"Modernized" OAUTH, WebView no more, impact? - google-oauth

This is in reference to:
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html
which asks to post questions on stack overflow under #google-oauth.
Two questions from the developer of an email app for Android.
There are users who have more than one Gmail account, and they don't want to have to add all of them into system Settings.
For accounts which are present in system Settings, I use Google Play Services, it works almost every time, so that's not the scenario I'm discussing.
For accounts not present there, I currently use a WebView to open https://accounts.google.com/o/oauth2/auth and it just goes from there.
1:
Can someone please clarify what "new OAuth clients" means here?
New installs of existing apps (using WebView)?
Or brand new apps?
What are those "user facing notices" going to look like?
2:
What about Android devices that don't have Chrome installed?
Not all do, and I believe it needs Android 4.1 whereas my app runs on 4.0.3+.
Does this mean the owners of these devices are now going to be out of luck?

Related

Verification Google OAuth2 concert scren with the apps for personal use only

I recently asked this question and user's #DalmTo and #Sergio NH they gave me an exhaustive answer for which I thank them very much.
Moving forward to question, we started publishing the application, and its verification was not required, since no scope was added (here it is a little unclear why the requests worked in an application with a test mode in which these scope were not added (google drive, google sheet and google ads)).
However, this time the application in the "In Production" mode began to give us an "Unverified app screen" (see Unverified app screen). We decided that we still need to add scope to the list, and, of course, that the scope list (their list is described above) requires verification by Google.
We started filling in the necessary fields, while studying the Google documentation at the same time, and came across the following information (see block Verification process -> What are the requirements for verification?):
Apps not applicable for verification
Apps for internal use only
(single domain use) Apps for personal use only Apps that are Gmail
SMTP plugins for WordPress Apps that are in development or
staging/testing
Apps for personal use only
And this is just our case: we have already received permission from Google Ads and are just generating simple reports that we want to integrate with Google Sheet. I.e., this is an elementary script that works within this account (however, we still need to request the first concert screen, even for this developer account) and cannot be distributed to any other accounts.
But when adding our scope, Google requires us to pass verification, forcing us to fill in the required fields, in the form of domains and their verification via the Search Console (we have already done this and this stage does not cause difficulties) and links to Youtube videos - where we must show how scope is used.
And just this stage is not clear. We do not allow other people's accounts to connect to this application, and the software does not have any interface, it is just a script that receives data from Google Ads and saves it to Google Sheet (creating a file via Google Drive). We have described all this in the scope usage description field. But the link to the Youtube video is require field, and we sincerely do not understand why (considering our case) we should record something, and most importantly, what exactly we should record in this case. If the documentation itself says that in our case we do not even need a verification.
Maybe we did not understand something and now we are doing it wrong? We will be glad to receive any tips from experts working with Google Cloud Console and apologize in advance for broken English.
We also apologize in advance to the StackOverflow community that we have to publish such elementary (which we are absolutely sure of from our side) questions here. We come here from Google Cloud Console - > Support - > Community support, and we must first try to publish posts in the Google Groups specified there, but they simply do not answer us, apparently considering our questions too elementary and not worthy of attention (however, these same questions in Google Groups are moderated) (for example, the previous question). And we are no longer able to contact any other support. Once again, we apologize for having to ask about this here.
It is true that if your app is a single use app then you do not need to be verified.
However if you don't get your app verified then there will be some restrictions.
you will see the unverified app screen
your refresh tokens will probably only be good for two weeks.
In the case of the YouTube api uploaded videos will be suck private.
If you can live with those points then you don't need to verify your app and you can continue as is.
If on the other hand you don't want to see the unverified app screen and you want a refresh token that will last longer then two weeks. You will need to verify your app. Yes, Even if your app is a console application running as a job some where you still show the consent screen. This is the YouTube video you will need to show Google. Show the consent screen popping up show the URL bar and then show your script running. You also need to set up the homepage and privacy policy screens. Yes i 100% agree with you that this is silly.
When you go though the process. Explain to google that this is a single use script running as a job some where.
Unfortunately when Google changed it so that Refresh tokens expire for unverified apps they pretty much tied the hands of all developers who are running such single user scripts. We now have to get our apps verified if we don't want to have to request a new refresh token every two weeks.
If your program needs to access the requested scopes of the Google account privacy, even though the user is yourself, you also need to provide a youtube video to demonstrate how you use this program. The auditor cannot guarantee whether you will make this program public.

Can't get access token for my Venmo acount

I'm trying to write a simple clientside script that used the venmo api to automate some aspects of my account. The first step is getting an access token by going to the developer tab on the settings page. However, whenever I click, "Get Token", the page just redirects me to my profile settings tab with no further information. Going back to the developer tab, nothing has changed, and I still don't have an access token. I've already filled in every aspect of my profile; my name, phone number, profile image, everything. I can't find anyone else with a similar problem. What am I doing wrong?
Unfortunately, the Venmo API is no longer available to new developers. I was having the same problem and reached out to them directly to confirm. The message I received from one of their support staff yesterday:
Thanks so much for your interest in Venmo! Unfortunately at this time we have discontinued accepting new users of our Developer API. We want to support all of our friends in the development community as much as we can, but at this time we are focusing our efforts towards expanding on our recent launch of the ability to use Venmo to purchase items in select merchant apps. Going forward this will allow us to provide many of the same capabilities previously powered by our Developer API in a more streamlined experience for users and developers alike. I apologize for the inconvenience.
It's too bad.

iTunes Connect demo account in existing live database for app submittal?

I'm submitting my first app through iTunes Connect. It is a social networking community so I have to provide a demo account for the submission. My app already has a live database of users as there is currently an active web version.
I'm new to this and confused as to how I should handle this. Should I be creating a demo account that will not show up in any other live user's search results? Are the testers going to be attempting to interact with other live users? I am assuming I will need to show the various functions of the app, like messaging and events. In that case should I be creating a few "demo" users for the testers to interact with?
Alternatively, should I be linking them to the development version and development database? If that's the case, then the build that I send them would only be a development build then?
I am confused on how this is supposed to work and can't seem to find any information to help?
In my experience, you'll need to give them the production version that will go into the store. So not the development build.
When we submit an app for approval, it seems to get installed and activated on a couple of devices, but nothing much ever happens. They barely use it, as far as we can tell. We can tell that it's installed and run. We have previously been rejected when the network connectivity wasn't working right, so we know that they do look at the app after it's installed.
I'd suggest you make them an account that looks relatively anonymous (or even "Test Account" which you real users are hardly likely to try to interact with). You could create another account and say "If you want to send a message, send it to account xxxx". We've never had them interact with our app enough to utilise the suggestions we've made.
If you have an active / inactive flag, you could think about making these accounts inactive once the app is approved, then re-activating it when you next want to submit your app.

From my service how do I listen for when a user clicks on a desktop icon or app from within the application menu?

This question is no longer active - I have been officially notified by the company that we're dropping Android and going with a system that is specifically designed for business use.
In our two sister companies we installed almost 500 android phones assuming they'd have security capabilities similar to Linux that would allow us to provide business phones to our employees but limit their access to apps. Unfortunately we've since found out that we were hugely mistaken. Android has decided that whoever has possession of the phone should have full access to everything. Unfortunately for us this has been a business nightmare, with huge data overages, employees downloading and installing anything and everything they can get their hands on from Play Store, the apps we need to run constantly being stopped by the task manager because too many apps are running at the same time with our employees arguing that the apps are buggy or the phone is broken. Due to our type of operation, the phones are passed from one employee to another often for weeks at a time before a supervisor or technician has access to them.
We absolutely need to either secure the phones or get rid of them. So...
From within a service, how do I capture when an employee clicks on an unauthorized app either from the desktop or from the applications menu? I've spent the last 2 days searching Google for an answer, but have turned up nothing. I know it can be done, because I have a couple of apps on my personal phone that do so.
We're using Android 2.2
Why not uninstall Google play store from the phones? And any other apps which are not needed?
It might be easiest too just install a parental control app. Here's an example, though this particular one may not meet all your needs: https://play.google.com/store/apps/details?id=com.kiddoware.kidsplace
Have a look at the 3CX Mobile Device Manager. The sign up process is free and easy. Then you just need to download the app to each phone from GooglePlay and get it set up. I would be interested in knowing if you proceed with it and if it does everything you need it to.

Re-activating a Facebook App

I want to know if it is possible to re-activate a Facebook App that has been previously disabled.
This is what happened:
We created a Facebook App and an iPhone App that connect to each other. After releasing our game to App Store, one of our programmers accidentally deleted the App from Facebook. Now players are shown a message saying the Facebook App does not exist.
We know this may not be possible, but still wanted to ask.
I work on the platform team at Facebook.
Unfortunately there isn't a standard way to do this since this isn't a situation that occurs often. However, I can imagine how painful this may be. If you could provide me with either of the following - the app namespace, canvas/connect URL for the app or the app ID, we may be able to help.