how to find OAuth client id? Suspicious activity - google-oauth

I reviewed a suspicious activity in Google activity web page.
The authorized app seems to be 800521135851.apps.googleusercontent.com & IP 130.211.197.142 (belongs to Google Cloud)
I read that the number 800521135851 is a unique client ID generated in the API Google Console.
How can I find out which app/service is responsible for this activity, in order to make sure the account was not breached? :)
Thank you

In the Google Cloud Platform console you can visit the "APIs & Services" tab and select "Credentials" there. You'll find a list of authorized clients/applications with a descriptive name.

Related

Device Access Console - "Application in review" status and Users receiving "No access to partner..." error

Our project to integrate support for Google Nest was verified for OAuth by The Google Trust & Safety Security & Privacy Team.
However, on the Device Access Console the project (ID: a09be4ad-f0be-479b-b9a3-77bd74f23c40) is still showing as "Application in review" and is still in the sandbox.
I'm not sure if this is what is causing the issue but our users are still getting the error below:
No access to partner
Information could not be retrieved. Please contact <> to verify your account has been property set up. You may need to add the developer email address as a home member in the Google Home app settings.
A screenshot is below:
enter image description here
We submitted the application on the Device Access Console first in mid December before we submitted the oAuth application.
The Google Trust & Safety Security & Privacy Team recommended I post here. Is there anyone from the Google Device Support team who can help us out with this issue? We'd like to roll this capability out to users as soon as possible.
If you need any other information from me, please let me know.
We verified that users trying to link their Nest accounts have converted over to Google accounts.
We had users try again after we were approved for OAuth also.
The users are still getting the same error message I mentioned.

How to tie an account from a backend server to a google assistant user

I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.

Google Analytics Reporting API Credentials

I'm new to Google Analytics API.
At some point, I'm supposed to allow the API to access the Analytics account I am interested in to an address like :
quickstart#PROJECT-ID.iam.gserviceaccount.com
I assumed :
quickstart should be replaced by the name of my project
PROJECT-ID by the 6-digits number appearing in the URL of my project's developer console interface
However, I haven't seen this address (or such) plainly written anywhere, and Analytics says this address doesn't exist, so that I just can't add it.
Did I miss something here ?
Thanks !
Solved,
The email syntax is explained here.
Though, I had to create this service account, from the Google API admin panel > project parameters > Service Account view, with reading rights.

OAuth2 Troubles with PicasaWeb API

I have spent the last couple of nights bashing my head against the wall amongst a see of conflicting out of date documentation and semi-helpful blog posts that were/are appropriate to what I am trying to do.
Essentially I want to write a wee personal app do download my images from PicasaWeb/Google+ and store them on my local hard disk.
I have managed to do the following:
Figured out the GData API for the appropriate request to get private album data (works fine in my 'google-logged-in' chrome browser)
Got the correct private data back from my GData URL with the token generated by the OAuth playground.
Managed to get an OAuth2 token back from https://www.googleapis.com/oauth2/v3/token using JWT.
However - when I try my access token I generate myself I get back a forbidden response with the message 'Not authorized to view access private'.
I am pretty stumped - my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff like google+ photos. When I look in there I can see the OAuth playground has access. How do I give my app access - and do I need to in this scenario?
Thanks in advance,
Robert
"my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff".
Totally correct.
I guess I see 2-3 questions per month on SO where people have made the false assumption that a Service Account is some kind of proxy to their Google Account. It isn't. It's a completely new and independent account.
The two approaches you can take are:-
Share the items to the Service Account so it has permission to access them.
Give your app direct access to your Picassa account. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for the steps involved.

Linkedin API: how to use my login credential in my access token

I'm building my website to pull out my own linkedin profile info. And it is working but when a visitor comes to the site, they will have to login to see my profile info displayed on my page. This should be a public website and I don't want visitors to log in to their linkedin account in order to see my public page.
Is there anyway to do this (so that visitors can see my info without having to be logged in) ? Thank you
NOTE: I'm using their REST API by the way.
Simple code
Per the documentation (section #1, bullet point 3), it is not possible to share your profile information via the API without the user both authenticating your LinkedIn application that is pulling the info, and also the authenticated user then being connected to you in some way. From that document, "Each user must grant your application access to their LinkedIn network and they can only see data from their own LinkedIn network. For example, you cannot gather information about a LinkedIn member in one user's LinkedIn network and show that information to other users"
In short, the REST API is probably not the way to go to expose un-authenticate user's to your profile. What you might want to do is use one of the plugins, such as the Member Profile plugin.