We're in the process of trying to get our Google Data Studio connectors' OAuth Client Verified and the process requires a video of the application in use (as per https://support.google.com/cloud/answer/9110914), however the documentation mentions:
Note that the video must clearly show the app's details such as the
app name, OAuth Client ID, etc. as applicable. The demo video must
show usage of sensitive and restricted scopes on each client.
But we are not in control of GDS, only our connectors. We only use the /auth/script.external_request scope to make calls to our own API.
What should we include in our video to show this information?
Reference:
screengrab of the e-mail we received listing requirements
This is a Google OAuth verification requirement. You should ideally reach out to the OAuth verification team for clarifications.
However, for the video, you can try just opening up Data Studio and installing your connector using the direct deployment link. Then you can create a data source using the connector and draw a table to demonstrate how data is fetched from your API using the external_request scope.
Related
my dev and I would like to implement the google picker on our website. It will allow the web-visitor to upload their files from their Google drive to our website.
My dev is now trying to get the API for the google picker however they are asking for a "demo video that showcases the process to request an OAuth token" and we were wondering how we should do it when we don't have the API from google.
We are doing all of this on the staging site and we were wondering how are we suppose to do this demo video when the API is not provided and not installed.
please enlighten us, thank you!
See the question How can I make sure the verification process is as streamlined as possible? in the FAQ. It explains what the verification team is looking for with the video. Mostly it's just about showing how your product uses OAuth and the various APIs -- in your case how it asks for access to Drive, how the picker is used, etc. You're showing the integration from the user perspective.
I am trying to authenticate a user inside a desktop application using the web api. I am not using a browser, I am using straight up GET and PUSH calls to the endpoints of the Spotify servers. Immediately I ran into some problems. It appears that upon the initial GET command to "accounts.spotify.com", the returned response includes HTML with a javascript function that runs and is responsible for dynamically generating HTML that you see on the initial login page. If you look at the Javascript function, it is clear that this is what is going on, however, you can also see this code is obfuscated and not meant to be used by us, the developers! (Link to Javascript code here for reference: Javascript function)
So my question is, while I can probably reverse engineer the code to get this working, would this be against the Spotify developer TOS?
Thanks!
Spotify's authentication happens through oauth, and a big part of user authentication as per the oauth rfc is where the user delegates permissions to your app to carry out API calls that affect their account, or return information about them. That's the web page you're seeing - it must be presented to your users so that they can delegate permissions so that Spotify can give your app an access token. It doesn't necessarily need to happen in a browser - it can happen in a web view inside your desktop application - but it does need to be loaded over https, and your application must not alter or reverse engineer the Spotify permissions delegations page.
As you correctly guessed, reverse engineering any Spotify APIs is against terms of service.
For more information on authorization on the Spotify platform, I'd recommend having a look at this guide.
Hope that helps! Please ping me if you have any more questions.
Hugh
Spotify Developer Support
We want to integrate embed sending and signing from my application to the point that users of my app don’t know that they are leveraging a mashup? I want to that my users able to use Signatures without leaving my site.
I am using API call through Java Code but it is not possible to us send the document and get back it into onesession. Kindly give some code which help me to implement that.
See the DocuSign API recipes:
Embedded Sending Or use the API directly to enable your app's users to send a signing request. Eg, see the sending step within the Embedded Signing recipe.
Embedded Signing
A lot of the documentation on google talks about the email scope to replace the https://www.googleapis.com/auth/userinfo.email, pared with the endpoint https://www.googleapis.com/userinfo/v2/me. Documentation found here https://developers.google.com/+/api/oauth#email.
Yet there is more documentation that states even that is being replaced in favor of the plus api and endpoint and the people.get endpoint. Documentation found here https://developers.google.com/+/api/auth-migration#email.
I have an application that needs to request the user email for both authentication and to verify they have installed our app.. A bonus is when I try to add the email scope to the developer console, or use it in my app, it tells me that email is not a valid scope.
My question is what are the proper scopes that need be applied in my app and in the google developer console? Need to be sure of this since the Google Apps Marketplace V2 has rules about prompting users.
You need to use the "email+profile" scope. That's the only way you will comply with the marketplace requirements to hide the user consent window.
Don't worry about the API console saying this is not a valid scope, it works when you provide it to the OAuth endpoint.
Here's an explanatory blog post with a sample in Java and all the required configuration steps.
I need to create posts, etc through my ASP.NET MVC 4 application.
Does anyone know decent library for Google Plus API? (Preferable as a NuGet package).
There is currently no publicly documented API that lets you automatically post to your Google+ page or stream.
There is an API that HootSuite is currently using that is slowly opening up to other vendors. See https://plus.google.com/u/0/104946722942277428266/posts/LUi2ZNyRHag for more information about what is coming and how you can sign up to request access to this. This is expected to allow you to post to a Google+ Page.
There is also the "Google+ History API" that is currently in developer preview which will allow you to create moments for a user, but they would need to manually share these moments on their stream if they choose to do so. See https://developers.google.com/+/history/ for further details.