How can I get clipboard permission in Teams add-on app - permissions

I'm developing a plugin in Teams
I use clipboard in this plugin, but when I do Clipboard operation, it gives the following error.
There is no clipboard permission in the device permissions section of Teams.
how can i solve this problem
Error Message=Uncaught (in promise) DOMException: The Clipboard API has been blocked because of a permissions policy applied to the current document. See https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes for more details.

Currently, this permission is not implemented in teams (means: your teams app cannot use the clipboard API). If all you need is to allow user copying some text on the screen to the clipboard, you could go for a workaround to use "old" API, i.e.
<TextField ... onFocus={event => event.target.select()} >
....
document.execCommand('copy');
Related question:
Microsoft Teams Tab application can't access clipboard

Related

Google Data Studio Data credential issue

I am attempting to update the data credentials in my Google Data Studio report to my credentials versus viewer credentials. It says it updates but it never actually saves. Any idea on how to update the credentials so viewers without access to GBQ can view my report?
Credentials are used by datastudio to access data from Bigquery when you configure the data source.
Once your report is connected to your data you can make it public and/or give view/edit access to certain users via google accounts. This is independent from Bigquery credentials as viewers of your report do not need access to your database.
You can set the visibility of your report to public, so anyone with the link can see it regardless of credentials:
Click on "share" on the upper right
Then "Manage access"
Then "Anyone with the link can view"
Click on "Save"
At this point anyone should be able to see your report by using its URL, you can test this by opening it in an incognito tab.
Step by step screenshot
Hope this helps, and if not, please send more details.

Showing "Forbidden" message when creating meetings MS Teams

I am trying to integrate ms teams API to my project. I have created an app in the Azure portal.I have added permissions User.ReadWriteAll and Meetings.ReadWriteAll.I can create a user through API but I am not able to create a meeting. Is there anything else I need to do for creating a meeting using API.
UPDATE
I gave delegated permission for creating the meeting,but unable to create the meeting.
Error Message
{code:"Forbidden",message:"Forbidden",innerError:{"request-id":"e1abb815-09d3-4b78-5063-39b0236c0968","Date":"2020-06-09T04:14:39"}}
Permissions
Screenshot of permission
You should check what kind of permissions are added for your app. To be able to create a meeting, only delegated permission OnlineMeetings.ReadWrite is supported - https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http#permissions
If you have added an application permission, then the request for creating meetings won't work.
Update:
In the beta version of the MS Graph API, there is an OnlineMeetings.ReadWrite.All application permission which doesn't seem to be implemented yet. There is a note on the documentation page (https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-beta&tabs=http#permissions) that supports this.
Creating an online meeting with an application token will be supported
in the near future.
It depends on whether there is user interaction.
If you are get access on behalf of a userhere,follow this way app-user,just add delegated permission OnlineMeetings.ReadWrite.please check
If you get access without a userhere,follow this way app-only,just add application permission OnlineMeetings.ReadWrite.All.(Please note that this method can only use beta version https://graph.microsot.com/beta).please check beta version
Update:

How to avoid script authorization prompt when G-Suite user is accessing G-Suite trusted app script?

I wrote an app script which provides a web UI for data entry into a team calendar. I published it using G-Suite super admin account and added it as Trusted App under Security/API Permissions. "Trust domain owned apps" is checked under "Internal App Settings".
When a G-Suite user in our organization tries to access the app, he sees
"The developer of ShiftSchedulingApp, admin#_our_organization_.org, needs your permission to access your data on Google."
Those brave enough to click "Review Permissions" are taken to the next message:
"ShiftSchedulingApp wants to access your Google Account. See, edit, share, and permanently delete all the calendars you can access using Google Calendar"
Of course nobody wants to risk losing all the calendars on their Google Account and this is where it ends.
How do I get rid of this misleading message? It's not Google account, it's their organization account on G-Suite. It's not all their calendars, it's the shared team calendar only. It's adding data, not permanently deleting calendars. It's published by their administrator in their G-Suite, not an unknown 3rd party.
I spent days trying to make this message go away but no luck. App must be executed as an accessing user and not as publishing user because their user ID determines what shifts they can fill on a calendar.
I'd appreciate any hints pointing me the right direction.
I experimented with variations of the two-app approach as suggested.
The app which provides the UI needs to read the calendar to display available shifts - so I can't get away from the user authorization prompt.
Another variation I tried was having one app do everything and run as me, and another do nothing but return Session.getActiveUser(). I tried calling the 2nd one from the 1st one on the client side via XMLHttpRequest. It would be ideal for my needs - but I hit CORS error as apps URL is script.google.com but it actually gets redirected to script.googleusercontent.com. There doesn't seem to be a way to set CORS in Google App Script.
Although I was not able to find a way to avoid prompting users for authorization when executing the app as accessing user, it turns out my reasons for doing that were based on a false premise.
I chose to publish app as accessing user because I thought that's the only way to get accessing user Id - which is true for non-G Suite accounts.
However, when app is published by a G Suite account, the app can get accessing user ids within the same G Suite domain even when it's set to execute as publishing user.
Thanks Niek and TheMaster for your help!
If you just need user ID, why do you ask for all those permissions?
Possible Solutions:
2 web-apps- One running as you and another as user accessing (with only profile) permission. The second one will be the actual web interface and POST necessary information to the first one with privileges. OR
Implement your own web-app Google-sign in1
Use the least permissive2 scope3

Using generic open graph objects and actions, and the publish_actions permission?

I'm trying to use the beta open graph API to publish about a user playing songs in my app. Besides the "normal" Open Graph docs, I found these:
https://developers.facebook.com/docs/opengraph/music/
Unfortunately I am not able to add generic actions like 'music.listens' or generic objects like 'music.song' to my app in the dev app. In order to get the publish_actions permission, however, I seem to be obliged to add at least an action, an object and a preview aggregation. If I don't, the auth dialog won't ask for the publish_actions permission.
When I do all this, I am able to get the publish_actions permission, but still I cannot publish a user listening to a song.
I get a 500 error 'OAuth "Facebook Platform" "unknown_error" "An unknown error has occurred."' when I try to publish by POSTing a request to this url:
https://graph.facebook.com/me/music.listens?song=http://open.spotify.com/track/34uKquOrQLgzBsUbFTkMTc&access_token=[...]
Is the publish_action permission bound to actions and objects that I have created within the namespace of my app? If so, how should I go about when I want to perform generic actions on generic objects? Or could this just be that I cannot use the spotify song for testing?
Hope someone can help.
Erwin
The built in music actions and objects are currently only available to the music launch partners.
In the meantime, please create your own custom song objects and listen actions.
publish_actions is the permissions used for all publishing of actions, custom and built-in.

Storage Access Credentials for Google Storage for carrierwave gem in a Rails Application

In my rails 3 application, I am using carrierwave gem (version 0.5.6). I would like to use Google Storage for developers for storing the uploaded files. I have created an initalizer which looks like following:
CarrierWave.configure do |config|
config.fog_credentials = {
:provider => 'Google',
:google_storage_access_key_id => 'xxxx',
:google_storage_secret_access_key => 'yyyy'
}
config.fog_directory = 'directory'
end
I am getting 403 forbidden message with
...<Error><Code>InvalidSecurity</Code><Message>The provided security credentials are not valid.</Message>...
I have just enabled my Google Storage using the apis-console, and I can upload files using the online 'Google Storage Manager'. For 'google_storage_access_key_id' in the initializers file above, I am using 'Google Storage Id' for 'You' in the 'Storage Access' page. For 'google_storage_secret_access_key', I am using the 'Legacy storage access keys'.
I don't know how to proceed. Could someone kindly point me towards how to get about debugging this issue?
Thanks,
Saksham
It took me almost a complete day to find the correct keys in the Google API Console. I could not find the information at all in the new interface.
Here are the minimal steps to find your access key and secret:
open the old API console
enable interoperable access by pressing the button (it says: make it the default for interoperable access, but without pressing this button, I did not get the "interoperable access" tab)
pressing the button will show two sub-menus under Google Cloud Storage: Storage Access and Interoperable Access; click on Interoperable Access
there you will see the access key (hint: it starts with GOOG)
fill in in google_storage_access_key_id)
press the Show button behind the access key to actually show the corresponding secret
fill in in google_storage_secret_access_key
I hopes this helps! I found the names of the fog-configuration-keys confusing enough to actually switch the values, and it took me ages to actually discover the Show button actually showed the secret.
It sounds like you've enabled the legacy access keys for your account. From the Google APIs console select Google Storage and then click on legacy access.
Use the access key from that page here:
google_storage_access_key_id => 'xxxx',
From the APIs console click show to display your secret key. Use that key here:
google_storage_secret_access_key => 'yyyy'
Do not use the Google ID for legacy access.
Hope this helps,
Anthony
To generate a developer key in 2016:
Visit this page:
https://console.cloud.google.com/projectselector/storage/settings
Create or Select a project.
Select Interoperability.
If you have not set up interoperability before, click Enable interoperability access.
Click Create a new key.
The Google API console gui is not the most friendly user interface, so that's why I'm putting detailed instructions. I am writing this as of October 2013. The interface is now changed but Google API Console still enables you to use legacy access. If you are using the new Google Cloud Console, look on the bottom left hand corner and you will see the message "This is an experimental version of the API Access page. Some features may not be available." Click the words "API Access page" to get you to the legacy access. Then on the left menu select "Google Cloud Storage". Underneath that you will see two other fixed submenus, "Storage Access" and "Interoperable Access". On the "Storage Access" submenu page, enable "Interoperable Access" if you haven't done so already. Then on the "Interoperable Access" submenu page, you can get your Storage Access Keys for use in fog configuration.