I'm trying to follow the instructions here which tell me to create credentials via the instructions here, which as step 6 tells me 'Click the user type for your app. If you're running a Quickstart, select Internal.'
On the page in question, 'Internal' is greyed out, and tells me I can't select it because I'm not a Google Workspace user. Going to Google Workspace, it tells me I need a domain name for 'my business'. Since I don't have a business, or any domain that would have anything to do with this project (I just want to push some personal data from the command line to a sheet), I don't seem to be able to proceed. Is the Google Sheets API just not available for such use?
If you don't have a Workspace account but you don't want to publish your app publicly (and go through the associated review by Google), you can set the app to External and test the app instead of publishing it.
In order to do that, just add yourself as Test user when setting the OAuth consent screen, and leave the Publishing status on Testing, don't change it to In production:
Testing
Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Reference:
Publishing status: Testing
Unfortunately, that means that the authorization lasts only for 7 days. Which means that I have to keep creating new projects every 7 days, which is untenable. Here is the excerpt from the "Setting up your OAuth consent screen" page on the Google support site.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Related
Background / Context:
Take any out of box ASP.NET Core template with user logins enabled. You may use external login providers google, facebook, msft etc. as well. Alternatively, just clone this sample web application: https://github.com/dotnet-architecture/eShopOnWeb
Test:
Login to the test website created. (test user name we used : neel)
Record any authorized web request using Fiddler or web developer tools etc. We recorded /basket request of eShopOnWeb sample website which shows personalized shopping cart of the logged in user.
Logout.
Close browser.
Open website in guest mode. (do not login). You may choose a different browser altogether.
Replay step 2. (This uses exact same headers containing cookies, token etc.)
Observation:
This successfully returns shopping cart items of the user neel.
I am faced with two questions:
Is this a login related vulnerability? I think it is!! Shouldn't the token expire (session destroy) with logout?
If this is a vulnerability, how to fix it? Anti-forgery token comes built in with Identity, but it doesn't seem to help.
Good morning.
I use google calendar API.
My program create a connection with the google calendar of multiple users.
From each user, i have their credential.json, but when the app start the first time show the browser quickstart confirm. How i can skip this step?
Thanks anticipated
I think you have seriously misunderstood how Oauth2 works.
You the developer goes to Google developer console and registers your application. If you will be requesting data from other users you will need to create Oauth2 credentials this will give you credeitnals.json file used by your application to request authorization of a user.
When each of your users runs your application they will be requested to consent to your application authorizing their data. If they do you will be granted an access token which gives you access to their data, this access token will expire after one hour. If you have also request offline access then you will also have a refresh token. If you store this refresh token some place then you will be able to access the users data when ever you need to by using it to request a new access token.
As for the unverified app screen, when you create your application it is basically in developer state, this is so that you can build and test your application. When you are ready to go to production you can request that your application be verified by google
Once your app has been verified the unverified app screen will stop showing up.
I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.
This question already has answers here:
PayPal sandbox API credentials missing?
(4 answers)
Closed 9 years ago.
No end of trouble since the developer site and sandbox was changed last week. I've not managed to make a single working call to the new platform since it was launched.
I've managed to get as far as getting 100002 errors back - which at least means things are talking, but I noticed today that if I create test accounts, the API Credentials are blank/missing:
![screenshot])(http://qikr.co/files/pics/p/paypalnoap91044.jpg)
Does anyone know a fix for this? I've cleared out the browser cache etc.
There are some issues with the Credentials not appearing for some accounts. Currently you are logged into the developer account. Try logging into the actual sandbox seller account, and going to the profile and requesting the credentials. You should be able to view these from within the Sandbox seller account, and if they have not been requested yet, you can generate these.
Log out Paypal account
clearing browser cache and cookies (I use firefox).
Go to developer.paypal.com and login with the real paypal account (not the Sandbox one)
Go to Applications
Click on Sandbox accounts
(Optional) Import your old accounts from your former Sandbox account after the redirect to the accounts page
Click on the account you want to log in to
Choose Sandbox site
Log in to that site using your test business account
Go to My Profile
In Account information click on Request API Credentials
Choose the option that solves your needs
The API crecendiales were created !!! (they will appear in your test account profile)
Several month ago, before FB restricting the ability of a Page Account to create apps, I have created an application and linked to the page.
Now I cannot access anymore to the developers page with this account. I had to create a new app with my personal account, but I can't find a way to remove or unlink the old app from the page.
I cannot create a new page, as a result of nearly one year of activity on the current page, and trying to link the new app to the old page I get an undefined error.
We are in a sort of limbo...
Anyone has an idea on how to solve this situation?
I'm assuming you mean 'business account', not Page?
If so, and you're still able to log into the business account to manage your ads and pages, you can authorise your app by manually calling the Oauth dialog with the client-side Oauth flow, then use the access token (which will be for your business account, the admin of the app), to add your real user account as an additional admin
https://developers.facebook.com/docs/reference/api/application/#roles
You can define a role for a user by issuing an HTTP POST request to
APP_ID/roles with a user access token for an administrator of the app...
So a call to https://graph.facebook.com/<APP ID>/roles?user=<USER ID OF REAL ACCOUNT>&role= administrators&access_token=<ACCESS TOKEN>&message=POST will add another admin