Secondary User verification in Google Home devices - google-home

I am developing the backend for controlling devices in node.js. The basic functioning of giving voice commands and getting the response to it is done. Now I just want to extend the project to add Secondary user verification. I am following the steps given in the Google developer Documentation - https://developers.google.com/assistant/smarthome/develop/secondary-user-verification.
I have a question regarding the pinNeeded function provided by Google. It expects me to enter the PIN by a voice command but I want to allow the user to type in the PIN as it ensures security. Is this possible ?

Related

Failed to get device list from HomeGraph: Requested entity was not found

I have implemented Smart home actions as per documentation, i have enabled Home graph api,
i got agentUserId from Google Oauth playground, but when i submit agentUserId and service account key in test suite its returns an Error 404 msg:
Failed to get device list from HomeGraph: Requested entity was not found.
I am able to operate my devices from google home app, but not able to test with test suite.
I am looking for possible reasons.
I encountered this today, and was confused as nothing was even trying to contact my server. I had been using the test tool successfully beforehand, so I knew my agentUserId was correct, that HomeGraph API was enabled and my service account was correct. It turned out that I was not currently linked to my Google Home app on my mobile with the same user at the time I was trying to run the test tool. I had unlinked it, therefore the agentUserId was not found on Google's side.
To summarise:
On your mobile link to your test Action
Make sure this is the same user account which you have the agentUserId from - ideally capture a log of your SYNC output and compare
Verify your service account's key in the JSON file you upload is listed in the list of "private_key_id"s in your service account
Try the test tool again whilst you are still linked on your mobile

Consent Screen still being verified

I'm developing an Windows application that uses the Google Calendar API, already filled in all the informations in the "Consent Screen" page and sent to verification. After 3 days I received an e-mail saying:
Verification not required. Your app is not required to go through verification at this time. We will be closing out this request and there will be no impact on your app.
After 2 weeks, my consent screen page is still saying "Your consent screen is being verified." and the logo I choosed does not appear in the OAuth Screen. Any ideias of what is happening? Do I need to wait longer?
You must list one or more sensitive scopes in the under the Scopes for Google APIs section of your OAuth consent screen so that Google knows which scopes to verify.
I've created a screencast showing the process to add the ../auth/contacts.readonly scope to an OAuth project here. You should be able to use it as a reference to add the sensitive scopes you are accessing via API.
When you have added a sensitive scope, you'll see a warning asking you to verify your app, like here:

What's the best way to ask a user for an API Key when setting up a Slack App?

Just looking for some general advice here.
I want to build a Slack app and publish it publicly to the Slack App Directory, for anyone to use. The basics of the app are:
When you paste a link to a specific domain in a Slack message, a bot will fetch additional information about that link from a Rest API my company built.
The roadblock I'm running into is that our Rest API uses Basic Auth for authentication, and I can't figure how or where in the Slack App setup flow to ask the user to enter their API key.
Does anyone have any advice on how to ask for user input when setting up a Slack app, so that the user can enter their API Key for our REST API?
Thanks!
OK, I will assume that the API key is individual to each user.
I would suggest to ask the API key as part of the installation process for your Slack app on your website and then store the connection between Slack user ID and API key as part of the installation process. It is in fact possible to have individual installations of the same Slack app to a workspace for each user. This is called "configurations" (e.g. the Twitter app for Slack is using this feature).
This requires each user who want to use the app to go through the installation process and also all users need to have permissions to install this particular Slack app (which can be configured by admin).

Using OAuth 2.0 for Devices - Google API - Google Drive

I took a look in some docs at developers.google and some questions here in stackoverflow and I really would like to found an objective answer about use the Google OAuth Server to authenticate an application and grant access to download docs into a Google Drive account with NO BROWSER interaction.
As far as I could look, docs like "Using OAuth 2.0 for Server to Server Applications", "Using OAuth 2.0 for Devices", answers here, I couldn't found an article saying "Is possible to authorize an application to get files from a common Google Drive account in Devices with no browser...".
Anyone have tried and had success in this jorney?
The Devices flow is meant for applications that run on devices where no browser is present (fancy example could be a wristwatch that shows new G+ notifications) and requires the user to do manual steps on a device that has a browser. Also this is for getting access to data on the user's account.
UPDATE:
As you say you have an embedded application running without a browser available and want to access data on behalf of a user, this is definitely the way to go. This however still needs the user to login (once) on another device with a browser. After you got an access token using this flow, you can then access the Google Drive API either manually or by using some library.
So you want to access data on Google Drive that belongs to a special account and only your application can access it without a browser involved?
A Service Account (the Server-to-Server flow) would be exactly what you need. These however are only for usage on a web server, as otherwise your private keyfile would have to be deployed to a client, where it could easily be extracted.
One thing you could do is use your own web server that fetches data from your Google account using a Service Account and have a client application that only connects to your own web server. This has of course also its downsides, especially when it comes to locking down your web server so no third party clients could access it.
It can be done, but a browser does need to be used. I've successfully gotten OAuth 2.0 working on an IBM i (AS/400, iSeries, System i, whatever the name is today) which doesn't have a browser. I've so far implemented the Calendar and Google Cloud Print APIs.
During the OAuth 2.0 negotiation you will be returned a URL and a code. You need to display the URL for the user to go to, then the code to enter to grant authority for that specific API/scope. I have an example in our documentation here:
http://docs.bvstools.com/home/greentools-for-google-apps/docs/g4g-base-commands/g4gregsvc
But, the issue now is that the drive API is not yet available to devices. But, Google has said that soon it should be.

APP Inventor get current user functionality

I know on the Google App engine there is support for Google Accounts via user = users.get_current_user() functionality. I have used this and then I request the user to create account on my app. Is there anyway for the phone app to gain assess to the the user = users.get_current_user() functionality?
I have seen the example of creating a register / login on AI and storing it on TinyDB but the Google UserID is already available on the app engine. How do I access this functionality on the phone app?
with OAuth you can ask the user for permission to view his email address and read that information from his Google profile, see an example how to do that with App Inventor here http://puravidaapps.com/taifunOA.php
No, this feature does not exist. It has been proposed and can be voted for here.

Resources