I'm trying to automatically add a Post in Google+, in behalf of a user that already give my system App permission using OAuth.
I've been checking https://github.com/google/google-api-php-client and https://developers.google.com/+/web/api/rest/latest/ but not sure if "Add a Post" is allowed because in case of "Comments" objects I only see GET a list or item.
Thanks in advanced
Related
I'm making an app that connects to a google calender.
I would like make the "sign-up with google" and "authorize to access
calender" flow as seamless as possible.
My understanding is that this can be done with "login hints":
From the docs at https://developers.google.com/identity/oauth2/web/guides/how-user-authz-works
Adding a hint during authorization initialization--typically the email address of the user's Google Account--enables Google to skip the display of an account chooser, saving users a step. The ID Token credential returned by Sign In With Google contains the user's email address.
From past issues and digging around in the source, it looks I can run the "sign in with google" flow, and then pass an email from that to the authorisation flow like so:
This does redirect to a link with "login_hint=EMAIL_FROM_LOGIN_FLOW", but still displays the account selection.
Am I doing something wrong, or is this feature not yet supported in the new library?
I am currently developing an app using the Google places API..
https://developers.google.com/places/documentation/
I want to use the Events methods, so that a Place/Business owner can add events..
https://developers.google.com/places/documentation/actions#event_intro
However I obviously need to restrict it, so that only the Business owner can create events for their Business. Is there anyway of authenticating a user via a Google api, to confirm that they are the Place owner? I looked at Google+ however there is no reference to any 'Places' setup by that user in the people request.
Looks like this is possible now. The workflow would be the following:
Your user triggers a places search and selects a specific place in the result
Your user selects an option in your app to claim they are the owner of your place
Your user is redirected into an OAuth flow to Google Places where they login with their Google credentials
Once authenticated, your app is provided with an OAuth token for the user
Your app submits that token along with a Place reference to a Places API owner verification service
The Places API returns a yes/no as to whether the user concerned is the verified owner of the Place
Source - https://code.google.com/p/gmaps-api-issues/issues/detail?id=3894 - comment #3
Enjoy!
When passing Api request to this URL
https://www.google.com/m8/feeds/contacts/default/full
A screen comes requesting this permissions. Is there any URL that just only asks user to "retrieve you contacts" instead of managing it.
SHOPBOX.IO is requesting permission to:
Manage your contacts
Perform these operations when I'm not using the application
The permissions the user is asked for at the authorization screen is dependent on the scope that you specify. Of course for accessing different endpoints you have to request certain scopes.
For accessing the Google's Contacts API this scope is required:
https://www.google.com/m8/feeds - read/write access to Contacts and Contact Groups
As this is your only option and there is no read-only scope available, the user gets warned that you could edit his contacts, even if you won't do that.
In Facebook API:
"When a user allows you to access their basic information in an auth dialog, you have access to their user id, name, ...
To get access to any additional information about the user or their friends you need to ask for specific permissions from the user."
So basically Facebook allows for use of the API with restricted permissions by default, and then it specifically asks for all sorts of permissions you might use.
In Twitter when the user is redirected to the twitter popup on "account/verify_credentials" the popup shows:
"This application will be able to:
Read Tweets from your timeline.
See who you follow, and follow new people.
Update your profile.
Post Tweets for you."
It is basically giving me permissions that I don't need right off the bat and it might drive the user away from giving me such permissions (I wouldn't blame them)
Is there a way to get restricted permission (such as user info, and that's about it) thus show less items the user is allowing me to do in the popup ?
Sign into https://dev.twitter.com/apps, select the application, and switch access to read only on the settings tab. This will remove the Update your profile and Post Tweets for you permissions. The first two permissions are always present with Twitter OAuth.
Greetings,
Using the Facebook API, I have obtained an OAuth access token for a user. I can use it to retrieve information about the user and post to their wall, etc. I'm trying to figure out how to (or if there is a way to) programmatically get a list of pages a user owns (so that they can be presented in a drop-down list on a third-party site). I have been unable to find such a method in the Facebook API, but I'm hoping I've missed something.
Thanks!
Since this question was asked, Facebook has added a new connection on the "User" Graph API object: accounts.
The Facebook pages owned by the
current user. If the manage_pages
permission has been granted, this
connection also yields access_tokens
that can be used to query the Graph
API on behalf of the page. Graph API Reference: User