Is there any way to embed a private report (i.e. Link-Sharing set to OFF) in a site where the user does not have to be signed in to a Google account which has view permissions on the report? I understand from this piece of documentation that a private report can be viewed in an iframe only if the viewer is currently signed into a Google account which the report has been shared with.
This is not a feasible option in this case, and it comes down to two factors:
The client requires complete security of their reports.
The client, due to security reasons within their company, cannot create or use a Google account.
This means the only solution is for a 'service' type Google account to be created which authenticates with Google from within the application side of things, without relying on user input.
I guess that the document that loads within the iframe looks for a Google authentication cookie in the browser session of the user in order to authenticate access, so this seems like something that cannot be injected by the server or automated on the client (correct me if I'm wrong). Plus any kind of attempt to script a login through the iframe will result in some cross domain issues.
So, if there is some sort of official authentication technique which can achieve what I'm looking for, and have managed to overlook, it would be great if somebody could point that out! If not, if anyone has any ideas on a less neat and tidy way of doing this, I'd be equally as grateful!
Thanks
(coming late to the party, I'm aware, but stumbled upon this myself just now and believe I found an answer:)
When embedding a report, you are able to send a token via their community connectors to give specific viewing rights depending on who that is on the platform. I guess this wasn't available at the time posting this question, but sounds like a viable option now - read more: https://developers.google.com/datastudio/solution/viewers-cred-with-3p-credentials
You can not share an active/live dashboard but you can deliver a password protected version of you report via PDF. To the farthest left of the "Edit" button you´ll see the "Download Report" feature.
Related
we are trying to build an application which is accessable via onetime passwords without a "user" having the need to register.
We did came accross the term magic-links sent via email, but there is only some old experimental keycloack extention for this.
Is there any way to build some auth flow like the following with keycloack?
User A is a fully registered User creating some document. This document needs some interaction with a Third Party Person (TPP) not registered.
Now User A sends an E-Mail invite to the TPP with a link to the document. When the TPP opens the link our application should ask for the email address and send a magic link or code to this email. Whith that email or magic code the user gets access to the document for the time it takes to complete the approval process. After the work of the TTP is done, the access should expire (or expire automatically after X days not used).
It does sound quite similar to what is possible with SaaS offerings like https://magic.link/ or https://www.arengu.com/ but we are using keycloack and would like to integrate it into it as well.
Does anyone have an idea how to achieve this with keycloak?
I know this is outdated, but perhaps someone else coming along may find this useful. There is a newer implementation of this feature provided here: https://github.com/p2-inc/keycloak-magic-link
We have found it usable and useful for our needs and works well in the latest version of Keycloak (18.x).
This question was previously asked here but the OP never responded to the comment left and therefore it is left unanswered. I'm looking to sign into a specific Box account via API and am hoping there's a way to automatically set the login and password instead of asking users for theirs. I'm coding my app in PHP and so far I'm using the basic OAuth2 process that asks the user to login (/auth/ticket&api_key). So far the only suggestions I've found requires saving files to local storage but that's not an option as I need my app users to do as little work as possible to get in. I just need to tweak this authentication process. Any suggestions??
Thanks!
this is the answer i got from Box API technical support:
Unfortunately, there's no way to do this at this point. You do have to go through the web based login to authenticate, however once you authenticate the first time, you can automate the refresh token so you won't have to do it again. I apologize for that and just let me know if you have anymore questions about this.
I was reading through the windows live developers doc here. In that I saw they are having an authentication method something like this.
GET https://oauth.live.com/authorize?client_id=CLIENT_ID&scope=SCOPES&
response_type=RESPONSE_TYPE&redirect_uri=REDIRECT_URL
I understood everything except for where do I give the username and password of the user?
I am planning to create an app(first one in my life) to learn the working.
I also have never used or coded something over REST.
When using OAuth, your application never receives the user's username or password. Rather, the user logs in to Windows Live on the Windows Live servers and authorizes your application for access to their information. After they have authorized your application, you receive an access token from Windows Live on behalf of the user. You then use that access token with the Live API to retrieve user information.
Coding something using REST protocols isn't anything too terribly complicated. It has been my experience that you're just specifying parameters to the API using GET or POST as your request method. Adding OAuth on to your requests is a matter of specifying additional parameters.
You're task is to learn two things here since you've never done REST or OAUTH before. Spend time looking at both.
Oauth is hard to get and hard to implement.
You should choose an off-the-shelf Oauth library they exists for most languages.
(Then you do not have to worry about the details. OTOH: You should know how it works to know how to set up and fix if something goes wrong.)
http://oauth.net/code/
When I try to authenticate a user through Google OAuth 1.0, if the user is already logged in with Google, he's automatically asked if he'd like to allow access to my application. I would like to force the user into submitting his/her credentials again to Google, so he may provide a different account than the one he's logged in with (both FB and Twitter OAuth handshake have an option for this).
Also, is there a parameter I can pass on to Google that would make it aware it's in a popup, so it may adjust the layout better ? Again, FB and Twitter take "ownership" of the popup and resize it so their layout fits perfectly. They're also aware of being presented in a popup so a different layout is presented.
Google seems so far behind with its API's. I found the overall implementation difficult to work with, the XML's are creepy and full of useless data, documentation incomplete and overall procedures are not consistent across it's services, or even across the same service!
Try adding max_auth_age=0 to the first OAuth URL. This worked for me.
I want to make an application witch involves logging into google. It is basically a small application to always have your gmail with you without always having to go to the web browser and log in. Basically what I want to do is, when the person signs into their google account (or the page url changes) I want the webbrowser to refresh and go to a new point in the form and create an animation using a timer. I dont need help with the animation, I just need to know how to link it together with the person signing into google. And also, If it's possible I would like to have the person log in without the actual google web interface, but with 2 textboxes and a button. I am using Visual Studio 2008 and help with my application would be greatly appreciated!
One of the great things about GMail is that it gives you Pop3 access to the mailbox. Your application should be able to use Pop3 to login to the mailbox directly and not require the user to use the google web page (or any web page) at all.
This would be much more secure and fault tolerant than highjacking a browser session or scraping a web page for emails (as your application would break as soon as google updated the gmail app or the user changed their preferences).
You should be able to find numerous Pop3 tutorials, libraries and samples on the net (and most probably here on SO).
If you still insist to use the web browser control, you should investigate crafting your own HTTP-Post query to the page that takes the GMail login. Once you craft the correct message (including the user's username and password as the appropriate POST variables) you should be able to login directly.
Finally, you might want to have a look around on code.google.com as I'm certain this has been done before and you will most likely be able to find some sample code (whichever way you go).
Good Luck!