Google Oauth2 settings: consent screen required fields and verification - google-oauth

I've created a project on google console.
I need to get access to Drive API, so I need to configure OAuth2 settings.
It's requesting me for three kinds of information:
Credentials: I got it. I need the client ID and client secret in order to google identify my client.
Consent screen: I don't quite figure out what's that for. Is it the screen that appears when a user grants consent to application to act as behalf of him?
Domain verification: What??
When I'm creating consent screen, google is requesting me these fields (some of them are required).
I'm just creating an service for tasting Drive API. I mean, I don't have any authorized domain, homepage, policy or terms of services links. I just want to play around.
Also, google is telling me consent screen has to be verified:
Any lights please?

Related

How to set up Google sheets API for personal use

I'm trying to follow the instructions here which tell me to create credentials via the instructions here, which as step 6 tells me 'Click the user type for your app. If you're running a Quickstart, select Internal.'
On the page in question, 'Internal' is greyed out, and tells me I can't select it because I'm not a Google Workspace user. Going to Google Workspace, it tells me I need a domain name for 'my business'. Since I don't have a business, or any domain that would have anything to do with this project (I just want to push some personal data from the command line to a sheet), I don't seem to be able to proceed. Is the Google Sheets API just not available for such use?
If you don't have a Workspace account but you don't want to publish your app publicly (and go through the associated review by Google), you can set the app to External and test the app instead of publishing it.
In order to do that, just add yourself as Test user when setting the OAuth consent screen, and leave the Publishing status on Testing, don't change it to In production:
Testing
Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Reference:
Publishing status: Testing
Unfortunately, that means that the authorization lasts only for 7 days. Which means that I have to keep creating new projects every 7 days, which is untenable. Here is the excerpt from the "Setting up your OAuth consent screen" page on the Google support site.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.

How to tie an account from a backend server to a google assistant user

I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.

Google Authentication via PHP Client Library/oAuth2

I have searched long and far for this on Google Identity documentation but my question seems to be out of it's scope (https://developers.google.com/identity/protocols/OAuth2).
This is what I have:
I have an app that is using Google's PHP Client library to authenticate a user via oAuth2. My application stores the retrieved token & refresh token from a user. I am able to use this token and refresh token to pull in information from various Google API's (Drive, Calendar, Mail, etc). I am also storing a cookie in browser to keep the user logged in to the application when the user closes the browser. I have created a simple way for users to login to the application via a QR code that matches up their stored token and refresh token. After the first login they are able to simply use a badge to login to the application.
This is what I want but don't know how to do
When a user logs into the application with their QR badge everything work perfectly (I am still able to pull in anything via the PHP Client Library/Google API's), however when a user goes to Gmail, Drive, or other Google service, Google is asking them to login (it's because they are not technically authenticated with accounts.google.com (only my application)). Is there a way to programmatically authenticate a user to accounts.google.com via a stored token/refresh token?
I was searching for a proper way to implement authentication of users with Google accounts into an app I'm developing. One thing led to another and I found this:
https://github.com/thephpleague/oauth2-google
They have a few implementations depending on how you may wish to implement OAuth2 (via separate repositories). I believe this directly answers your question, albeit 3.4 years later. Hopefully it will help someone else who is looking for this info.

Google Glass App Authentication in php

we have google glass app. that need some glass app authentication.
please tell my the step to create glass app authentication with my website.
the scenario is .
when user signup to the my website,user can insert login token to google glass correspondent to their email id , used at the time of signup by using google glass mirror api.
now we will have login token correspondent to email id in the google glass.
then if user wants to connect to my website by google glass, he or she can directly logged in to my website with login token that he/she has submitted at the time of signup.
so please help me to solve this scenario . with the step by step.
Its a pretty long process, and also depends on the functionalities you do want to provide in your authentication flow on Google Glass.
Creating Google API Service Account.
Providing Metadata about your Glassware.
Implementing authentication flow.
This step is the crux of the authentication flow, It is further divided as follows: (a) User turns Glassware On and is redirected to your sign-in page (b) Service validates user and makes a call to mirror.accounts.insert (c) Mirror API sends the account to the user's Glass device (d) Account information is available with AccountManager.
For more details about the implementation please follow the official Google Documentation.

Linkedin API: how to use my login credential in my access token

I'm building my website to pull out my own linkedin profile info. And it is working but when a visitor comes to the site, they will have to login to see my profile info displayed on my page. This should be a public website and I don't want visitors to log in to their linkedin account in order to see my public page.
Is there anyway to do this (so that visitors can see my info without having to be logged in) ? Thank you
NOTE: I'm using their REST API by the way.
Simple code
Per the documentation (section #1, bullet point 3), it is not possible to share your profile information via the API without the user both authenticating your LinkedIn application that is pulling the info, and also the authenticated user then being connected to you in some way. From that document, "Each user must grant your application access to their LinkedIn network and they can only see data from their own LinkedIn network. For example, you cannot gather information about a LinkedIn member in one user's LinkedIn network and show that information to other users"
In short, the REST API is probably not the way to go to expose un-authenticate user's to your profile. What you might want to do is use one of the plugins, such as the Member Profile plugin.