I want to try and scrape data from the Mozilla Marketplace so that I can have a daily email of downloads and installs that are reported there.
This is all fine and I have done this is many other place simulating HTTP Post for a "normal" login form.
However, can something similar be done with Persona via code to login programmatically?
A few of the tools and work-arounds are mentioned in this thread: https://groups.google.com/d/topic/mozilla.dev.identity/BkvU9FJQ5Uw/discussion
Feel free to ask for more information there.
Related
I'm enjoying developing cross-browser web extensions, the main target being Chrome, so much that I started to think to develop one for my company. I find a chrome extension quite a cheap and efficient way to deploy internal apps. The main purpose is to host a couple of dynamic dashboards that fetch data from various APIs by using cross-domain ajax in background scripts. I finalized the app and I was also able to implement the authentication via chrome.identity and Azure AD.
However, I am struggling to find a safe way to customise the content.
I mean, when the extension is installed it requires to login to azure via the chrome.identity flow. Then I get a token that I use to query ms graph and get the user ID, name, email and basic info.
Until I get this information I want the browser action (popup) to be unavailable to the user as well as any other extension pages. After a successful login I would like to show the content on the pop up and to let the user access the pages, but here I want to customize the experience.
I know how to use the user id retrieved from the api call to customize the extension, but I think it is not safe because all the code is in the client.
If I code something like
if (user === logged) show something
it will be damn easy for a malicious user to look at the code and bypass it, or even to impersonate another user. And chrome extension cannot be obfuscated.
Any help?
Thanks
my dev and I would like to implement the google picker on our website. It will allow the web-visitor to upload their files from their Google drive to our website.
My dev is now trying to get the API for the google picker however they are asking for a "demo video that showcases the process to request an OAuth token" and we were wondering how we should do it when we don't have the API from google.
We are doing all of this on the staging site and we were wondering how are we suppose to do this demo video when the API is not provided and not installed.
please enlighten us, thank you!
See the question How can I make sure the verification process is as streamlined as possible? in the FAQ. It explains what the verification team is looking for with the video. Mostly it's just about showing how your product uses OAuth and the various APIs -- in your case how it asks for access to Drive, how the picker is used, etc. You're showing the integration from the user perspective.
When I try to publish my app on the Gsuite Marketplace via GCP, I find no way to change the setting 'Visibility'. Event if the app has never been published.
Between the two options (My Domain - Public), My domain is selected and can't be switched to Public, so nobody has access to my app.
Any help?
I've tried to contact the support and find help on forums but no answer at all.
First step, I'd recommend reviewing Choosing where to publish to ensure that you've published to the correct location. As noted under Publish your app (before you publish), your app is reviewed to determine if it meets the requirements for the relevant store. Additionally, your application may also have to undergo OAuth verification (I think this could be the problem) , and security assessment if it accesses user data, such as Gmail, Drive, Contacts, or Calendar
If your app is exempt from verification or if you've already undergone assessment and been approved, and your issue persists, I'd recommend contacting Marketplace Developer Support, via the below steps, who can assist you with your publishing issue.
Navigate to the new Developer Dashboard.
Click Contact Us.
The Developer Support contact us form is displayed.
I've tried to contact the support and find help on forums but no answer at all.
How did you contact Google Support? They have many teams and sometimes agents are not aware of the scope of support. Personally I would contact GCP Support first to verify your App in GCP, once they confirm everything is working from their end they need to route the case to GSuite with an Admin Console specialist to debug the problem
So I'm trying to register a new client on the instagram API. I have a business account and have done the proper steps prior to this. Everytime I fill out the "Register New Client ID" form and submit it, I get an error "The captcha solution was not correct. Please try again." But no there is no captcha for me to fill out!! Looking at the console errors it says the CSP page setting's are blocking this source https://www.google.com/recaptcha/api.js. I'm gonna take a wild guess and say that has the captcha I need that's not appearing..lol.
Anyway, I've disabled all my content blocking settings and JS is enabled on firefox (oh I'm using firefox developer edition btw) and no change. I've also tried this in chrome and safari, no change. I don't have this issue with other sites that use captchas.
Anyone have any idea what's going on?
'preciate it!
Had the same issue here on Google Chrome. Used IE11 (version 11.345.17134.0 to be exact), and captcha displayed instantly. I've successfully registered a new client
I suggest to wait until Instagram team realizes to upgrade their whatever scripts & parameters.
I found myself in the same scenario:
I'm logged on Instagram
I land to instagram.com/developer/clients/register/ over Google Chrome 70.0.3538.102 (no extensions)
No captcha. And I get the following from the console:
ps: I tried figuring out how to submit this specific report, but after several searches I find myself loosing too much time... to make them aware.
I privately host a site for my family that uses the Google Spreadsheets API (readonly). I received an email from google looking to "Remove risky access to your data". My site is listed with a warning:
I've gone through the verification process (filling out this form: https://support.google.com/code/contact/oauth_app_verification) but got the response that if the site is used privately "you don't need to go through the verification process". They state this in their FAQ also: OAuth Developer Verification Form FAQ.
However, the site still shows a warning in Google's security check-up. I can ignore this but I think other family members will be worried unnecessarily OR ignore future warnings about other apps assuming it's the family one they normally ignore.
Is there a way to verify myself as a developer of a private site or mark the access as trusted so the warning doesn't recur?
I ended up making my site public and going through the usual verification process.
Not really an answer, but rather to flag that this is an issue my dilemma as well. Although I run time-based Google Script within an organization. I've contacted folks at the Google Cloud Platform and they have opened a case. However, here is something interesting I've stumbled across just now. Go to your Google account and do Security Checkup
After the checkup your screen might be showing something like this
Try clicking "Dismiss" to prevent Google from removing your app.
I'm just testing it myself and if in an hour (that's how long it usually takes Google to remove your own script from the list of self-authorized apps with access to account info) Google won't remove it, I guess it would work for me!