When the user cancels the associated account in the action of Google home, does it notify our server
User unlinking events trigger a DISCONNECT intent.
Related
Is it possible using a service account to add events in the user's calendar ?
For example given a internal email (in our workspace), could we add an event for this user ?
We have a configured service account with Domain-wide Delegation, we are able to list users, create new one etc. But we would like to access their calendar to add new events.
Is it possible to achieve ?
Edit
We do not want our user to use a OAuth2 consent screen, we want to do it smoothly without them to need to interact.
If you set up domain wide deligation for the service account to a user on your domain.
Then yes the service account will be able to act on behalf of that user and add an event in their calendar.
Service accounts have their consent preconfigured so no consent screen will be shown.
I am able to create an event in Google Calendar using Service account and Google Calendar API, where Project and Service Account is created in Google Workspace admin account and in the same account, I have enabled domain-wide delegation property. I haven't created separate calendar and haven't given access to Service account. If I use my workspace-google account in createDelegated(), with this event is getting created in 'abc#myworkspace.com' calendar and 'created by' property is also the same for every attendee I have added.
GoogleCredentials googleCredentials = GoogleCredentials
.fromStream(new FileInputStream(CREDENTIALS_FILE_PATH)).createScoped(SCOPES)
.createDelegated("abc#myworkspace.com");
So my question is what if I need to create event for non-workspace google account(lets say def#gmail.com)
Can I pass 'def#gmail.com' into the createDelegated()? If I do, I am getting,
Error getting access token for service account: 400 Bad Request
So how to create event for non-workspace google account?
Note : App type is still 'Internal' in OAuth consent screen.
Could someone explain what am I missing here?
A service account with domain-wide delegation can only be used for domains
A Google Workspace account is a domain, a personal consumer account is not a domain.
Consequently, you can not perform a request on behalf of a consumer account user via a service account.
Instead, you would need to create the event directly as def#gmail.com similar to the documentation sample.
No you can only delgate to an account on your domain
createDelegated("abc#myworkspace.com");
You can not delgate to a standard google account as there would be no way for you to configure the permissions
perform-google-workspace-domain-wide-delegation-of-authority
Perform Google Workspace Domain-Wide Delegation of Authority
Note: Only users with access to the Admin APIs can access the Admin SDK Directory API, therefore your service account needs to impersonate one of those users to access the Admin SDK Directory API. Additionally, the user must have logged in at least once and accepted the Google Workspace Terms of Service.
Owner vs attendee.
A service account properly delegated. Will have permission to create an event on behalf of a user in the domain that they have been delegated permission.
Example: I have delegated permission to my service account to user User1#myDomain.com. For all intensive purposed the service account now has all permissions of User1. So the service account can create a new event on behalf of user1 and invite anyone to the event they choose.
As there is no way to set up deligation to user2#gmail.com there is no way for the service account to act like this user as it is a standard gmail user.
The only way for an application to create an event on behalf of user2#gmail.com would be to use Oauth2 and request consent of User2#gmail.com to access their private data. Then the application would be able to create a new event on behalf of User2#gmail.com.
Remember this is creating an event. There is nothing stopping the service account delegated as user1#mydomain.com from inviting user2#gmail.com to the event. user2#gmail.com will then be notified that they have been invited to the event they can then decide if they want to attend or not if they accept it then it will appear in their google calendar account. Notice how user2#gmail.com had to manually accept this. User1#mydomain.com did not have to manually accept that the event was created in their google calendar as the service account was acting on their behalf.
IBM Knowledge Center states that
Server disables security access checks during subscription execution
but does not mention the user credentials the code uses to execute which you need to know in order to map user RunAs roles on the application server.
What user credentials does FileNet use to execute event action code?
As I understand, when you create async subscription it will be executed under p8boostrap user.
And it will keep user context when you execute syncronious subscription.
But you can check it for sure.
It is using the user who triggered the action. E.g. if a user changes a property of a document (let's say DocumentTitle because it is always there) and clicks save, then an update event will be triggered which launches the subscription (if subscribed to the update event) which launches the action. Use synchronous for short running tasks, you can immediately show the update to the user. With asynchronous the user will have to click "Refresh".
Security can be a pain if not planned carefully at the beginning, for the action to be executed, the user has to have rights for the subscription, action event, document class etc. basically for everything involved or the user will get a cryptic error message when trying to modify the DocumentTitle.
Source: personal experience, sorry no official reference, if in doubt verify first.
I am developing a web app in Ruby on Rails for registering talks given in my company. If a user registers for a talk, then it should update the Google Calendar event for all users who have the event on their Google Calendar.
https://developers.google.com/accounts/docs/OAuth2
I need to use OAuth2 since I need to modify the user's data and I need to obtain the consent from the user as well. So I can redirect them to the Authentication page where they can sign in to view their account. But in this case the user data I want to modify is Calendar of all those people who signed up for the event.
Is there any easy way to do this? Like using an admin account?
When you want to update the Google Calendar event for all users who already have event in their calendar, you no need to use OAUTH as user authentication is not required.
This is because, when there is an update in the existing event then all the users (who are all already added as attendee in the existing event) calendar gets updated without users consent screen.
What is the best way to allow a member to cancel their account? Should I simply have them click a cancel button on the site?
Have a button or something that allows canceling the account with confirmation so that the user doesn't cancel by mistake. Also don't delete the account, have deleted flag in the users table so you can reactivate that account if needed.
Regards, Alin