What I want to do:
I need my ipad/iphone app to save files (image, pdf..etc) to a central google drive account
(note this app will be distributed to several clients, but all app will use same google drive account)
What I have done so far:
got hold of the google drive examples and sources
made a new test project, included the libraries required, build works fine
Problem:
All examples seem to use controlers/views to authenticate and use credentials from keychain.
In my case, I want to hardcode the email and password, do the authentication in the background and then push the files to Google Drive.
I have not found some good pointers or explanation as to how to achieve this and the sample code provided by google seems to be a whole mess..
I'm having a hard time to figure this out.
Well this seems to be quite impossible as the credentials and access token are obtained from the user always and the new Google Drive SDK does not support to what you want. And O-Auth will also not support you as its against their policy of User Data Protection.
You could try a call like this, following the same process as in the Google Example commenting out the part where the viewController is pushed to the front
[webView stringByEvaluatingJavaScriptFromString:#"document.getElementById('Email').value='ur.email#gmail.com';"];
[webView stringByEvaluatingJavaScriptFromString:#"document.getElementById('Passwd').value='urPass';"];
[webView stringByEvaluatingJavaScriptFromString:#"document.getElementById('signIn).click();"];
I glanced at the code for the google signin page and it gave these names for the text fields and for the "go" button
Related
I'm writing an open-source stand-alone desktop app in Java that handles photos, and I'm adding a feature to let users upload pictures to their Google Photos account, but I'm faced with an authentication/security question.
I've registered my project to use the Google Photo API and have downloaded my credentials JSON file. I've been able to use it successfully with the samples from the java-photoslibrary Github project, so all is good.
However, the credentials file contains a "client_secret" key which, if I'm not mistaken, should not be disclosed (am I correct here ?). But those credentials have to somehow be distributed with the app and, as it is open-source, will be basically public. So my question is: How can I authenticate my app's user to his/her Google Photo account without disclosing my app's secret key ?
Note: I've integrated Dropbox upload, and their procedure for desktop apps clearly explains how to authenticate without embedding the secret key in the Desktop app using OAuth's token flow. Is there an equivalent for Google Photos ?
Thanks.
Edit: made some progress (see my own answer below), but after I finally got time to implement it, I realized that after user has authorized the app and a valid code has been returned (Yay!), step 5 (Exchanging the code for a token) again requires the client_secret ! :-(
I tried the call without it but I'm receiving a "client_secret is missing" error, so that's not a typo.
After more search (with the [google-oauth] keyword instead of [oauth-2.0], which says it all), it seems "secret" does not mean it is actually "secret" in Google world. In other terms, it's OK to embed it in your apps because, well, it's secret but it cannot be used in a malicious way (hopefully)...
See answers to these related questions:
Safely distribute OAuth 2.0 client_secret in desktop applications in Python
Why does Google provide a client secret for a Native application?
Integrate oauth2 with native (iOS/Android) mobile application
One Google page even mentions that "In this context, the client secret is obviously not treated as a secret."
Come on Google, explain me how security works :-)
OK I think I found the answer.
Similar to Dropbox, Google can use OAuth 2 with PKCE, they just use the full spelling "Proof Key for Code Exchange", that's probably why I didn't find it at first :-). The details are here:
https://developers.google.com/identity/protocols/oauth2/native-app#obtainingaccesstokens
I didn't find the equivalent process in the Google APIs, but those API are megabytes of classes so I may have missed it. Basically, all it takes is just sending a few requests and listening to the response, so I think I'll implement it from scratch (and will probably also get rid of Dropbox's client libs as the process is so similar).
Hope it helps...
Edit: that doesn't address the point because after the clean PKCE procedure, the app still has to send its private key to exchange the authorization code for a token. See edit in my question
At the moment I have created two versions of my app - for iOS and Android - Where I use the OAuth workaround of posting to a Google Form to indirectly add to a Google Sheet.
However, I am now planning to remake the app in Google's Flutter (using Dart of course), and would prefer to use the proper direct way of POSTing to the sheet (it will simplify the situation for my client), but am having trouble trying to figure out how to do it.
I've found a simple explanation of how to to do the POSTing, but it requires an Access Token - what appears to just be a string.
After searching for an explanation of this, all I've found is explanations of how to create an OAuth token for the user using the app, but I just want to be able to post from within the app - totally separate from the user.
I guess I want a 'static' token that will just allow me to post to my sheet from my app indefinitely - is this possible, and can someone please explain it to me?
It sounds like you want to use what Google calls a service account for access to a sheet that belongs to your app rather than user's account for access to a sheet that belongs to a user.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
This may be a dumb questions, but I haven't found an answer after lots of searching. I need to do two things, I need to allow my app to login to google, then save a file the users google drive.
I've found some steps on how to connect to google drive, but either its outdated or I don't have the correct libraries because it fails to compile: https://www.codenameone.com/google-login.html
Any help would be greatly appreciated.
For the login part there are good instructions in this blog post
Another sample of code to login to Google in this demo
You'll need to set the scope of the OAuth2 login to the appropriate Google Drive Scope
For saving files to drive, you should use ConnectionRequest to create the HTTP requests directly to their REST API.
Check the Integrating Google Sign-In into your web app. There's even an video guide explaining the concept.
There's a quick Save to Drive which enables your web site to allow users to save files to their Drive account from an arbitrary URL via their browser. If that's not sufficient enough, you can always check the Uploading Files where you can upload file data by creating or updating a File resource.
I am trying to implement Google Drive SDK in my project but nothing seems to go well, i wanted to upload images and create folder on Google Drive but i am stuck with the error ,which i don't know how to get through, as i found nothing related to the following error.
I have strongly followed this link for code
Google has updated its security restrictions for OAuth flow. They are not going to allow native web-views to initiate OAuth flows. You will need to use the OS browsers to do so.
Modernizing OAuth interactions in Native Apps for Better Usability and Security
You may have to wait for google to update the sample code or figure out how to do it yourself sorry i am not an IOS developer so cant be of any help.
The issue is already logged on the issue forum for Google drive 4919
I'm creating a simple iPhone app. The basic premise is that the app will display some data (That I provide online) on the application. The data changes over time, so the app has to draw the data from online and display it. I don't have a significant programming background so I don't want to use my own server.
Thus, I thought it would be significantly easier to just put the data into some documents on a Google account and then access them programmatically via the Google Drive API. I could then update the data in my Drive account and it would get updated in the application. The key here is that I am ONLY accessing ONE account that I own MYSELF. The users' accounts are not being accessed. Therefore the goal is to never have to log in manually. It should all happen behind the scenes, aka, it should look like a server, not a google doc.
With this in mind, it doesn't make sense to show the Google Accounts sign-in page to my users as the standard OAuth2.0 tutorial shows here:https://developers.google.com/drive/quickstart-ios#step_1_enable_the_drive_api
I should be able to access my own data by somehow hardcoding in my username, password etc. Google agrees here: https://developers.google.com/drive/service-accounts#use_regular_google_accounts_as_application-owned_accounts
The above link mentions a "refresh token" that I'm supposed to save. However, I have no idea how to build and save that token, or even for that matter, where to find it.
I've gone through both the basic tutorial and the Dr. Edit Tutorial for iOS, but they both assume that the application is accessing USER accounts not application-owned accounts.
I'm not asking for someone to write the code for me (though tidbits are nice), but if you can point me to a step-by-step guide or related sample code that would help me get started that would be awesome. I'll even come back and post the code that I use!
EDIT: Since I realized that the Google Drive API wasn't something I could use for what I am trying to do, I eventually found Parse which is an awesome tool that handles all the server backend for me and is free at the basic level.
Google APIs objective-C client library doesn't support service (application-owned) accounts, because they are supposed to be used by a server-side apps, instead of clients -- you shouldn't be distributing your private key as a part of an app.
If you would like to distribute content from a service account, maybe you should write a server leg to do the authentication and pass clients credentials in a secure way for them to talk to the API on the behalf of the service account. Or, use Web publishing to make documents universally accessible without authorization and authentication if privacy is not a concern.