Using fusion tables with app inventor as a database - google-fusion-tables

Easy to answer question ( I hope)
Need to use fusion tables with app inventor as a database but need to have every app access it without having to log in with user id.
Does app inventor have that functionality? Believe I need to set up API for 'installed applications' but do not know where in app inventor I need to enter the SHA1 code.
App is to 'anonymously' update database without needing to log in.
Thanks in advance

I don't think that this is possible with the built-in Fusiontables Controls, see also the notes in the Pizza Party tutorial:
NOTE about Sharing Fusion Tables: To share a FusionTable with others,
you have to invite each person individually, the same way you would
share a private google doc. There is no way to share write privileges
to a FusionTable with the public. Public access is restricted to
read-only.
However this is possible with the App Inventor - Fusiontable interface using the web component. To prepare the login free access, do a run with the interface with your login and store the received refresh token as variable in your app. Then you can build your app, publish it and run the interface with the stored authorization without need to login anymore. The user will then access your fusion table with owner permissions.
See also this similar question and here
Application 1 - Using Fusion Tables like a Database*
...
In other words, if you own a Fusion Table in your own account that you
want to serve as a database in your application, you simply need to
get the access and refresh tokens for that account, and use the access
token for all requests to Fusion Tables. When the access token
expires, a 401: Unauthorized message is returned, and the refresh
token can be used to request a new access token.
...
You can then securely save the access and refresh tokens somewhere
accessible by your application, and use them in your code to make the
requests to Fusion Tables.
EDIT: You now can find a running example here.

If you just need a database for your app, also consider using Google Cloud SQL which offers familiar MySQL functionality on the cloud. https://developers.google.com/cloud-sql/

Related

Handling Google oauth for multiple linked Google accounts per user

Requesting a sanity check on a question of how to structure Google Oauth in my app.
The app I'm trying to build - call it AppX - will let users create an account with the app (ideally with username/password or with Google login), and then the user will be able to connect their AppX account with several of their Google accounts for the sake of pulling up their various calendars. This is handy when, for example, a user has separate personal and work Google accounts, but they want to be able to see both calendars in AppX.
To accomplish this, I was originally going with the oauth2 token model which can happen purely on the client side. I was then going to send the resulting token back to the server to save onto the user object, and then figure out a way to allow the user to do several of these oauths.
However, this SO question is making me think that with that client-side approach, the UX for refreshing the token is jarring for the user. So I'm thinking I actually need to do this on the server-side using these instructions, which will allow me to store the tokens for multiple oauths and create a more transparent refresh token experience.
Is this server-side approach considered best practice?

Do I need OAuth2.0 to create a google account through the Admin SDK API?

Currently using the Provisioning API that is being depreciated April 20.
This is the current flow:
user (University Alumni) gets to our site http://alumni.columbia.edu/email
they click on Create My Account
they authenticate through our university WIND system using what we call their UNI
they land on a page mentioning that an email account UNI#caa.columbia.edu is ready to be created. They can pick an alias to UNI. They also need to enter a password to use the Chat and POP-mail features of Gmail.
they confirm the creation of the account. At this point the API is being called using https://www.google.com/a/feeds/, some data (email address, name, id) being saved in our database.
To log in, they come through our site, click on the login button, this will use the SSO and they get logged in.
Based on the flow above, do I need to use OAuth2.0?
Yes, you will need to authenticate with OAuth using the Installed Applications approach to do this. Instead of step 5 the way you currently have it, you'll need to call the API from a process on your server with an account that has (limited) admin credentials that can create the account with the Directory API. To do this, you'll need to persist the OAuth token information that the account will use to connect, and handle the code to refresh the token when it has expired.
The first time you run your code you'll need to manually authenticate that account to get your application the appropriate permissions so that they can be stored.
If you're hoping to not go too crazy with handling the authentication side of things and you're using .Net, I'd recommend checking out my project gShell that acts as a wrapper for the authentication and handles the token storing and refreshing for you. It's still a young project but it should fit your needs. Alternately, feel free to browse the code for an example on what to do.
If you plan on using Python, check out Google Apps Manager by jay0lee which is also a wonderful resource.

Google Drive API for iOS: OAuth2.0 with an application-owned account

I'm creating a simple iPhone app. The basic premise is that the app will display some data (That I provide online) on the application. The data changes over time, so the app has to draw the data from online and display it. I don't have a significant programming background so I don't want to use my own server.
Thus, I thought it would be significantly easier to just put the data into some documents on a Google account and then access them programmatically via the Google Drive API. I could then update the data in my Drive account and it would get updated in the application. The key here is that I am ONLY accessing ONE account that I own MYSELF. The users' accounts are not being accessed. Therefore the goal is to never have to log in manually. It should all happen behind the scenes, aka, it should look like a server, not a google doc.
With this in mind, it doesn't make sense to show the Google Accounts sign-in page to my users as the standard OAuth2.0 tutorial shows here:https://developers.google.com/drive/quickstart-ios#step_1_enable_the_drive_api
I should be able to access my own data by somehow hardcoding in my username, password etc. Google agrees here: https://developers.google.com/drive/service-accounts#use_regular_google_accounts_as_application-owned_accounts
The above link mentions a "refresh token" that I'm supposed to save. However, I have no idea how to build and save that token, or even for that matter, where to find it.
I've gone through both the basic tutorial and the Dr. Edit Tutorial for iOS, but they both assume that the application is accessing USER accounts not application-owned accounts.
I'm not asking for someone to write the code for me (though tidbits are nice), but if you can point me to a step-by-step guide or related sample code that would help me get started that would be awesome. I'll even come back and post the code that I use!
EDIT: Since I realized that the Google Drive API wasn't something I could use for what I am trying to do, I eventually found Parse which is an awesome tool that handles all the server backend for me and is free at the basic level.
Google APIs objective-C client library doesn't support service (application-owned) accounts, because they are supposed to be used by a server-side apps, instead of clients -- you shouldn't be distributing your private key as a part of an app.
If you would like to distribute content from a service account, maybe you should write a server leg to do the authentication and pass clients credentials in a secure way for them to talk to the API on the behalf of the service account. Or, use Web publishing to make documents universally accessible without authorization and authentication if privacy is not a concern.

Is it possible to allow only some users to access to Google Big Query API?

I have created a project with Google Big Query.
I have one table with data. A service performs insert every hour in the table. The service uses a service account with a p12 file to authenticate without user interaction.
I have developped also a desktop application which authenticate via the browser (OAuth2Authenticator). It works well but eveyone who have a google account can login and accept to use my application, and I don't want that !
Is it possible to specify a list of authorized google accounts for a google big query project ?
Thanks,
Luc.
Yes, you can control who has access to your BigQuery datasets, as well as who is a member of the Google Developer Project that your BigQuery datasets are attached to.
If you are creating a Desktop application, the best way to provide authorization to BigQuery for specific users of a restricted dataset is to use an "installed application" Oauth2 flow. Are you currently using this flow?

Use Fusion Table like a database with PHP and how to dismiss the prompt page when using oauth

I am developing a PHP application which would use Google Fusion Tables only as a database in the background. The application includes a simple login section for basic security.
I downloaded the google-api-php-client and successfully built up a connection to my Fusion Table using oAuth. Thats fine. However, I want to get rid off the prompt screen, that says that my registered application want to access Fusion Tables and asks me to allow or disallow.
Since the app would use a Fusion Table being hosted on my account, I think there is no need to ask this question from the user.
Can you advise me any workaround to this? I plan to keep it as simple as possible, and would be really happy if there would be a way to get the authentication done without prompting the user with any additional screens.
Thanks so much for your help!
https://developers.google.com/fusiontables/docs/articles/oauthfusiontables
The OAuth prompt you describe is needed if you want to access a users Fusion Table, so you basically ask the user for access to his account so you can use it to create tables and stores/retrieve data.
But in your case you want to give your users access to your Fusion Tables that you created with your account. Google introduced for this use case so called Service Accounts.
All you have to do is:
create a Service Account (you can do this in the Google API console -> "Access API")
download the private key
give the Service Account access to you table (click on the "Share" button in the Fusion Tables web UI)
use the Service Account in your code to access Fusion Tables
Some time ago I created a simple UPDATE example using a Service Account.
Also, if you really do not need the sharing, visualization and publishing features of Fusion Tables, and just need a cloud database, consider using Google Cloud SQL which is designed for that usage.
https://developers.google.com/cloud-sql/docs/introduction

Resources