I'm wondering if anyone has had any success with the new RingCentral Call Control API, particularly around app permissions.
The docs suggest the app needs the CallControl permission. The problem is that this permission does not appear to exist. Do we use the "Active Call Control" permission instead?
My use case is for creating subscriptions using the "/restapi/v1.0/account/~/telephony/sessions" event filter. Even though the "Active Call Control" permission appears to work, I'm not convinced it's the correct approach.
When the "Active Call Control" permission is not set, I get the error "Required application permission [CallControl] is missing" on subscription creation. When it is set, I don't get an error and the subscription appears to work. So what's the problem?
Well, for one, I don't like the I'm just guessing at what the proper permission is. I don't see any documentation where the app permissions are defined.
Also, when I go to graduate the app from the sandbox, it tells me that the "Active Call Control" permission was unused. This might be a separate issue, a quirk with subscriptions, but it adds to my feeling that perhaps I shouldn't just be guessing.
Links to relevant documentation would be appreciated, as would direction or experience with this API.
Thanks for bringing this up. This is a bug in the documentation, the actual permission name is "Active Call Control" and not "CallControl". You are using "Active Call Control" correctly. This permission is used for both Telephony Sessions Notifications and Active Call Control APIs. We shall update the documentation soon.
If you want to see any changes, please feel free to send your feedback directly to our Public Developer Glip Group https://developers.ringcentral.com/community.html.
Related
I am trying to implement a hardware busy light to show my Microsoft Teams presence so that my family to not enter the room I have the office while I am in a meeting. I am looking to implement something similar to:
https://www.eliostruyf.com/diy-building-busy-light-show-microsoft-teams-presence
https://blog.jongallant.com/2014/12/beakn-v0-1-diy-lync-status-light/ (older acticle - similar idea).
The only problem I have with this setup is that I cannot get the MS Teams status.
The best way to go is by using MS Graph Presence API but my problem is that this is a company account and I don't have (and there is no way I could have) and app in the main subscription granted with the required scope: Presence.Read.
So I tried different ideas but none worked in the end:
check local running processes
check if MS Teams exposes any local API
check if there is a CLI available
This seems a simple idea, I mean, I see the status right there now while I am typing this message, I could as well do an app that gets a screenshot of the taskbar and extract the status from the icon, but is that really the only option I have?
I think I found something interesting for you.
Go to
C:\Users\user\AppData\Roaming\Microsoft\Teams
you'll find a file called logs.txt
In this file you see if your current state changed
(current state: Available -> DoNotDisturb)
I would write a script with php or VB (depends on your skills) that read that logs.txt file like every minute and check for the last "current state" line.
What those posts are doing (certainly the first one, I didn't check the 2nd one) is calling the Microsoft Graph, which has a "presence" endpoint to get a user's status. There's actually even a specific "/me" endpoint, to get your own personal preference (less access rights needed). See more about this here: https://learn.microsoft.com/en-us/graph/api/presence-get?view=graph-rest-1.0&tabs=http
In order for this to work, as you've mentioned, you do need to have an Azure AD App registration. However, importantly, this will only require "delegated" permission (i.e. only permission from the single user, you, to access just data for that single user, you). As a result, you can use "delegated" and not "Application" permissions, which means that it does -not- require Admin consent for the tenant.
It -does- require and Azure Add Application though, at the risk of stating the obvious. While you don't have tenant admin rights, you need to see if you have Azure rights, just to create an application (you might have this anyway as a developer in your org). If you don't even have this, you can sign up for an M365 Developer account, and use that tenant. Importantly - the application does't have to be in the same tenant. If it's not, it's just a simple multi-tenant app, like any 3rd party Azure AD-backed application is.
I wrote an app script which provides a web UI for data entry into a team calendar. I published it using G-Suite super admin account and added it as Trusted App under Security/API Permissions. "Trust domain owned apps" is checked under "Internal App Settings".
When a G-Suite user in our organization tries to access the app, he sees
"The developer of ShiftSchedulingApp, admin#_our_organization_.org, needs your permission to access your data on Google."
Those brave enough to click "Review Permissions" are taken to the next message:
"ShiftSchedulingApp wants to access your Google Account. See, edit, share, and permanently delete all the calendars you can access using Google Calendar"
Of course nobody wants to risk losing all the calendars on their Google Account and this is where it ends.
How do I get rid of this misleading message? It's not Google account, it's their organization account on G-Suite. It's not all their calendars, it's the shared team calendar only. It's adding data, not permanently deleting calendars. It's published by their administrator in their G-Suite, not an unknown 3rd party.
I spent days trying to make this message go away but no luck. App must be executed as an accessing user and not as publishing user because their user ID determines what shifts they can fill on a calendar.
I'd appreciate any hints pointing me the right direction.
I experimented with variations of the two-app approach as suggested.
The app which provides the UI needs to read the calendar to display available shifts - so I can't get away from the user authorization prompt.
Another variation I tried was having one app do everything and run as me, and another do nothing but return Session.getActiveUser(). I tried calling the 2nd one from the 1st one on the client side via XMLHttpRequest. It would be ideal for my needs - but I hit CORS error as apps URL is script.google.com but it actually gets redirected to script.googleusercontent.com. There doesn't seem to be a way to set CORS in Google App Script.
Although I was not able to find a way to avoid prompting users for authorization when executing the app as accessing user, it turns out my reasons for doing that were based on a false premise.
I chose to publish app as accessing user because I thought that's the only way to get accessing user Id - which is true for non-G Suite accounts.
However, when app is published by a G Suite account, the app can get accessing user ids within the same G Suite domain even when it's set to execute as publishing user.
Thanks Niek and TheMaster for your help!
If you just need user ID, why do you ask for all those permissions?
Possible Solutions:
2 web-apps- One running as you and another as user accessing (with only profile) permission. The second one will be the actual web interface and POST necessary information to the first one with privileges. OR
Implement your own web-app Google-sign in1
Use the least permissive2 scope3
Successfully implemented OAuth flow within Google Actions context via account linking. However, after token expiration, it asks for user to link the account. Is there a configuration in Google Actions for token auto-refresh in this context so that the user is not re-prompted to link account after doing so already?
There are multiple problems with the app, to the point I'm a little surprised it got approved.
The first is that if you're using https://stackoverflow.com/a/44296039/1204142, then you should look at the update which indicates that Google is no longer allowing their endpoints to be used for account linking. This may explain why the card doesn't go away. Since it didn't prompt me for scopes after I authenticated myself... I'm not actually sure what it thinks it's doing.
But some code must have been sent, since the Assistant thinks we're linked. Even if the card doesn't go away.
However, when I connect, it prompts me with
OK, would you like anything else?
for the initial prompt. Which doesn't make sense in this context. But if I say "yes" it says
Sorry, I don't understand what you're asking. Say "help" to know how I can assist you.
If I ask for help, it says
Here's how piggy piggy can help.
and then leaves the mic open without saying anything further.
Your server can send an error code that will tell Google's OAuth server to send a request for a new access token using their refresh token.
I apologise if the title is a little confusing, but I was a little stuck with the wording.
I'm currently working on a section of an application to allow users to grant developers access to their data through the application. This comes in a little 'Allow Some great app to access your account with the following permissions'. The application developer adds the required permissions, then when the user goes to authorize the application, these permissions are are displayed. If the user is happy to grant these permissions, the user shall press 'Grant'. This means that the user has agreed to every permission that has been displayed, and therefore this generates an API access token for the relevant application.
The issue now is that it has came to the attention that people may want to remove these permissions at a further date. At the moment, if the user would like to remove permissions, all permissions will be removed or disabled. The reasoning behind this is that if a single permission is removed from the application, the token that they authorized with is technically invalid as it does not have the permissions that were given to it when first creating the token.
Whilst this seems logical, there are also circumstances where the user would want to deny access for the third party application for a single feature (eg. The external application had a bug that was creating bad behaviour in a certain area, but was working fine in another area).
Would anybody be able to throw their two-cents in to this, as I'm having a hard time understanding if its best to allow modifications to a single permission in the event of problems, or to simply have to disable the application.
I've followed through the InteractiveConsole and FriendsSmash example in Unity and learnt how to request permissions during login and get the friend list of the user.
But there's one little problem bothering me a lot.
When FB.Login("email,user_birthday", LoginCallback) is called for an authorized user. The user will be redirected to the Facebook page saying "You have already authorized App-Name".
I'm thinking to only call FB.Login("",LoginCallback) to every user, and then use the FB.API to check if the correct permissions exist, and after that call the original FB.Login method. However, this doesn't seem a very wise way to do this to me.
I did a bit of research but still can't seem to find a nice way to solve this. Can anyone please help me out on this?
Thanks.
If you have status=true in your FB.Init(), it should come back with login info if the user is logged in. You can then use FB.API() and do your permissions check.
I had PlayerPrefs.DeleteAll being called for testing purposes. I found that it was removing the Facebook data so it wasn't authorising on initialisation.
Make sure you don't call PlayerPrefs.DeleteAll()