I am using accounts-google to authenticate users for a Google Drive app written in Meteor. I want to request the https://www.googleapis.com/auth/drive scope along with the user.email and user.profile scopes that are requested by default. I think have seen this done with 'requestPermissions' but I can't get it to work.
Adding this code fixed the problem:
if (Meteor.isClient){
var scopes = ['https://www.googleapis.com/auth/drive','https://www.googleapis.com/auth/userinfo.email']
Accounts.ui.config({'requestPermissions':{'google':scopes}});
}
Related
I gave my application the following scopes:
SCOPES = [ "Calendars.Read", "User.Read.All" ]
I got an access token. With this token I am able to get the users and I get two users back which is correct.
When I then ask for the calendar of myself (admin):
https://graph.microsoft.com/v1.0/users/stijn#temponia.onmicrosoft.com/calendarview?startDateTime=#{start_date.to_s}&endDateTime=#{end_date.to_s}
This also works perfectly. However when I do this for the other user:
https://graph.microsoft.com/v1.0/users/frank#temponia.onmicrosoft.com/calendarview?startDateTime=#{start_date.to_s}&endDateTime=#{end_date.to_s}
I get this error message:
Access is denied. Check credentials and try again.
According to the documentation: https://graph.microsoft.io/en-us/docs/authorization/permission_scopes
Calendars.Read: Read calendars in all mailboxes: Allows the app to read events of all calendars without a signed-in user.
The scope I got back together with the access token was this: "calendars.read user.read.all" so it got accepted.
What am I missing here?
We are working to support the scenario you are requesting (Accessing other users' calendars) but the feature hasn't shipped yet. Stay tuned ...
UPDATE: Please take a look at using client credential flow. The blog post https://blogs.msdn.microsoft.com/exchangedev/2015/01/21/building-daemon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow/ explains how to do this for Outlook API endpoint. But you should be able to follow the instructions for Microsoft Graph as well.
The app will require an admin to consent, and then can access calendar of any user in the organization, as long as their mailbox is in Office 365.
I know that there is Koala gem for Rails to work with Facebook. I need to make clear 2 things:
How to check if some access_token is valid in Rails using Koala (or something else)?
How to generate some real access token (using some settings of my app or my login/password) for testing through RSpec?
Thanks in advance.
For #1 Use the Tool https://developers.facebook.com/tools/debug if you don't want to code a test. Otherwise hit this API and verify the response.
https://graph.facebook.com/oauth/access_token_info?client_id={APP_ID}&access_token={ACCESS_TOKEN}
For #2, Koala has a good API for accessing Facebook Test Users, which I recommend for use in Rspec.
We also support the test users API, allowing you to conjure up fake
users and command them to do your bidding using the Graph or REST API:
#test_users = Koala::Facebook::TestUsers.new(:app_id => id, :secret => secret)
user = #test_users.create(is_app_installed, desired_permissions)
user_graph_api = Koala::Facebook::API.new(user["access_token"])
# or, if you want to make a whole community:
#test_users.create_network(network_size, is_app_installed, common_permissions)
You can also create Test User in the App Settings from Facebook, and view thier details from this API :
https://graph.facebook.com/{APP_ID}/accounts/test-users?%20access_token={APP_TOKEN}
I've been trying to access Calendar v3 API with a service account. I have already added the scope https://www.googleapis.com/auth/calendar from the admin console and shared my calendar with that service account's email address.
I have also been accessing https://www.googleapis.com/auth/coordinate scope with the very same service account and it works fine.
Also, tried revoking access as said here: Why is Google Calendar API (oauth2) responding with 'Insufficient Permission'?
All that, and I am still getting;
{"error"=>
{"errors"=>
[{"domain"=>"global",
"reason"=>"insufficientPermissions",
"message"=>"Insufficient Permission"}],
"code"=>403,
"message"=>"Insufficient Permission"}}
Am i missing something?
Try to add to you scope 'userinfo.email' and enable in Developers console "Contacts API" and "Google+ API". I've spent 2 weeks searching for answer to this question, and this trick has worked for me.
Did you have any joy with this? I've hit the same brick wall.
UPDATE:
$key = file_get_contents($key_file_location);
$scopes = array('https://www.googleapis.com/auth/calendar');
$cred = new Google_Auth_AssertionCredentials(
$service_account_name,
$scopes,
$key
);
This worked for my authorization, after sharing the calendar with the service email account.
I think if you use Google Calendar Quickstart for Ruby, I think you should delete your credentials in the specified path...I try it and it works well... You can see where the credentials is put in here
CREDENTIALS_PATH = File.join(Dir.home, '.credentials',
"calendar-ruby-quickstart.yaml")
In your home dir, you may find a dir which Google store your credentials after you approve Google request to access your data.
first of all change
static string[] Scopes = { CalendarService.Scope.CalendarReadonly };
to
static string[] Scopes = { CalendarService.Scope.Calendar };
and then in your documents folder delete .credentials folder
and run again.
this worked for me!
We are trying to use google.picker to have our users upload files to our drive account (i.e., the user is not required to have a Google account to upload).
We're trying to use regular Google accounts as application-owned accounts and got our AUTH_TOKEN using OAuth2 and set it using .setOAuthToken(AUTH_TOKEN) . We followed everything described in the docs.
However, when uploading, we got a Server Rejected error. The call to https://docs.google.com/upload/resumableupload?authuser=undefined returned:
{"errorMessage":{"reason":"REQUEST_REJECTED","additionalInfo":{"uploader_service.GoogleRupioAdditionalInfo":{"completionInfo":{"status":"REJECTED"},"requestRejectedInfo":{"reasonDescription":"agent_rejected"}}},"upload_id":"AEnB2Ur64Gb0JDCk_8mg5EhpdcaqL82wBQHumHjcGvDqYibtksmUzhfhBolsmBFzRuvQPRyi43SYfactJZvIWYrQ6xAqzu3L9g"}}
We know we cannot use service accounts since the picker doesn't support it.
Do we miss something in getting the AUTH_TOKEN? Do we need to something in the console?
Give us a little more code, or check the call to gapi.auth.authorize()
Check that you are using the correct scope to obtain the OAuth token.
Scope should be https://www.googleapis.com/auth/drive
Double-Check the scope declaration:
https://developers.google.com/accounts/docs/OAuth2Login#sendauthrequest
Check the call to gapi.auth.authorize()
window.gapi.auth.authorize(
{
'client_id': clientId,
'scope': scope,
'immediate': false
},
handleAuthResult);
from: https://developers.google.com/picker/docs/#hiworld
Without an actual code sample, it is very difficult to say exactly what is going on. Most likely it is the auth token colection. However, it may also be something as simple as not defining a google User (clientID) which in turn impacts the gapi.auth.authorize() call.
maybe this thread can help you: https://groups.google.com/forum/#!topic/Google-Picker-API/PPd0GEESO78
It is about setting the oauth context
or this one:
https://productforums.google.com/forum/#!msg/drive/GDl4uBkkbxM/jRejcxI-EV8J
It is about the type of file you try to upload with autoconvert on..
Use a Google Apps script on Drive with the function doPost to send data to the server. Then write to file with the Drive API. On publish, you have to set the permissions to "accessible to anyone, even anonomous" if doing cross-domain calls. Make the script run under your user name in Google (for testing), but most likely you would want that function moved onto some application-user account in Gmail.
If you need a level of authentication involved, even if the script is made public, you may authenticate against a CloudSQL hosted database and/or with the Jdbc library to connect to an external resource.
The Scope seems to be the problem.OAuth Token must be obtained using correct scope only:
http://tinyurl.com/ldotq4y
Easily replace scope: 'https://www.googleapis.com/auth/drive.readonly' to scope: 'https://www.googleapis.com/auth/drive' . So that you're allow to make change including upload something to your Google Drive account.
I've made an app that posts to a Twitter account of mine. Currently I have hard-coded into the system the consumer key, consumer secret, access token key and access token secret.
Now I would like to use this app for two accounts and perhaps later even more. Which values have to be changed to make the same app post into the other account and how to get the values? I can see none of them in dev.twitter.com.
The python-twitter package is probably going to be what you want here.
the way you should set this up is in settings.py put
TWITTER_ACCOUNTS = {
'public': {
'consumer_key': 'PUT_C_KEY_HERE',
'consumer_secret': 'PUT_C_SEC_HERE',
'access_token_key': 'PUT_A_KEY_HERE',
'access_token_secret': 'PUT_A_SEC_HERE',
},
'personal': {
'consumer_key': 'PUT_C_KEY_HERE',
'consumer_secret': 'PUT_C_SEC_HERE',
'access_token_key': 'PUT_A_KEY_HERE',
'access_token_secret': 'PUT_A_SEC_HERE',
},
}
from twitter api page:
For applications with single-user use cases, we now offer the ability to issue an access token for your own account (and your own applications). You can generate these keys from your application details pages.
go to https://dev.twitter.com/apps to get your keys
Then in your code when doing your initialisation, (e.g. for personal account) put
import twitter
from django.conf import settings
account = settings.TWITTER_ACCOUNTS['personal']
api = twitter.Api(**account) # <----This will inject your account settings as keyword args
status = api.PostUpdate('I love python-twitter!')
Hope this helps you.
EDIT:
To register your second account with the application, Follow these instructions from Step 3: http://jeffmiller.github.com/2010/05/31/twitter-from-the-command-line-in-python-using-oauth