This is my first time interacting with Google API and I'm using python3.9 with this library Python Telegram Bot
I want to access a user Google API Calendar via a telegram bot and I can't seem to find any article to guide me through it. My key problem (I think) is redirecting the success authorization flow back to telegram bot.
This is what I have in mind:
In the telegram app, user send '/send' to bot
Bot receive message and return a google an authorization link to user
User clink on authorization link and allow access
Bot receive authorization access and completes the Oauth flow
The problem lies betweeen step 3 and 4. A standard authorization link is
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<clientid>&redirect_uri=<redirect_uri>&scope=<scope>&state<state>&access_type=offline
How do I send the authorization link back to my telegram bot? Should I create another API endpoint to receive that authorization link? Or can I send telegram api send_message() in the <redirect_uri> to redirect the success message to my bot.
Update 1
Thanks to CallMeStag, I manage to figure out a way to complete the oauth process. For people who faced the same problem, this is what I did
Pre-requisite: Credentials is created in google console api - Web application. redirect_uri set as localhost:8000 (During development phase)
User send '/send' to bot
Bot receive message and return an authorization link https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<clientid>&redirect_uri=http://localhost:8000/&scope=<scope>&state<state>&access_type=offline
User click on link to authenticate and it will redirect to http://localhost:8000. Used fastapi as a webhook to receive the message. Capture the authorization code, use google.oauthlib.flow to complete the authorization process. Next, redirect user back to telegram link https://t.me/<botname>
Start using user google calendar
It's currently indeed not very straight forward for a PTB-application to listen for external updates (the auth verification in this cas) - see also this issue. Currently it might be easiest for you to set up a custom webhook application that runs in parallel to the Updater - e.g. using flask/django/starlette/fastapi/…. Alternatively, if you're using webhooks for your bot anyway, you can patch the Updater to do the job for you. Although that requires some manual work - see here for an example.
Once you are able to listen to updates coming from Google, handling them can be done via PTBs usual handler setup, specifically via the TypeHandler or even a custom Handler subclass - see this FAQ entry.
Regarding the redirect url: You'll want to redirect your user back to your bot, so you'll have to provide a link that does that. Bot.link should probably do the trick.
Disclaimer: I'm currently the maintainer of python-telegram-bot.
Related
I have a Slack bot that is working fine and interacting with users. I'm using Bot Framework composer and the Slack Adapter.
In the Slack API portal I'm trying to change the Events Request Url the app uses to send Slack Events to my bot.
When I do that, slack sends a challenge request to my bot. The bot first tries to verify that the request is really coming from Slack following: https://api.slack.com/authentication/verifying-requests-from-slack#a_recipe_for_security
The problem is that this is failing and I can't understand why.
I see that Slack is sending all the right content, and that the ClientSigningSecret is being read, otherwise the other calls to the bot wouldn't work.
I know it's a bit far fetched to ask this since it seems to be a problem on my side. But since the bot is validating the requests just fine when users talk to the bot, and the code is from the Slack Adapter which is open source and there's nothing else I can thing of..... maybe someone struggled with the same problem.
I created a support ticket to Slack and they came back pretty quickly.
Pre publish state
Before publishing a Slack app the only configs that exist are the ones you see in the App configuration page. Those are what you use to test your app, this includes the secrets to authenticate the incoming messages from Slack into your backend.
After you publish your Slack App for the first time
Once your app is published, the production version that your users use will see the original settings, including the secrets and these are the ones your backend will get.
The settings you see in the configuration page are like development mode and they won't be persisted into the published app until you request Slack to approve your changes. That's sounds great and is what one would expect, but what you don't see and have no way of imagining is happening is that there are some development time secrets that are different from the ones you see on the settings screen.
When you change the endpoint url to be sent to your backend so that it can return the challenge and Slack would accept the new url, the message payload goes with this development secret and not the one you configured your backend with. Thus your backend will reject the call since it thinks it's not coming from Slack.
Proposed solution from Slack
Don't validate the signature of the incoming request for this type of call in an already published app. I don't like it but there was no other workaround unless Slack changes this. So what I did was:
Remove that check only for this request from the backend and publish to production.
Make the url change in Slack.
Revert the change from the backend.
:(
I want to utilise Google Meet api, which is used in Hangouts integration for Slack, description follows
TL;DR:
Links such as https://meet.google.com/new?gid=123&gd=qwe987 can be generated, so a modal is shown which can ask user's confirmation and then some request is sent from user's browser (where the Google Meet page is opened) to some endpoint (probably it is determined from gid which seems to be google application id). Is there a way to configure my application to have a webhook, so I can generate these custom links?
There's Google+ Hangouts app for Slack. Here's how it works (after you add the app in your workspace):
you send /hangout command in any Slack channel
slackbot sends an "Only visible to you" message in this channel with a link to start a new hangout. it looks smth like this (I changed data in the link): https://meet.google.com/new?gid=691521906844&gd=THTJ30X6W%7CU01113BD13M%7CD01113BDB5Z%7Csuren%7C%7C1846381238693%7C1%7CB01QFGG5GJF%7CE1MDm4DWcuVa0RbN5ZT9o5KF
when you visit the link, a new meeting is started instantly, and the page shows modal with text "To bring others into this video call, post a link it to your Slack channel" with buttons 'Cancel' and 'Post'.
when you click 'Post', a new message is sent to the Slack channel, where the command was sent. Text is "#Suren Khorenyan has started a Google+ Hangout and would like you to join. Join Hangout." and contains a link to the meet, which was created previously
How can I utilise this integration for another app, like Mattermost (or anything else like Telegram chats via bots)?
As I see, data in the url slightly changes. Probably it's payload for Google Meet to trigger Slack to send a message with link to the channel.
gid seems to be something like google app id
gd seems to be something like google data. If I url-decode it, it becomes THTJ30X6W|U01113BD13M|D01113BDB5Z|suren||1846381238693|1|B01QFGG5GJF|E1MDm4DWcuVa0RbN5ZT9o5KF. This is some kind of payload, separated by pipes (obviously), but I don't know what any part of this means (suren is my username in the Slack workspace, probably this is used for creating an invitation message).
When I click Post, this happens:
a new POST request to https://hooks.slack.com/services/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 is sent with form-data
hangout_id: 1812381238693
hangout_url: https://meet.google.com//abc-iuqx-def
a new message is posted to the Slack channel
Google meet somehow knows where to post back! Is this configured at the Google application (application id is provided via gid)? How can I configure my application for such behaviour? Where can I setup webhook url?
If we breakdown the request, we can see that url contains some parts of the gd payload:
THTJ27X6W - this is the first part of the gd payload
B01ABCD5GJF - last but one
E1MDm4DWcuVa0RbK5ZT9o5KD - the last part of the gd payload
and form-data contains:
hangout_id - this is in the gd payload after my name
hangout_url - obviously, this is the url for the new created meeting
How can I change it for my needs?
I created a new application at Google APIs dashboard (here console.developers.google.com/apis), but can't find any docs for this integration. There's Google+ Hangouts API in API Library, but it says Apps will continue to function until April 25, 2017..
I tried to approach it from another side:
In the API Library there's Google Calendar. I found mattermost-hangout app on GitHub (had to update it a bit, so it works with updated api). Here's how it works:
oauth2 for authorising at google (single account)
it handles POST request, which is meant to be received from Mattermost (triggered by a slash command),
creates a new calendar event using Google Calendar API (with conference),
takes hangouts url from the response and sends a new message in the Mattermost channel with invitation to join the meeting.
But it has some downsides:
you have to use one account to authorise all event creation events (yeah, it can be upgraded to authorise any number of users, but it'll be inconvenient. why to force anyone to provide access to their Google Account, when Google Meet authorisation just happens in browser, we don't need to create events)
account, used for auth, now has events in his calendar. of course, events can be deleted, but it's not the way.
Is there any documentation on utilising gid and gd params?
Generally, I want to find a way to configure a webhook in my app, so when Google Meet finds my application's ID in the gid query param, it looks at the app's config and sends a request to my app (previously configured endpoint (I assume it works this way)).
Of course there's a chance that it's some kind of internal API and it cannot be used by everyone, but I could not find any information on this.
When creating a slack app, it creates a new "channel" in the left hand menu. I want to be able to send a message to specific users and not to all users in a workspace who have integrated with the app.
For example, if I make the following request:
curl -X POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}' https://hooks.slack.com/services/ABxxx/CDxxx/EFxxxxxx
It will send a message to all users who have integrated with my app with the text "Hello World".
But I only want to send a message to user A without User B being notified.
I don't want to message a user directly and it to appear to come from slack bot. I want the message to appear to come from my bot / app.
How can this be achieved via slack API?
I found this quite hard to explain so please let me know if you'd like me to clarify anything.
The problem of your request that you are using a hook URL which is bound to a particular channel (you pick it during Slack App installation).
To send a direct message to the user on behalf of your bot, you need to consider the following things (this is not the single way to achieve it, but works for me):
Ensure you have a bot registered for your Slack App.
Ask for bot and chat:write:bot permissions during App installation process (example for Slack Install button and here).
Store the bot access token on successful installation (see for details).
Now using the bot access token you can send Slack API requests.
To achieve what you need, use chat.postMessage API method. channel argument can be user ID (e.g. U0G9QF9C6). By setting up as_user argument to true, your message will be always sent on behalf (name and icon) of your bot (seems for bot tokens it's always like this, but it's recommend it to specify it explicitly).
Hope it helps. Feel free to ask for details.
I'm using slack api to send reply whenever there is any direct message to authenticated user. So I created app, enabled events api and verified webhook url and subscribed to messages.im event
I use regular oauth flow with scope(chat:write:user,users:read) to get the access token.
First I tried with the admin of the workspace and everything worked fine. Whenever there is a direct message between admin user and any other user, i'm receiving events to my callback.
NOW
when I tried same with normal user(user2) i'm not receiving any events back when there is direct message between user2 and some other user. I followed the same steps above.
User2 went through same oauth flow with same scopes and got the access token of his own. As I subscribed to events api, I should be able to received event callbacks to the url I mentioned.
Is there any issue here? Is this not how things work?
This is not supposed to work.
Your Slack app will only receive message events from channels / conversations, which the installing user is a member of (e.g. the admin is member of the direct messaging conversation between him and others). But it's not possible to get direct messages between other users.
This is how Slack's security architecture is designed. In general it is not possible for any Slack app to monitor all private and direct messaging channel, even if the installing use is an admin / owner.
A common workaround for private channels is to retrieve messages for a bot user and make sure that bot user is a member of all private channels you need to monitor. However, this workaround is not very practical for direct message conversations.
Turns out it is an issue with scopes, following is the message I received from slack support team, they are awesome.
Hi Sasikanth,
Thanks for getting back to me. I took a look and it seems that there was some change with the scopes requested when user2 installed the "My App Name" app.
Here are the scopes that each of these users received upon installing the "My App Name":
user1: im:history,users:read,chat:write:user
user2: users:read,chat:write:user
You'll notice that user 1 above has the im:history scope, whereas user 2 above does not. It's mentioned on the doc for the message.im event type (https://api.slack.com/events/message.im) that the im:history scope is needed.
That's the reason why you're not receiving the message.im event type for DMs sent to user 2.
I hope that helps to explain the issue. What you'll need to do is remove the authorization for user2 from: (my dev app url) and have that user reinstall the app with the appropriate scopes.
Here's the scenario:
The user has set that is attending an event, I want through my app (php sdk) to post on that event's feed on behalf of the particular user. I already have publish_stream extended permission from the user.
The post might happen at a later stage while the user is offline (but from what I understand offline permission is now depreacated).
Yes, you can post link, post or status message to Event feed via Graph API, you should issue POST request to feed connection of event
This is an example for publishing link:
POST https://graph.facebook.com/EVENT_ID/feed?link=http://example.com&access_token=...
As you noticed offline_access permission is deprecated (and will stop working May 1, 2012, see Developer Roadmap) you should read how to handle expired access tokens and how to extend token.