I've already used Google Drive with service account (an account that belongs to your application instead of to an individual end user). Do you know whether there is such a thing in OneDrive? I would like to authorize from a script without using web interface. Thank you in advance !
Related
I am looking to implement a hangouts chat bot for my customers. I am fairly new to the Google ecosystem, so I apologize in advance if some of this is obvious.
Here is my basic confusion:
It looks like in order to access the REST api the chat api requires a service account.
Does this mean that I will have to ask every customer to create a service account using their Google cloud account?
Corollary to the above is: Does every GSuite account have a Google cloud platform account associated with it?
If the service account has to be created, would the customer somehow need to share the private key for that account with me in order for my application to make calls on behalf of the service account.
My end goal is to give my customers a seamless experience where they can choose to
Install my bot in the Google Chat app for their GSuite domain
At the time of install get some information about their domain
Whenever a message is sent to the bot (DM or Room), identify who the message is coming for and in which GSuite domain, and reply accordingly.
Is this possible? Am I missing some very obvious Google concepts?
Thanks in advance.
If your customers have a normal email they can't connect with you. For more information refer this link
Considerations
The service account is used from your bot to access the Google REST APIs. It has a service account for your Google Cloud Project. There is no need for every user to have an service account enabled nor for them to give your their private key (never share private keys).
Approach
You can build and deploy Google Chat Bots directly using Google Apps Script. For your application I suggest you to use the tutorial in this page: https://developers.google.com/hangouts/chat/quickstart/apps-script-bot
Reference
Creating new Bots
I have a client email that ends with .gserviceaccount.com. I was told I have to share this email with my google sheets. I cant however. It says that it cannot share sheets to emails outside of the organization. Is there another way to connect to my Google sheets besides sharing with the client email?
You could change your sheet's sharing settings, and share it to anyone with the link. Then give the link to the user with a service account that's not in your organization.
However, your organization's admin might have your sharing settings restricted to only users within your org.
Note that: A service account is a special kind of account used by an application or a virtual machine (VM) instance, not a person.
Further reading:
What are service accounts ?
Differences between a service account and a user account
First of all, I apologize in advance for my naïveté on the topic.
I am trying to create a few microservices that are exposed using an API gateway. A few of these services will need credentials from Google account to access Google Calendar/Gmail etc.. is there any way for a user to only have to login once so that the credentials are all shared between the services? Or should only one service be facing the Google services with credentials?
It seems possible, you can ask a user to authenticate and authorize all permissions your application will need, all at once. But think about the user, when an application requires to access gmail, hangouts, photos, camera, etc. at once, the user normally disbelieve the application. So, the recommended approach is asking for the specific permission when the application requires it so that the user can realize each action you app do.
There exist many different ways to address your question depending on details, however the following link can help you to know where to start:
This link (Google Sign-in) has a wide context on all the Identity mechanisms to look for the most appropriate for you.
This another one explain all possible Identity mechanisms for specific use cases.
This authentication example for Google Calendar is useful, but this post explain how microservices authentication and authorization was solved.
I have a desktop application which I want to create a new service account for each user of my application.
Is there any API for creating the service account users on the fly?
Scenario: For each user, I want to give service account, and give this service account the data that this user needs.
The point is that I want to give every user some specific data from Google Cloud, but I want the user to get it directly from Google. I cannot use the user account, because I am not sure he have google account.
You can use the Google Identity and Access Management (IAM) API to programatically create service accounts.
However, creating a service account for each of your application's users is expensive and not scalable. Perhaps your service can have a single service account and then the service can control which of the resources that the user may access.
There is no Google Api that allows you to control projects on Google Developer console. The only thing that comes close is the Google Cloud Resource Manager API which is extremely limited in what it supports. You cant use it to create a service account.
Answer: The only way to create a new service account is to log in and do it though the Google Developers console.
How can I share or change owner of a spreesheet, created via spreedsheet api authenticated by service account? Should I add and use Google Drive API for that?
Yes, I have to use Google Drive API, but I cannot transfer owner to myself, because service account is located in another domain.