We have a GCM API project key that we use in our Android application and a week ago we had lost access to it. It was either deleted or it was created by an employee who is no longer with us. How do we get access to this API project which is attached to our company domain?
Related
So I have this really old UWP app that has been using the Live/OneDrive SDK to provide authentication and identification for at least 7 years now. The app is registered with Microsoft Account Authentication which provides a Client Id and Client Secret to identify the app when an authentication request is made.
When I use the SDK for authentication (OnlineIdAuthenticationProvider), it returns a unique Id (CurrentAccountSession.UserId) with which I can determine which of my users is using the app and then use that unique Id to persist/retrieve information the user provides.
The problem is....The OneDrive SDK is super old (hasn't been touched in over 3 years), outdated (.NET 4.51...no .NetStandard implementation) and Microsoft is pushing everyone to use MSAL and Graph instead. Fine.
But how can I do that and still be able to tie the person who is logged in to the app to the information I am storing for her/him?
From what I'm seeing, in order to use the new SDKs, I have to register my app, again, in the Azure portal and use a new Application (client) ID. If so, when my user logs in...my expectation is that any identifier that's returned to my app in the authentication process will not be the same as the UserId I've been using for almost a decade.
Has anyone done this? I can't be the only person who has encountered this problem...can I?
Any help would be greatly appreciated....
Today I received an email with the above as subject and this in the body :
Dear Android developer,
To keep your access to Google APIs, review the OAuth client used by your Android application by September 30, 2019.
Google requires developers to register all Android apps that request Google Account data and interact with Google APIs. The following Android package name you maintain may require the registration of an OAuth client:
com.myappname (not my real app name)
To register an OAuth client, make sure to either:
Have an existing project on Google Cloud Platform for the app you publish.
Create a new project and configure it correctly.
For the app, make sure there’s an Android OAuth client for the package name and SHA-1 signing-certificate fingerprint. If your app uses certain sensitive or restricted scopes, you’ll also need to submit your app for verification.
Apps without a properly registered OAuth client may not get Google Account or API data after September 30, 2019.
Thanks,
Google API team
I have a GCP project that has 2 OAuth 2.0 client IDs with the package name for this Android app (one Debug, one Release) and SHA1 fingerprint. Google login has been working for years with no issue. App is also verified (though we don't use any sensitive scopes). Anybody received a similar email or know what possibly might be missing?
This is neither a misfire or a threat. It's more of a reminder than anything else. All people who interact with Google User data get this email, and the point of this is to simply tell people "Hey, if you need to, register an OAuth client, do it by September 30th.". This is explicitly clear on the wording of the email. You can see here:
The following Android package name you maintain may require the registration of an OAuth client
The keyword being "may". Since, from what you've posted, you already registered your client, you should be good to go. Everything beyond this:
com.myappname (not my real app name)
Is nothing more than instructions on how to register your client. Everything above it is warning, that if you haven't, register your client. It's saying that it's possible that you haven't registered your client, so make sure you have.
Long story short, if you registered your client, you're good to go.
Okay so After working on sandbox of Evernote, I applied for production server API approval few days ago. So recently i got mail from their customer support stating that they have activated my API key on production server. So i can't figure out what to do next,i tried creating dev token for production server but it says that currently creation of developer token is disabled.
enter image description here
Dev token and API keys for OAuth are two different things. If you just want to create a dev token for your account, see here.
I'm just getting started porting my old code over to the new google apps json service but I'm not clear on the oauth.
I'm looking at:
https://developers.google.com/admin-sdk/directory/v1/guides/prerequisites
It says:
"Set up a new project in the Google APIs Console and activate Admin SDK service for this project. See the Google APIs Console Help in the upper right corner of the Console page for more information about creating your API project. "
My product gets installed at each client location. Do I create the app using my key then distribute this to my customers or do I use their key in my app that runs at their site? Do I also need to enable the admin SDK in addition to enabling API access?
Do I create the app using my key then distribute this to my customers or do I use their key in my app that runs at their site?
Do they have access to the source code? If true then it will be known to them.
Whether it is your key (an API project owner by you) or theirs depends on the kind of software you offer (tailored or common service (webapp?)) and who will be responsible of the quotas, billing (if needed) and maintenance.
Do I also need to enable the admin SDK in addition to enabling API access?
Yes.
FYI:
API projects can hold up to 20 accounts
Users can own several projects (don't know how many)
Projects can be shared with other users or Groups
I have few questions about the Android GCM
What is the use of Project ID/Sender ID in GCM.
Can i use the same project id for any number of server side apps with different application server code( Like one for giving Live scores, one for news app)
Why Google account is required?? How Google account is used in push notification.is it for authentication?
You have to provide sender ID when you register your app/device for GCM. The RegID that you get back is associated with the sender, somewhere deep in Google's data. So that when the server pushes messages, Google's system can track back their authentication to the sender, and make sure that the app and the server really belong to the same entity.
Sure. Just reuse the authentication header.
You need a Google account to get access to the Google API console. Google needs a way to identify and authenticate you, an account owner, so that other people cannot play with your GCM settings.
EDIT: this is not official, but they claim the phone needs a Google account associated with it because GCM uses GTalk internally.