Given that pushbullet only accepts signups via Google or Facebook accounts, what is the recommended way of sending alerts from (for example) "My site Service "?
I tried connecting an additional address to my account an this also presented me with a Google / Facebook login option.
Is the only way to send notifications from "My Site Service" to create a Google or Facebook account for "My Site Service " ?
You can create a google account for your service, I have some test accounts I created that way.
One way to get the behavior you want though might be to create an OAuth Client https://docs.pushbullet.com/#oauth which can send messages on behalf of whatever user grants the client access. This is for example what IFTTT does, and the messages show up as if they are sent from IFTTT, not the current user.
Related
Overall flow
I'm working with Google Cloud Platform (GCP), Google Apps Script (GAS), and the Pub/Sub service within a Google Workspace domain environment. This is the flow of requests/data, which works but clearly has auth issues:
GCP Pub/Sub service receives messages for a specific topic
Pub/Sub forwards the message to a push endpoint URL by POST
The push endpoint is a doPost() function within Google Apps Script (GAS), published as a Web App
Details
I have enabled authentication for the Service Account used in the Pub/Sub delivery type options, i.e. Pub/Sub signs a JSON Web Token (JWT) and sends the JWT in the authorization header of the push request. Edit: The Service Account (Client ID) has a domain-wide delegation for the Scopes
https://mail.google.com/
https://www.googleapis.com/auth/drive.scripts
https://www.googleapis.com/auth/drive
Web App deployments come with two options:
"Execute as"
Me (name#workspace-domain.tld)
User accessing the web app
"Who has access"
Only myself
Anyone within {workspace domain}
Anyone with Google account
Anyone
Right now, the web app executes as Me with Anyone having access. And it works.
Problems
The push endpoint is publicly accessible, but should not be. (1)
Follow-up: "The push endpoint must be a publicly accessible HTTPS address" (source) anyways, so "Who has access" will be set to "Anyone" by design.
Limiting the "Who has access" option to "anyone within {domain}" leads to unacknowledged messages inside the Pub/Sub subscription, doPost() will not run, but the endpoint returns straight 40X HTTP codes (probably forbidden).
--> Question: How can I promote the Service Account to being seen as a user within the workspace domain, so it has access to the endpoint?
The push endpoint should validate tokens sent by Pub/Sub. (2)
In GAS, doPost() has no access to (authorization) headers sent to the web app endpoint URL (unfortunately and as far as I know). However, ScriptApp.getIdentityToken() gets an OpenID Connect identity token for the effective user, if the openid scope has been granted.
--> If problem (1) was solved, is it possible to authenticate and authorize the messages send to the endpoint within the GAS doPost() function using ScriptApp.getIdentityToken()? From my understanding, the Service Account should also become the effective user, i.e. "Execute as" = "User accessing the web app".
I might be missing something. So, thanks for any tips and advice!
Doc links
Google Apps Script: Web Apps
https://developers.google.com/apps-script/guides/web
GAS: ScriptApp.getIdentityToken()
https://developers.google.com/apps-script/reference/script/script-app#getidentitytoken
Using push subscriptions: Authentication and authorization by the push endpoint
https://cloud.google.com/pubsub/docs/push#authentication_and_authorization_by_the_push_endpoint
Firebase admin is only available for admin or users also to send notification to other users?
Actually i am little bit confused in send notification from one user to another and which data is used like on the basis of user receiver uid or receiver fcm token.
firebaser here
Calls to the FCM API to send messages require that you specify the FCM server key in your code. As its name implies, this key should only be used in server-side code, or in an otherwise trusted environment. The reason for this is that anyone who has the FCM server key can send whatever message they want to all of your users.
So sending messages to users is indeed only possible from a trusted environment, either through the Admin SDK, or the REST APIs. See How to send one to one message using Firebase Messaging for more.
I know that smtp.gmail.com will no longer support less secure apps in 2021. In order to migrate to using oauth access tokens, I am trying to understand the flow.
I do not want to access users gmail account information, I simply want to send them an email that contains password recovery link for my application. Everything I've been reading talks about getting access_token and displaying consent screen to the user before sending emails. This indicates to me that all these tutorials assume you want to send emails on behalf of the user.
I just want to use a single gmail account to send password recovery emails. How can this be achieved?
We have a mobile application and end users are authenticated via Firebase.
Current behaviour
While onboarding users, we register every user on Firebase with an email and a mobile phone.
Once the user is created on Firebase we the use the link generation API generateSignInWithEmailLink and send an email to the users.
Users click on the email from their mobile phone and it automatically launches the App.
Desired behaviour
Instead of sending an authentication link in the email, we would like to use the SMS token validation feature of Firebase
This is very easily down via a browser based application.
How do we implement such a feature that on Android/Ios?
Option
We provide a custom backend HTTP end point which gets called by the user
From this backend, we instruct the Firebase Admin SDK to send a new SMS authentication token to the have any endpoint which allows the back end to send a SMS authentication token to the end user's mobile.
Is this possible? At first glance, I could not find anything in the documentation.
Thanks
https://firebase.google.com/docs/reference/admin/node/admin.auth.Auth
Firebase does not provide a generalized service for verification via SMS. You will have to find another service for that.
I am using Microsoft Bot Framework to build a bot that receives messages from a user and then connects to a a banking service he already registered. (In case you don't know Bot Framework, is just a Web Api where you post messages and it answers you according to the behaviour you specified in advance).
So the banking service knows his user and password. And let's say it also knows the user Skype's username, because the bot will be connected to a Skype Channel via Bot Framework Connector.
My question is: how can I authenticate (in the banking service) the user that sending messages to the bot? The idea of this is of course not to make the user send his credentials (user and password) via messages.
Making the bot send a link where the user can write his credentials and then trigger a callback is not an option. I need to make the authorization flow the most transparent I could do it for the user.
The only examples I currently have of Auth involve invoking a browser for the authenticating service where the user can enter their service-specific credentials, such as Mat Velloso's AuthBot sample on github: https://github.com/matvelloso/authbot
I assume your last statement means this isn't a valid option?