I'm using Deno instead of node as a runtime, which makes me unable to use firebase-admin. I would like to implement the listUsers from the admin sdk in REST, but have not found any REST api references. Is there a way to use the firebase-admin sdk with REST?
You are looking for the Identity Toolkit APIs, the accounts:batchGet to be specific. You'll need an access token to use those APIs since you cannot use default credentials with the REST API. Checkout the documentation for the same.
You can use the API explorer linked above to test APIs from the browser itself.
Related
I created an app in the Google Cloud console with an OAuth 2.0 client.
Can I programmatically update the list of allowed redirect URIs to allow different subdomains? (a.example.com, b.example.com, etc.)
The only way I was able to do it was via the GUI at https://console.cloud.google.com/apis/credentials which is not scalable.
I was looking for this same thing.
All I could find was this, but it is only for Identity Aware Proxy
https://cloud.google.com/sdk/gcloud/reference/iap/oauth-clients/create
We have a custom built web app backed by a REST API. We already have existing user accounts that are created via our system. We've just recently integrated Domo to do reporting and they recommend Okta.
Is it possible to get have users sign in on our site and in the background also sign them into Okta via an API call/OAUTH request etc?
Yes it is. The methods are available via the API, and I just created app that demos exactly this in Python. Check out http://developer.okta.com/docs/api/resources/authn.html for links to test stuff in Postman. My basic approach was to have Okta be the system of record, but it can certainly be the other way :)
What is the recommended way to restrict my django rest framework APIs to be available to my mobile and web apps only ? I'm using django-rest-auth to authenticate my users. There are some APIs that can be accessed anonymously. But I need to make sure that all the APIs are available only through my apps (mobile and web).
Any help/tutorials are highly appreciated.
Thank you
You need to setup the authorization scheme at the configuration level to restrict it to your mobile / web app only and explicitly set the public ones at the class level. See http://www.django-rest-framework.org/api-guide/permissions/#setting-the-permission-policy about implementation details.
Because all requests can be sniffed you can't use any Secret-key or check for HTTP origin (it can be faked easily).
For mobile you can try using secret-key generator with some special algorithm. Fro example MD5(current_time + your_secret_phrase). Then you will be able to verify that code is acceptable. It will make using your API almost impossible for sniffers.
But for Web you can't do much. All headers can be faked. The only way - user authentication.
You can, of course, use Secret-key and change it every month/day/hour. But is it worth it?
I would like to configure the Google API services programmatically instead of having to go through the API Console. For example, I would like to be able to the following types of things programmatically:
Create OAuth and API Key credentials; this would include generating
the client id\secret, setting the redirect uri, downloading the
client_secrets.json file, etc.
Get the list of projects for a user
Enable\disable services for a specified project
Does Google provide any APIs for configuring services so that I don't have to use the API Console's GUI? All of the documentation I have seen has indicated that the only way to do this is through the API Console’s GUI.
You can use the Cloud Resource Manager API to get the list of projects for a user. Unfortunately, public APIs don't exist for the other things at this time.
Where can I find a java exemple for offline access to google API?
My background java process needs to download data from Analytics.
I found this tutorial:
https://developers.google.com/analytics/resources/tutorials/hello-analytics-api#create_service_object
It works but does not explain how to perform an offline_ ccess.
In HelloAnalyticsApiSample the user uses the browser to retrieve all the tokens.
...but when access token expires, how can I instantiate the "Credential" java object with a refreshed access token without the use of the browser?
This case is not present in this tutorial.
Does an offline access example using java library exist?
Take a look at https://developers.google.com/accounts/docs/OAuth2WebServer#offline to see how you can obtain offline access and use Refresh Tokens.