is it possible to generate a plaid public token without initializing Link? - plaid

I want to get the latest balances of accounts every time the user opens the page in our system. in order to do that, I need a public_token to request for access token and load accounts balance, but I couldn't find how to generate a public token without Link initialization. is there a way?

No, this is not possible except in the Sandbox test environment. Note that once you have an access token, you can save and re-use it for future calls.

Related

How to upload to YouTube without authorization

I need to check the uploaded videos on a YouTube Channel and then upload missing videos via a CRON JOB.
I first thing I tried was the REST API and the server response with the endpoint was moved.
The problem I ran into with the PHP Google API Client is that it requires the user to authorize the token.
I now tried using the Python Code, but it also requires a authorize session. Also when creating the OAuth 2.0 client ID we are suppose to use OTHER. And there is no OTHER.
Python quickstart
Any Ideas? This has been really frustrating as there does not seem to be a lot of examples other than the ones Google provides. I also could not find a rest equivalent. I do not care if the solution is python or Rest or PHP client. I just need a user less CRON job doing the work.
What you need to consider is that there are two types of data public data and private data.
Public data is not owned by any user. Videos on YouTube for example for the most part are publicly available and do not require authorization to access. On the other had private data is data that is owned by a user.
In order to access public data you just need an api key to identify your application, however in order to access private user data you need the permission of the user who owns the account in question.
In order to upload to a users account (yes even your own) you need to be authenticated there for you will need to use Oauth2 yes even if you are using a cron job you still need to be authenticated there is no way around this. There for you will need to create Oauth2 credentials.
What i recommend you do is. Authorize your code once your your local machine store the refresh token and use the refresh token to request a new access token when ever your cron job needs access. I recomend you give that a try and if you have any issues create a new question include your code and a description of the problem you are having.
This is your only option with the YouTube API.

How to sign out when using gapi.auth2.authorize

I am using gapi.auth2.authorize to authorize people in my Google Photos API app but I cannont find a why to unauthorize or disconnect them from the app. What I have noticed though is that there is no way of using an old access token so that the user doesn't need to authorize.
How can I make the access token invalid?
Is it correct that every time the API is used the user has to authorize?
Thanks
How can I make the access token invalid?
Not possible to invalidate an access token, it will expire after 1h
You can check documenttation here
Is it correct that every time the API is used the user has to authorize?
Nope, you should ask users to authorize only once, using a refresh token that you can keep in your back-end, thus allowing your app to content on on users behalf all the time, until they revoke permissions

How does Google One-Tap manage my refresh tokens? How does it differ from GAPI?

In the documents of Google One-Tap sign in, it says:
Returning users are signed in automatically, even when they switch devices or platforms, or after their session expires.
Question 1:
But it doesn't say anywhere how it does this? Is the user refresh token saved in the browser's cache? How can it then auto log in a user cross devices?
Question 2: The reason I ask is because I have a setup where I initialize the Google API client for JavaScript ("GAPI"). The GAPI library also automatically logs in a user whenever the client is "initialised" through gapi.client.init().
Now the problem is that after I have added the Google One-Tap code (Or should I say "YOLO code"? : ) my user gets logged in through One-Tap and also through GAPI. I can prevent this by not initializing the GAPI client, but I don't think that's wise, because I thought this whole library is built to manage my refresh tokens etc. Is my understanding correct that One-Tap does exactly the same and in case I only want to Authenticate users I do not need the GAPI client anymore?
Really, which library does a better job at managing my refresh tokens? And how do they differ? I'm clueless...
The way I implemented my login is the following:
Try to login in the user first using gapi.auth2. Maybe the user was previously signed into the site.
If can't login user automatically, then use googleyolo to try to find existing user accounts.
If no existing accounts, then present a signin button for user to signin.
I can give you some code snippet if you need.
To answer your questions.
#1, the credential is stored within the browser/device. If the user has never signed into google in a device, then yolo won't be able to sign in the user.
#2. googleyolo will also login the user, the difference is that it will give the account selector even if there's only one user to select (it will automatically login the user if there's only one). gapi simply sign in the user without showing anything.

Strapi - anonymous browsing

I'm developing a mobile app which will allow users to browse without signing up. I would like to have all my endpoints secured via token.
How would we go about allowing anonymous browsing? i.e. provide a token to anonymous users.
Not sure to understand your case, why do you need a token if your users aren't registered and your API opens to everyone?
The authentication system of Strapi has been built to only send token to registered users. However, the easiest way to make it work for you is to register every visitor coming in your app based on their IP or something unique as a username and set the same password for each one of them. Then, every time the user comes back, you can call the /auth/local URL to sign-in the user and get the token or use the token stored in the local storage.

How to keep user authenticated long term using google api client library

Background
I'm working on an app that will run on a device which does not contain a browser, but I want to get the users google tasks through the google api.
Because of the lack of browser, they can't authenticate on the device, so I have it set up in such a way that they visit a website and authenticate there, then the device makes http requests to the website to get the data it needs.
Problem
Once I got everything working this system works out OK, the problem is it only works for a day or so before the user has to visit the website again to refresh their access token.
It would be great if the user could be authenticated for very long periods of time, or even forever (not sure if that's possible or secure). Can I get some suggestions on what people think is the best way to accomplish this kind of long term athentication?
Refresh tokens?
I've heard there is a way to store the user's refresh token in a database and somehow use that to refresh their access token. If this sounds like a good way, can anyone point me in the direction of an example to get this to work?
I've been using the google api client library for ruby
Thanks a lot!
You're on the right track with the refresh tokens. I can't help too much with the Ruby API, and honestly I just did this calling the REST api directly, but this doc should help you understand the actual calls you need to make.
https://developers.google.com/accounts/docs/OAuth2WebServer#offline
Note that for a lot of their examples you need to remove the newlines for them to work.
Basically like you said, you need to send the user to https://accounts.google.com/o/oauth2/auth with the access-type=offline parameter for them to give consent. This comes back with an authorization code, which you send to /o/oauth2/token. This comes back with an access token and a refresh token. You can use the access token immediately, and you store the refresh token, which never expires. When the access token expires you send the refresh token to /o/oauth2/token (note that the grant_type changes to refresh_token) to get a new access token.

Resources