Java's Google Apps Provisioning API optionalAttribute IP_WHITELIST - google-provisioning-api

I'm creating a system to integrate a customer internal system with Google provisioning. One thing that arose was the meaning of the IP_WHITELIST optionalAttribute on the Java's Google Apps Provisioning API, seen here.
What does it do for the created user, as I didn't find any attribute on Google Apps' CPanel that matches this item?
Thanks!

It doesn't do much of anything. By default it's always False but toggling it does not effect the user's ability to login from any IP address. My understanding is it was something Google was using but abandoned so it's the equivalent of a light switch with no wires running anywhere.

Related

Does google maps need api key for IOS application (and why)

I saw in this link
http://codewithchris.com/iphone-app-connect-to-mysql-database/#connectiphonetomysql
Mr. Chris uses a google map without a key.[I've tried it and it's working]
but, when i enter google developer
Here: https://developers.google.com/maps/ios/
they say [get a key].
(why should i do it? i got confused)
if it's required to run it in my app, how can Chris did it?
pre-Thanks ^^.
Yes Google map needs API key, without API key your request will be failed.
WHY: Every app is unique with its bundle ID, API key provided by google is used to identify the app uniquely.
There are so many paid services are offered by google to used in our app, App id used to manage your account based on request to API made/ package selected by you.
It also helps you to analyse use of google API through your app, which may may help you plan out your furthuer updates/usage to your App.

Google Login Plugin plugin does not allow users from multiple domains

I'm using using Jenkins' Google login plugin for user authentication. I've installed and configured the plugin as mentioned in documentation and working as well. However users from only one google app domain can login to jenkins and access it(jira link). We have users from couple of domains. Another issue with this plugin is- not able to control user authorizations. All users can do anything. I've attached screenshot showing jenkins google login plugin configuration
Is there any workaround or alternative for this?
Since version 1.3 (November 21st, 2016) the google login plugin allow multiple domains separated by comma.
Check the changelog:
https://wiki.jenkins.io/display/JENKINS/Google+Login+Plugin
And the PR:
https://github.com/jenkinsci/google-login-plugin/pull/3
According to Google Cloud Platform that's not possible and the only suggestion is to set "Allow anyone with a Google account" if you are using multiple domains:
Understanding authentication for your end-users
...
Allow only members of a Google Apps domain to access the application. This is ideal for “intranet” applications where access is
limited to the users in your domain.
This method can only restrict to a single Google Apps domain. This
will not work if you use multiple domains with Google apps. If you are
using multiple domains, then select “Allow anyone with a Google
account” and extend your application code to restrict access to
end-users that are from your set of Google Apps domains. Your
application can use the value of the user_organization of the
signed-in user (rather than parsing the email address) to determine
the domain name of the user.
Also, this issue is already registered in https://issues.jenkins-ci.org/browse/JENKINS-32536 and it is still Open and Unresolved

Google OAuth2 in distributed, self-hosted packages complaining about redirect_uri

I've taken over development of a Google Analytics API dashboard for a content management platform, and upgraded the code to use OAuth2 as the older oauth was disabled recently. The authentication flow and subsequent API calls are all working fine on my localhost for development.
The problem is when trying the code from a different domain. Google wants the redirect_uri to be whitelisted through the developer console, and if it isn't there, it throws Error: redirect_uri_mismatch
As this is a self-hosted (+ open source) package, people will be able of installing on their own servers, there is no way I'll be able of adding all possible redirect_uri values to the app key in the developer console.
After a bunch of Googling and trying to understand the docs, I get the impression there are 2 possible solutions.
Instruct users to go to the Google Developer console, and to create an app key of their own, before also going through the OAuth2 flow within the distributed app to provide the code access to the data in Google Analytics.
Use a redirect_uri value of urn:ietf:wg:oauth:2.0:oob with an Installed App key, instructing people to copy/paste the code back into the self-hosted app after authentication.
Neither of these are really appealing as it adds a bunch of complexity for the user (though option 2 sounds mostly doable). Are there other options, or am I simply overlooking something simple?
You actually don't have any choice in this matter. You must go with nr 1. When you state this is a dashboard and web application it leads me to believe this is some kind of scripting language. This means that the client id and client secret will be displayed to your users / customers. This is against googles terms of service.
Changes to the Google APIs Terms of Service Asking developers to
make reasonable efforts to keep their private keys private and not
embed them in open source projects.
You may not release your client id and client secret to your users they are going to have to create there own. Which nicely solvers your redirect URI problem they have to make there own.
Further reading Can I really not ship open source with Client ID?

How to implement "Use one-click single sign-on" correctly in order to publish to Google Apps Marketplace

We already have a web app that integrate with differente Google services. Right now, you can loguin using a Google account, can import a contact lists from any Google account, and can sync a Google Calendar with our Calendar in the webapp (We implemented all of this using OAuth 2 and invoking the GoogleApi with a REST Client).
We are now trying to publish this app in the GoogleApp Marketplace, but we are failing to comply with the "Use one-click single sign-on" rule (https://developers.google.com/apps-marketplace/practices#5_use_one-click_single_sign-on).
We are believing that the problem is we the way we are solving the fact that we need offline access for all the integrated users in the app. Right now, the only way we found to get the refresh tokens for them, was starting the OAuth2 process with the parameters access_type=offline&approval_prompt=force, but this forces them to enter their credentials.
We aren't using the 'Google+ Domains API', and we are starting to believe that we should. Is the use of this API mandatory for complying with the "Use one-click single sign-on" rule?
Thanks,
Well, we finally figured it out. We had to use the Google Admin SDK in order to implement SSO. We had some troubles with the scopes, but after we polished that, everything seems to be working OK.

Google Places API: iOS key: Request Denied [duplicate]

I'm trying to make an Autocomplete field which should fetch cities as the user types, by using the Google Places API as described in this tutorial:
https://developers.google.com/places/training/autocomplete-android
You've probably found this question around many times before as I did, but none of the answers helped me. Here are the things you should know:
The URL is
https://maps.googleapis.com/maps/api/place/autocomplete/json?sensor=false&key=myKey&components=country:ro&input=whatTheUserTypes
Please don't reply by saying you replaced the API key with your own and it worked - the API key which goes there must be Android specific and won't work from a browser.
So did I make the Android API key using the SHA1 fingerprint obtained from the keystore I signed the app with.
I turned on Maps and Places APIs from the console.
The quota isn't exceeded.
All those and it still gives me REQUEST_DENIED
What I didn't mention is that I have O2Auth activated - does that change anything? Shouldn't it be as simple as putting the API key in the app?
Thanks!
Although this has been answered, I think the community could do better.
I was tearing my hair out about this, it just didn't make sense to me.. I was making an iOS/Android App, so I made an iOS/Android Key...
Wrong.
With Google's Places API, your bundle identifier isn't even considered.
What you really want to do is this:
(I'm using the new User Interface)
1. Log into https://cloud.google.com/console#/project
Select your Project Name, then go into API's & Auth > APIs
Make sure you have Places API Turned on. This is the only thing that needs to be turned on for Places-API to work.
2. Go into Credentials
Click CREATE NEW KEY under Public API Access
3. Select BROWSER KEY
4. Click Create, Nothing Else
Leave the HTTP Refer box empty.
5. Use the Key Generated here
This key will allow ANY user from any device access to the API via your Developer login.
You can try it out here: (Be sure to replace YOUR_KEY_HERE with your generated Key)
https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Food%20Sh&sensor=false&radius=500&location=0,0&key=YOUR_KEY_HERE
6. Enjoy
Now you can use that URL above in your Android/iOS device.
The Google Places API does not currently support Android or iOS keys generated from the Google APIs Console. Only Server and Browser keys are currently supported.
If you would like to request this support, please file a Places API - Feature Request.
https://developers.google.com/places/training/autocomplete-android
Storing your API key
Although the above code demonstrates how to communicate directly
between an Android app and the Places Autocomplete service, you should
not store your Places API key with your app.
You should therefore build a web application that stores your API key
and proxies the Places API services. In order to secure communication
between your Android app and the proxy web service, you should require
user authentication to your proxy web service. Your Android app can
securely store user credentials and pass them to your web service, or
the user can log into your web app via an Android WebView.
For the latter approach, your web app should create and return a user
authentication token to your Android app, and your Android app should
subsequently pass this token to your proxy web service.
Go to google cloud platform console>Credentials click on edit by selected your YOUR_API_KEY>Application restrictions > select none option>save thats it.
If you select the android apps option from Application restrictions then google deny the place API with exception REQUEST_DENIED.
In Google dev console, you should be able to find both "Places API" and "Places API for Android"
Make sure to use "Places API for Android"
For some reason, "Places API for Android" is hidden in the API list, but can be accessed using search.
I had the same issue , I fix it by leaving
Accept requests from these HTTP referrers (web sites) (Optional)
in browser key Empty
I am still new, so I cannot comment, but to shed some light on Moe's answer, I resolved some similar Google Maps API issues regarding URL queries (for directions, using Volley) with the following steps:
Get Android API Key (including Google Maps Directions API in my case).
Get "Server" API Key (which seems to be created by using a key restriction of "HTTP referrers" these days - really, it's just used to issue URL queries through HTTP).
Store the Android API key as a meta-data tag in the application tag in AndroidManifest.xml with android:name="com.google.android.maps.v2.API_KEY" and android:value as your key. This is used for direct interaction with the Maps API (minus URL queries).
Use the server API key whenever issuing URL queries.
I am not sure if this also applies to URL queries for the Places API, if you only need the server API key, or if there is a better solution, but this worked for me.
I imagine that it works with just the first key - the one not restricted to Android.
Inside Google Cloud Console type Places and Activate it. Create an API Key and insert it onto your Android Studio App as you would do normally. That`s it.
I had the same problem. For me the key was to enable billing on project. I am still using "Applications for Android" restrictions. After setting up the payment method, Places Api started working.
Prior to using the Places SDK for Android, do the following:
Follow the Get an API Key guide to get, add, and restrict an API key.
Enable billing on each of your projects.
Enable the Places API for each of your projects.
See it there.
Be sure also to check out the billing plans for the Google Places API as it is not free!

Resources