I want to pull periodic reports via Google Seller API. Is there a way, to login into Seller account without having to go via regular OAuth redirection ?
It would make no sense to try to use a service account to access AdEx, which is owned by a user account. You need to obtain a refresh token for the user account, store it somewhere, then use it to obtain an access token whenever you need to access the API. This answer gives the steps to follow How do I authorise an app (web or installed) without user intervention? (canonical ?)
Related
OK so I have an account using SSO credentials and the data within this SaaS app is available via a REST api using OAUTH2 but the API is not SSO friendly or enabled so how do I (if possible) access the data via the API but the only credentials I have are managed by the SSO., I do have my api key and secret and I can generate my access token in python from another non sso account but the sso account even tho I have the username and password I cannot get anything but a 401.. any help?
I might add , I am just an end user and have ZERO access to the actual API or data set but I can create and edit users and access on the SaaS app I cannot however change anything with the SSO or AD
I have tried using username#domain.com/token , I have also tried org\username and password, I have tried requesting different access-types from the OAUTH2 endpoint and the only recognized type is password. And I have tried every combination of the above trying to get the data from the API
If you are trying to access the third party REST API via OAuth2 then you'll need to check with the third party team if you are authorized to access that API, they may have to provide some additional permission to allow the access. If you are getting 401 then you don't have the correct credentials, please verify.
We have a system that supports social logins and we have a feature that users can download api access key and secret key to make APIs programatically.
But when a user account is deleted from social login provider the user can't login in the system. But the same user can access APIs programmatically. Is it possible to stop the API login as well ?
Unfortunately this can't be done, unless the social service supports publishing some kinds of events about deleted users (though I highly doubt that anyone would be doing that). Maybe there is another way to verify for you whether a given account exists in the social service (by calling some endpoint, for example). Then you can periodically check with this endpoint which of users exist. Or call this endpoint when you get a request to the API and verify if the user still exists.
I'm planning on building a G suite integration with my existing SaaS site.
I want Gsuite admins to allow access for their organisation. So I only want "domain install" possible.
After this has been done users can be imported from Google into our application. Users should be able to use SSO to login but I don't want each user having to pass the consent screen.
I also want the app to have readonly access to the calendar of the user.
What is confusing for me: do I need to create a regular web app integration or a Service account integration? I don't really need offline access but I want to avoid all users having to grant access individually.
Here it says: The user sees the OAuth Consent screen only once; if you’re using a service account to allow a domain admin accept terms on behalf of the domain users, then the end users must never see the OAuth consent screen.
So does that mean only service accounts allow this?
Yes, using a service account you can install and authorize one app for all your domain user impersonating the admin account. In such a way, your users won't have to authorize the app individually.
You will have to enable domain wide delegation in order to impersonate the admin account when using a service account.
Reference
Service Account
We use http://api.linkedin.com/v1/companies/ for getting information about any company and we publish this info in our Company's Marketplace website for that Company's storefront. Our customer logs into the portal and sync company information from LinkedIn using OAUTH 2.0 flow via user's access token. So far we are good.
When customer updates the company profile, how can we get these updates reflected in our company storefront using API? In this case there is no user/browser, its offline process like scheduled job. We’re looking for a way to regularly sync their LinkedIn information with our site while the user is offline instead of a “one-time” copy. Since there is no user interaction here we cannot go for oauth flow as we don't have user's access token to call API. Is there away to accomplish this?
You can store the access token and refresh token together with LinkedIn URL of the company when OAuth 2.0 flow completes. Then in scheduled job you can use access token and url to sync data. If the access token is already expired, use refresh token to get a new access token. This way you don't need to involve the user for data sync as long as he does not revoke the access from LinkedIn to your account.
I was just wondering, I want to associate a Twitter and LinkedIn account with my systems accounts. Which would allow them to post to interact with them without needing to log in to the other systems.
Is there a way to store the social (twitter / LI) usernames and passwords and associate them with my system and vis versa.
E.g. If I login using my native details (email / password) I can access the API features of my social network accounts?
Thanks in advance,
Chris
I can't speak for Twitter, but with LinkedIn you could follow this basic workflow:
Register an 'application' with LinkedIn. Your site will use this application for all communication with the LinkedIn API.
Have the user authorize your site (your application really), to access their account via the LinkedIn API.
Retrieve the user's unique LinkedIn ID, as well as their access tokens, and store those in your user account database, associated with their existing account.
Then, when they return and log in to your site, any calls you need to make to LinkedIn can be done via the stored access token, rather than having to have them manually allow you to have access again.