I need to access some data from a private Google Sheets document that only my google account has access to – it is not shared with anyone else.
From here: https://developers.google.com/sheets/guides/authorizing
When your application requests private data, the request must be
authorized by an authenticated user who has access to that data.
Again, that user would be me – the application developer. The users of my application will not have these sheets shared with them.
From what I’m reading in the Google API docs, I’m not sure this is possible – but it seems to me like it should be. I am using nodeJs.
Can anyone help me out?
You'll want to use Google's OAuth flow (here) in order to get access to private sheets. If only you need to be able to access the sheet then you can keep the OAuth as only tied to yourself and make requests to the endpoint in your app.
Example Implementation
View in Fusebit
// Create a sheet object for the client + auth
const sheets = google.sheets({
version: 'v4',
auth
})
// Pull the data from our spreadsheet
const data = (await sheets.spreadsheets.values.get({
// See: https://docs.google.com/spreadsheets/d/1BxiMVs0XRA5nFMdKvBdBZjgmUUqptlbs74OgvE2upms/edit
spreadsheetId: '1BxiMVs0XRA5nFMdKvBdBZjgmUUqptlbs74OgvE2upms', // ID of the spreadsheet
range: 'Class Data!A2:E', // This gets all of the data in the sheet that we care about
})).data;
// Your rows/columns go into "data.values"
const rows = data.values;
});
Service account with domain-wide delegation:
The only way to avoid user interaction when accessing user private data is to use a service account with domain-wide delegation to impersonate your regular account.
That requires being a domain admin, though, so I'm not sure this option is available to you.
Sharing the spreadsheet with a service account:
Another option would be to share the spreadsheet with the service account, so you can access it using that account. Service accounts are not linked to a specific user, and so follow a different OAuth flow which doesn't require user interaction. See reference below.
Otherwise:
If you are not a domain admin and you don't want to share the spreadsheet with a service account, you are left with the web server workflow, which requires user interaction: you just cannot bypass this interaction.
I'd suggest you to read the references linked below.
Reference:
Using OAuth 2.0 for Web Server Applications
Using OAuth 2.0 for Server to Server Applications
Related
I want to use Google Classroom Java API in Tomcat Server as a REST API.
I want the client-side code to generate an access token and refresh token and pass them to the REST API endpoints.
The REST API then use the above token to call the following code to get the list of Courses: objectOf(Classroom).courses().list().setPageSize(100).execute();
I am creating the Classroom as follows, where .getCredentials() uses
GoogleAuthorizationCodeFlow.Builder to create the credential required, but it opens a browser window to authorize the user and get the token. This doesn't work for me.
NetHttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
Classroom classRoom = new Classroom.Builder(httpTransport, JSON_FACTORY, getCredentials(httpTransport))
.setApplicationName(APPLICATION_NAME).build();
I understand that you want to receive access and refresh tokens to later use them in Classroom; and you want to run this operation from a server. If that is correct, you would need to login as your account to prove your identity and receive the credentials, but there are some alternatives.
Since you are going to execute the code from a server you could follow these steps to create your credentials. Those credentials need to be saved in your work folder once and they can be read on every run.
Alternatively, you could create a service account and use it to reach your goals if you want to interact with Classroom as a different user of your organization. Please, remember to activate domain-wide delegation for this step. Don't hesitate to write back if you have some questions.
Account Linking provides several ways of linking users to their own accounts such as their Google account or Twitter account.
I chose OAuth in Actions on Google website to do OAuth 2.0 Authorization Code Grant for obtaining access token in exchange for data resources. When I linked a user to a Google account Google Sign-In enabled, the fetching of user information was easy because the data is stored under payload, but OAuth implementation does not seem like it produces user data under payload inside User object.
So should I make an API call to the third party to fetch the user data and store that personal data to a database in this case? I wondered if there is a way that Google prepares on behalf of developers. If not, then greeting a user who visits my app again by saying 'Hello, {person name}' gets tedious...
You have two options with Account Linking.
In the case you describe, you're providing an OAuth endpoint and getting an auth token from the Assistant, and you are responsible for taking this token and using it to determine who the user is so you can get whatever you know about him. The token is one that you issue and control, so presumably you have that info in your database already. If you are reusing a token from another service, that service should be able to tell you who they are.
It sounds like you're using using a Google Sign In, however, in which case it is easier to use Google Sign In for Assistant. Once the user has signed into your service (either through an app or webapp) and granted permission to your service, then they will also be able to gain access through the Assistant. You will get an id token which can be decoded to get profile information about the user including their Google ID and name.
I'm connected to an API that provides information about cars based on their registration. According to the docs the api can provide both user specific data and general data about the registration supplied.
I am using the connection method which does require specific users data, and therefore does not require me to gain access to any specific users account.
On my end users will visit my application and enter a registration number which I will use to call the API and return all of the information about the car.
Am I right in my thinking that my application is essentially the 'user' as far as the api is concerned, and I will only need to use one access token. I can then use this access token to make multiple API calls (one for each user that searches on my application)?
Or will i need to set up an access token for each user that visits my application and treat them separately.
Only your application making the API requests requires a token, unless the licence agreement/documentation of this car API says otherwise.
As far as your users are concerned, your application is just magically sourcing the registration info from its database.
I'm looking to create a game server backend for a game I'm creating. We're currently using Firebase for handling of data and ads, and Firebase has built in authentication. Is it possible to have a user log into our app via Firebase's auth system, then confirm the user's authentication when they connect to the game server to ensure it's who they say they are?
Basically, after someone logs into our firebase, can we use that authentication information for a separate server, and what protocol/method would need to be used (if there's a specific one)
I've figured out the two steps you need to get the information required to auth, one clientside and one serverside. Note: the following examples are for the Java apis, but you can use any of firebase's equivalents.
Clientside: In the Firebase-Auth package, there's the FirebaseUser object. This contains information about their auth state, unique details, etc. There is a method here called getToken(), which will grab your token for the current authentication. Once you have this, you want to send it to the server when you need to auth.
Serverside: On the server, there's a FirebaseAuth object. Once you get the token from the client, you can use verifyIdToken(), which will confirm this is a valid token and give you the details about the user when you get the result. I suggest cross-checking the UUID against one a client sends, to just confirm someone didn't get their hands on a token and send a random ID.
Hope this helps.
I am trying to gain access to my BigQuery enabled Google API project using the .net Google APIs.
Using a console application, I am trying to authenicate first by supplying my simple API key in the URI, then just trying to get the list of projects.
The error I am receiving when I call Fetch() on the project list is: Login Required [401]
var bigqueryService = new BigqueryService{ Key = "MY-API_KEY" };
var projectList = bigqueryService.Projects.List().Fetch();
I am purposefully not using OAuth2 as we don't need any user data.
The API key simply identifies your app to the API console for quota purposes and other housekeeping. It's not authoritative for accessing BigQuery, as we do consider the BigQuery data as "user data."
If you're just trying to get an OAuth 2 access token for playing around quickly, you can use the OAuth 2 playground:
https://code.google.com/oauthplayground/
This token will be valid for one hour and can be copied/pasted as the access_token query parameter
Here's the scope for BigQuery to use in the playground:
https://www.googleapis.com/auth/bigquery
In the end, you'll either want to use the native client (out of band) flow:
https://developers.google.com/accounts/docs/OAuth2InstalledApp
Or the server-to-server (service accounts) flow:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
I don't have quick samples handy for those in .NET, but post another question on SO if you can't find them-- I'm sure someone will chip in!
You won't be able to use a simple API key - all authorization to the BigQuery API must happen via user interaction, or alternatively through a service account.