Could anyone please explain how to use Microsoft Graph API's calendar/getSchedule request for application permission type?
I am using the the it in my app as a cronjob, means that i need to use 'POST /users/{id|userPrincipalName}/calendar/getSchedule' instead of 'POST /me/calendar/getSchedule' since the later requires a user to sign in.
My question is which user I should choose for {id|userPrincipalName}? Just random one from the list I want to check or just the admin id will do?
I have found a github issue regarding this but no one has answered it yet.
You can use any user or admin id on the condition that the id has a mailbox which enable them to access a calandar.
Related
In the documents of Google One-Tap sign in, it says:
Returning users are signed in automatically, even when they switch devices or platforms, or after their session expires.
Question 1:
But it doesn't say anywhere how it does this? Is the user refresh token saved in the browser's cache? How can it then auto log in a user cross devices?
Question 2: The reason I ask is because I have a setup where I initialize the Google API client for JavaScript ("GAPI"). The GAPI library also automatically logs in a user whenever the client is "initialised" through gapi.client.init().
Now the problem is that after I have added the Google One-Tap code (Or should I say "YOLO code"? : ) my user gets logged in through One-Tap and also through GAPI. I can prevent this by not initializing the GAPI client, but I don't think that's wise, because I thought this whole library is built to manage my refresh tokens etc. Is my understanding correct that One-Tap does exactly the same and in case I only want to Authenticate users I do not need the GAPI client anymore?
Really, which library does a better job at managing my refresh tokens? And how do they differ? I'm clueless...
The way I implemented my login is the following:
Try to login in the user first using gapi.auth2. Maybe the user was previously signed into the site.
If can't login user automatically, then use googleyolo to try to find existing user accounts.
If no existing accounts, then present a signin button for user to signin.
I can give you some code snippet if you need.
To answer your questions.
#1, the credential is stored within the browser/device. If the user has never signed into google in a device, then yolo won't be able to sign in the user.
#2. googleyolo will also login the user, the difference is that it will give the account selector even if there's only one user to select (it will automatically login the user if there's only one). gapi simply sign in the user without showing anything.
I'm trying to get further user details from the Slack's API.
Currently I'm authenticating users via Slack's OAuth2 that returns a code. I'm currently asking for scope=identity.basic,identity.email,identity.avatar. When I try to ask for more, like users.profile:read, the link redirects me to a crash page.
My link for signing in to my app via Slack is like this, for now:
Thanks for any help
Sign in with Slack works as a kind of sidebar form of OAuth 2.0 authorization for Slack. It's meant to be used for identity, exclusively. So whenever going through the flow and asking for an identity.* scope, you'll be restricted from combining it with others.
You can still ask for users.profile:read, but you have to do so in a separate authorization attempt where it's not among the momentarily requested scopes. It'll then be added to the user token you already hold for that user.
I am looking for some help setting up a connection between Oracle Fusion and DocuSign API. We want to use DocuSign to electronically sign procurement contracts we have in Oracle Fusion Procurement application and to set this up you need to provide the following details onto a form in Oracle Fusion:
Username
Password
Account ID
EndPoint URL
Once this is entered, you can click 'Validate' and the form will validate the connection for you.
I got most of this information from the API section of my demo account so have been able to provide everything except the EndPoint URL. To fibnd this out, I used the API explorer tool http://iodocs.docusign.com/, entered my account details at the top of the form and ran the GET v2/login_information REST message. The response I retrieved contained a 'baseURL' which I assumed was the same as the EndPoint URL and input this into the Oracle Fusion form, hit validate but unfortunately I was still unable to validate the connection.
I spoke with Oracle support and they advised that from their side they simply need the information in the form to validate the connection (assuming that information is correct and a DocuSign account exists) there doesn't appear to be anything else required to make a connection. So I can only assume that something isn't configured correctly within my DocuSign demo account and need some advice on how to check this. If anyone has had to do this in the past and came up against the same issue I'd love to know how you managed to get it working.
Any help and suggestions would be greatly appreciated :-)
Thanks,
Jamie
Based on that information, my guess is that the "EndPoint URL" would actually be something like https://demo.docusign.net. The application can then append whatever it needs after that. You could also try these:
demo.docusign.net
https://demo.docusign.net/restapi/v2
https://demo.docusign.net/API/3.0/api.asmx
https://demo.docusign.net/API/3.0/dsapi.asmx
(Note: The last two are for the SOAP API.)
I made a members-only site that uses Google oauth2 to authorise users. The site is built with the Laravel framework and Artdarek's oath library.
When the authorization callback comes from Google, I lookup the user record in the DB by email and proceed to the protected page if the record exists, otherwise to a register page.
The problem is some of our members use two Google accounts. One user registered via his primary account (e.ge. a#gmail.com). The next day he returned and mistakenly tried to login with b#gmail.com. Naturally the system showed him the registration page. From that time on each time he visits the site the authentication mechanism sees him using his second (unwanted) set of credentials.
To resolve this one case I instructed him to logout of all accounts (on both sides), clear cookies and start from scratch but this is not a practical solution for all users. In same cases even this measure does not seem to correct the problem.
How can I solve this case? What is the right way to request oauth authentication and get them back from the right account? Can I force Google to ask the user with which account to proceed?
Google will automatically ask the user which account they want on an oauth request if they enable the account chooser.
I have logged into my Google Apps and my Google account, so for me on an oauth request, I get the following prompt:
In order to do the same for your user, they have to click "Stay signed in", but of course this is not advisable for public computers.
Beyond the above, I'm afraid not much can be done. - if they logged in with a#gmail.com at that time, these are the credentials you will receive.
They way I solve this problem is to have a field where the customer can add additional emails, and select one that is primary. I will then inspect against these emails when a request comes in to avoid duplicate user accounts.
I am using Google Admin SDK Directory API to create users and using Service account I am able to perform CRUD operations on them.
I have a requirement whereby I have to check the credentials of users created using SDK.
When you fetch the users the password is not returned, hence comparison cannot be done.
I'll really appreciate if someone lets me know what would be effective way of approaching the checkCredentials function.
Thanks.
Google does not ever return the value of the password. That would be a monumental security risk.
See their documentation in regards to the user resource used in the directory API. It specifically states that the password field is never returned. It can only be used for setting the password.
If your requirement is too check creds on a newly created user, you should look into trying to login as the user with the password you just sent, using the google auth Apis
At the moment, the only solution I've found is to simulate the user login flow with a fake browser (Apache's httpcomponents-client for Java for example) pointing to Google Account ServiceLogin.