DNOA is in the form https://www.google.com/accounts/o8/id?id=xxxxxyyyyyafgsdgfsdhg.
How do I retrieve the profile information? Through Attribute Exchange? and which attribute? Or is there some other API? I saw that the login page has a provider for google and a different one for google profile, so someone around here has an answer... :)
Update: the endpoint for google profiles is (https://www.google.com/profiles/)
So... the question now is rather how to get the google profile id number
the google profile id number is retrieved through the "http://schemas.openid.net/ax/api/user_id" attribute. Set this to required
In DNOA,
var fetch = new FetchRequest();
fetch.Attributes.AddRequired("http://axschema.org/contact/country/home");
fetch.Attributes.AddRequired("http://axschema.org/contact/email");
fetch.Attributes.AddRequired("http://axschema.org/namePerson/first");
fetch.Attributes.AddRequired("http://axschema.org/namePerson/last");
fetch.Attributes.AddRequired("http://axschema.org/pref/language");
fetch.Attributes.AddRequired("http://schemas.openid.net/ax/api/user_id");
funny thing is that, if I omit some of these attributes, I don't get the api/user_id back.
Can't figure that part out, but I don't really care at this point.
Google actually has 2 (maybe more) openid providers - accounts and profiles. I don't really know why there are 2 but all Google Account owners do not have a Google Profile.
There is also a big difference between the two. Google Profiles openid identifier is the same anywhere you use it. Google Accounts id is not! When logging-in with Google Accounts as an OpenID provider you'll get different ID for every domain. It's a new (optional, I think) feature of OpenID, but I can't remember it's name at this moment.
With all that said I don't think Google will give you any data which Google Account identifier correlates to which Google Profiles identifier.
Hope this helps in any way.