I'm using the Google People API to get user account info (only for the user who authorized via gmail sign in using the Gmail API) from a Node JS client. I want to make sure that the people.get method I use won't be affected by the shutdown of Google+ and it's APIs.
This is an excerpt from the email that Google sent on 12/20/18 notifying developers of the shutdown:
"Note: If you see calls to people.get, these can be the result of using the Google+ Sign-In feature in your application, which is now fully deprecated and is being shut down. Developers should migrate from the Google+ Sign-In feature to the more comprehensive Google Sign-in authentication system."
As stated above, I am using the People API to call people.get but it's unclear to me whether or not this will be affected by the Google+ deprecation.
If you're using the people.get API documented at https://developers.google.com/people/api/rest/v1/people/get, then you're fine. This API is not impacted by the Google+ API shutdown.
If you're using the people.get API documented at https://developers.google.com/+/web/api/rest/latest/people/get, then you will need to migrate to a different API.
Related
I have been reading google+ API and domain API and found out that google+ API are read-only. And domain API is only for domain users. But somehow I just tried buffer, connected my google+ profile and shared some text. It appeared in the posts section. Now my profile was not a part of a domain, it was username#gmail.com. Also, there are other social products which give the same functionality.
How do this work?
Your app can share post on the behalf of the user on Google plus. All you need to do is take the appropriate permission from the user.
https://www.googleapis.com/auth/plus.stream.write Required - Grants
permission for the app to create posts or comments on behalf of a
user. The Google+ Domains API only allows creation of restricted
posts, and only allows comments to be added to restricted posts.
Ref : https://developers.google.com/+/domains/posts/creating
There is an open authentication specification called oAuth that utilizes public api's, for instance: GitHub. Facebook, LinkedIn, Twitter, Google, Slack, etc. I believe the easiest way to implement this strategy is either with a bot, webhook, or my choice api framework Express.
Express has a middleware library called Passport that enables a quick setup of the necessary steps to implement the correct api keys, secrets and callbacks. Essentially what you have to do is create an app with each provider and they will give you the api information necessary for your Passport configuration.
Once you've got that done, then you just hook up a simple router and server, then you've got an app that can allow your users to sign into whichever provider they choose. The beauty behind the solution is their password information is serialized inside a JSON store to prevent security issues.
https://developers.google.com/+/web/api/rest/
I am trying to access YouTube Reporting API with a service account. But I am getting a 403 forbidden when trying to do youtubeReporting.jobs().list().execute().
YouTube Reporting API clearly supposed Server-to-server interaction.
Do I need to grant access to Youtube Reporting API for a google service account? If so, how?
FYI : I am not using google app domain.
You could create service credentials in the google console, but those credentials won't fix your issue. According to the docs,
The service account flow supports server-to-server interactions that do not access user information. However, the YouTube Reporting API and YouTube Analytics API do not support this flow. Since there is no way to link a Service Account to a YouTube account, attempts to authorize requests with this flow will generate an error.
It is p counter-intuitive-- (not to mention hard to locate)-- this info esp. since conceptually related YT APIs utilize service accounts, see here, and the reporting api actions wouldn't seem to need to be associated w/ a specific user account.
Unfortunately, if you use a service account for the Youtube Reporting API you will still end up with a 403 unauthorized caller error.
Instead, create and use web client google credentials. Store and use the token generated from the flow.
You can do that in the Cloud Platform Console. See https://support.google.com/cloud/answer/6158841?hl=en for details
I want users to my website to use Google Accounts to authenticate / sign in to my website. The primary use case being users will edit and generate content and we want to log ownership in a secure way. We are not interested in obtaining users Google data, we just want a means to authenticate users.
After googling, I came across some documentation, which seems to explain how to do this OpenID Connect (OAuth 2.0 for Login). But the documentation immediately says "Note: If you want to provide a “sign-in with Google” button for your website or app, we recommend using Google+ Sign-In, ...", which if you follow the link ultimately takes you to Google+ Sign-In.
What's the difference between these two pages of documentation? Why does the first tell you to go to the second while not saying the first is deprecated? Are both/either suitable for my use case? All it says is "we recommend" I want to know WHY, WHY do they recommend it?
UPDATE: I also found yet another link which seems to be documenting another approach https://developers.google.com/accounts/docs/OAuth2WebServer I think this is just for "Authorization" i.e. authorizing your app to make google api calls to get user data, so cannot be used for authenticating/sign-in.
BTW I'm building my website with a Scala Spray BE REST API & NG JS FE.
A comparison of the two is available here.
Google+ Sign-In with profile scope
Has Google client libraries for authenticating with OAuth 2.0, which includes support for Google+ and other Google services (like getting social information on a user). Also this can make implementing easier and requires less boiler plate code
Has the Google+ Sign-In button to simplify sign-in Has no pre-built widgets
Supports over-the-air Android installs
OAuth login is primarily just for authentication at a lower level, that is by making raw HTTP requests, no API.
OpenID Connect protocols (OAuth 2.0 login)
Google+ Sign-In supports OIDC interoperability if you configure with the openid scope and get the user profile using getOpenIdConnect.
OAuth 2.0 login supports OIDC directly. Use it for signing in users to apps that do not need social features and run on platforms not supported by Google+ Sign-In.
I'm writing an packaged app using javascript for google chrome web store and I need to identify the users e-mail. using Identity I've retrieved OAuth 2.0 token (by chrome.identity.getAuthToken() command). What next?
I've found this documentation but i'm afraid it can be used only for hosted chrome apps.
The above documentation can be used also in cases where the application only has a client-side presence. You can extract the email_address from the id_token (https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo); that would be most efficient. Or you can use the access_token to retrieve the same data from the user_info endpoint, which requires another AJAX request (https://developers.google.com/accounts/docs/OAuth2Login#obtaininguserprofileinformation).
If you manage to configure the G+ Sign-In widget for your extension you'll find out that it simplifies these tasks considerably. Note that G+ Sign-In has been recently updated and works for all Google account users (including Google Apps users) whether or not they have signed-up for the Google+ service. See https://developers.google.com/+/ for more information.
Which URL I should user for authentication user in the Twitter?
For example, in the Instagram token for user can be received when user click on the following link
https://api.instagram.com/oauth/authorize/?client_id=XXX&redirect_uri=XXX&response_type=XXX
After this its return token and I can work with user profile.
How to build such link for twitter?
Twitter API has several ways to authorize and it depends on what you want to do for determining which approach to take.
The OAuth2 approach that instagram takes is called application-only in Twitter API. The thing about application-only is that you can only use it on endpoints that aren't associated with a user. e.g. it's great for search, but doesn't work well for tweeting (which is something a user would do).
A couple other approaches are Single User Authorization, which is good if your app only needs one set of credentials. e.g. a server app. Another is Pin Authorization which is a work-around for devices that can't manage Web callbacks. These use OAuth 1.0A.
There are a few other OAuth options, but this was just to give you an idea about the available choices and the need to think about what you want to accomplish and match that with what the Twitter API offers. Here's the Twitter docs for more info:
Authentication and Authorization