We have a client_secret setted-up for blocking non-organization users from access on our internal CRM.
Using the same client credentials, we will wish to be able to upload videos, through our CRM, directly on our official Brand YouTube channel.
There is a problem though: linked to the main GSuite organization account, there are two youtube channels, one nominal and one branded.
Trying to generate a token for uploading videos on the main branded channel, through our client_secret, during the authentication phase the API responds with:
Errore 403: org_internal
This client is restricted to users within its organization.
Richiedi dettagli
access_type=offline
o2v=1
response_type=code
redirect_uri=https://CRM_DOMAIN/oauth2callback
client_id=***
prompt=consent
scope=https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/youtube.upload https://www.googleapis.com/auth/youtube.force-ssl
So the question is: how to behave in this situation? Is it possible to link the branded channel directly to the GSuite organization without losing the name?
I tried to move the Brand channel by connecting it directly within my GSuite organization, but the channel is renamed with my name and no longer with the brand name, making it impossible for me to change the channel name because the Name and Surname fields are mandatory.
Thank you
Related
I have developed a chatbot for IT Support team in our company, running on MS Teams using Bot Framework Composer. I have integrated it with Azure logic apps to send emails to IT Support team.
I want to know how to;
Get user's email address in MS Teams (We can get user's name using ${turn.activity.from.name} telemetry track event)
Set a timeout period
Send a Image to using HTTP request in JSON format (Then users can upload the screenshot of their issue)
Yes, you can get the user's email address in MS teams by making fetching the roster or user profile or make use of get single member detail from this documentation.
Not sure if you want to restart a conversation or track the last time a message was received from a user, but you can refer to Expire a conversation documentation to get started with.
MS Teams makes use of webhooks to integrate with external apps and makes use of Standard HTTP message exchange feature where responses appear in the same chain as the original request message and can include any bot framework message content, for example, rich text, images, cards, and emojis.
I'm trying to send Direct Messages (DMs) to a user on Slack using chat.postMessage using Bot token. But I'm only able to send messages to the users that are in my workspace.
How can I send message to any user on another workspaces?
When I try to do so, I get: "error": "channel_not_found"
I've that user's UserID (U02....), user's email and my Bot token.
When you create a bot/app in Slack, you grant it OAuth Scopes which provide the bot access to certain information in your Slack instance. So for example, I expect you have added the users:read Bot Token Scope to your Slack app, so that it can determine the users, and userId's in your workspace.
However, this scope restricts the bot to only see users in your workspace.
There's a couple of ways around this though:
Solution 1 - Slack Connect
Now in Slack, you can message users in other workspaces with a feature called Slack Connect.
You'll first need to establish a connection with the user you want the bot to message. This can be arranged via an invite process, and once completed that userId should become available to the bot. You can use that userId in the channel field of the chat.postMessage API to direct message the user from the other workspace.
Solution 2 - Org Level App
If you are on an Enterprise version of Slack, you should have multiple workspaces within a company, that are all linked by an enterpriseId.
In this case, a possible solution might be to create what is known as an Org Level App to have access to information across multiple workspaces. More information on Org Level apps can be found here.
I'm trying to convert some bot logic to use delegated permissions instead of application ones, but I'm running into an issue with a bot feature that can post to a Teams channel from a 1:1 conversation. The user can ask the bot to post to a channel, and this works fine, but when I take away Group.ReadWrite.All, I can't find a workaround that doesn't require admin consent. Here's the current flow:
Get the user's joined teams (me/joinedTeams-gets the user's joined Teams. This requires Team.ReadBasic.All.
Get the channels in the team (/teams/{id}/channels). This requires Group.Read.All (admin consent)
Post to the channel (/teams/{id}/channels/{id}/messages) which requires ChannelMessage.Send
So with delegated, non-admin permissions, I can list a user's teams, post a message to a channel on their behalf, but not list the channels on their joined teams? The docs here say that you need delegated Group.Read.All or ReadWrite.All, both of which require admin consent.
Is there another way that I'm missing to get a list of teams/channels for a user to cross-post to? I don't want to have to add the bot to the channel. I suppose I could create/store a list of connectors for each channel, but that's a lot of extra user overhead. The challenge is that I want to deploy this bot to an org that refuses to give any application/admin consent permissions to 3p apps.
I have no idea how I missed this, but there's a Channel.ReadBasic.All permission that doesn't require admin consent. This means I can do something like this in my bot:
Get a user's joined teams with graphClient.Users[aadUserId].JoinedTeams.Request().GetAsync()
Get the team's channels with graphClient.Teams[teamID].Channels.Request().GetAsync()
Post to the channel as outlined in the docs with c.Teams[teamID].Channels[channelID].Messages.Request().AddAsync(chatMessage).GetAwaiter().GetResult();
The only difference here is that the message is attributed to the user and not the bot, but as long as that's OK, this is a way to have a user initiated cross-post from a bot to a Team.
My app users whose account has less than 1,000 subscribers are blocked from live-streaming.
liveBroadcasts.insert API request (https://developers.google.com/youtube/v3/live/docs/errors#liveBroadcasts_youtube.liveBroadcasts.insert)
POST
https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id%2Csnippet%2Cstatus&fields=id&key={YOUR_API_KEY}
error message:
The user is blocked from live streaming. (
extendedHelp: https://support.google.com/youtube/answer/2853834 )
However,
we created another project at https://console.developers.google.com and made new Credentials, OAuth 2.0 client ID for Android.
and we tested it with sames package name and the error does not appear.
Also, Google play there are many other apps with similar live streaming features and they let streaming with less than 1,000 subscribers subscribers without any problems.
I wonder if there is any specific policy about Restrictions on live streaming and project-id.
I have created a Microsoft Teams bot that can create/update conversations and receives all kinds of events to an endpoint (user joined team, ...). All I see in the events is a tenant id. For teams, i get an id and sometimes a name which is great.
to create/update conversations I use this flow:
Get a token from https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token
POST to a channel: ${serviceUrl}v3/conversations/${conversationId}/activities
My question is, how can I get the name of a tenant? I can not find any API to do so?
Use case: A user sends me a support email. I have no way to check my database and find the correct entries because all I know is the tenant id.
I have looked into the Graph API but I'm not sure if my bot is actually able to make those calls (I get all kinds of strange permissions errors such as Authorization_IdentityNotFound The identity of the calling application could not be established.).
I want to make the calls to the API myself. I don't want to use any Microsoft SDK/Lib/...
It looks like I have to:
In Azure Portal -> App registrations -> API permissions add the Microsoft Graph application permission Organization.Read.All
For each tenant, ask the Microsoft Teams admin to visit: https://login.microsoftonline.com/${tenantId}/adminconsent
Get a graph token for the tenant via https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token (scope: graph.microsoft.com/.default)
Call the graph api https://graph.microsoft.com/v1.0/organization