I made amistake and installed a Chrome extension and I gave access to my google API to someone who keeps uploading Bitcoin videos to my YT Channel.
Ive changed my passwords but still, what other troubleshooting do you think I must do?
Changing your password won't terminate access to your account from an OAuth token, which is being used to upload to your YouTube channel.
You should be able to remove the app by going to Account > Security > Third-party apps with account access and removing access for third-party apps you don't trust.
Related
I'm working on a SAML SSO integration for our app using Google / G Suite. Our customers configure our SAML app in their company's G Suite admin settings. The integration works correctly in most cases:
Suppose you're not signed into a Google account yet. You initiate the SSO process. You're prompted to sign into your company Google account, and SSO works correctly.
Suppose you're already signed into your company Google account and your personal Google account. You initiate the SSO process. You see an account chooser. If you choose your company Google account, SSO works correctly.
However, SSO fails in this case:
Suppose you are only signed into your personal Google account. Google does not display the account chooser. Instead, you immediately get a a 403 error: "Error: app_not_configured_for_user."
This has led to a very confusing experience for our users. It's pretty common that you're currently only signed into one google account that's not your company google account. Furthermore, the error page is opaque -- it's not clear to a user what they did wrong.
Is there any way to always show the account chooser? For example, are there any parameters we can add to the /o/saml2/idp url or the SAML AuthnRequest? (E.g. we tried setting ForceAuthn and adding a <saml:Subject> block in the AuthnRequest, but it seems Google's SAML does not support either.)
Or is there a way for our app to get a callback on error, so we can show a more meaningful error message?
(I contacted G Suite support, and they said to ask our question on Stack Overflow instead. Appreciate your help here!)
Instead of redirecting to directly from your app to the Google IDP, you need to redirect to
https://accounts.google.com/accountchooser?continue={theredirectURL}
See
Google SAML app_not_configured_for_user / equivalent of prompt=select_account SAML
if you using a passport-saml
There is a fork that fixes this behavior.
Set in configuration googleAuth: true and then during authorization there will be a redirect to the google account selection page
I had this same issue. When I then added the G suite account to my Android device under Settings > Accounts and retried the login flow, I was properly prompted with the Account Chooser. Not the solution I was really looking for, but it did change the outcome.
I had the exact same problem when working with Keeper Password Manager. I solved it by erasing everything from ~/Library/Application Support/Keeper Password Manager/Cookies
I suggest you look for a similar folder in your app and do the same
I'm trining to create live stream on youtube using google API. Now it working only when I use oauth authorisation. When I use API key authorisation I get authorisation error (login required)
When I use oauth authorisation - it require to enter confirmation code each time I create new translation. Is it possible to use "liveStreams->insert" method of API with authorisation that does not require entering of confirmation code?
From what you are writing it appears to me that you haven't understood the concept of OAuth and when to use OAuth vs an API key.
Try to think about it this way: You, as a person, have a Google account. This Google account is not the same as your YouTube account (or, as it is more commonly refered to, your YouTube channel). But your Google account is associated with your YouTube channel (of which you can have multiple). Because you are logged in to your Google account and your channel and Google account are linked, the YouTube website knows who you are and gives you access to your channel.
Now you head over to the Google Cloud Console. Here you create a project, which is very similar to a YouTube account in the sense that it, too, is an independent account which in this case represents your app, but is linked to your Google account so the Cloud Console website knows to give you access to the project as long as you are logged-in to your Google account.
HOWEVER, your YouTube account is not linked to your Cloud Console project. When you make an API request with an API key, the API does not see you as in "your Google account", but rather your apps's Cloud Console Project. That's why with an API key, you can only access publicly available data (everything you could "see" when you browse YouTube while not being logged-in).
So, in order for an application to read private channel information or modify channel information, the API needs verification that whoever makes that request is actually allowed to do that. This is where OAuth comes into play.
When you say you have to provide the confirmation code for each request, I think you don't save the access token and refresh token. I highly recommend you read Using OAuth 2.0 to Access Google APIs and Obtaining authorization credentials over on Google Developers to help get you started.
I am trying to access Google play developer API https://developers.google.com/android-publisher/ to build an inapp purchase product for my company Application.
We have to get authorization to make a GET call to the Google play developer API. https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get
I followed the steps presented here. https://developers.google.com/android-publisher/authorization
Created an Oauth client and and also service account. The gmail account I used was part of the 'Users and permissions' in play.google.com console.
But when I tried to access the API, I got an error
As I started searching about this error, I understood that there is something else called 'API Access' in play.google.com. When I tried to access it, All I saw was
But I saw in other posts that there exists a screen with details like
https://i.stack.imgur.com/Hdjjy.png
So how can I go forward to access API. I did everything as mentioned in documentation of google but it didnt work. Also I dont have access to see the screen of 'API Access'.
Also I am confused, if you can create service accounts from both 'API Access' screen and also from 'credentials' screen in console.developers.com, which one should be used ?
Just to check you understand there are a few different APIs to do with in-app purchases.
Play billing library is designed to be used in your app. This is what allows users to buy things from your app
Configuring in app products. When your app supports in-app products you have to support what the products are and the prices. This is done via the Play console, either manually or in batches uploading CSV files.
Finally is the API you refer to in your question. This is not designed for use in your app, and you don't have to use it to support in-app products. Instead this API allows your server (not app) to validate a user's purchase. In order to use this API, you need to enable the "API access" in the page you found. This can only be enabled by the account owner for the Play console, for security reasons. You will need to find the Owner of your Google Play account, and get them to log in and create a service account which has API access.
I am able to access it now. I am not the owner of the Google Play console.That was the issue. You just have to go to API Access page and click on "create OAuth Client" or "create Service Account ".
You can use those credentials to access API from postman or through your code.
I have a marketplace app that I'd like to use to access the Google Drive API. I'm currently using the gdata API using 2-legged OAuth. My understanding is that the new Google APIs, including Google Drive API do not support 2-legged OAuth.
How can I access the Google Drive API for my customers' domain without asking each of my customers's users for individual permission?
On my Google Apps Marketplace Vendor page, there is a link to the Google APIs Console, with a project linked to my Marketplace App, but there is no option to create an OAuth 2.0 Client ID. I can only create a Simple API key.
Apparently, you used to be able to use the two-legged OAuth credentials along with the server api key to authenticate, but it looks like that's no longer the case. I tried to authenticate using this method with an old Google API .net sdk, but got a 401. I downloaded the newest sdk, and two-legged OAuth is completely missing. I checked out a copy of the Ruby sdk, because it was used in the video "Google Drive SDK: Using the Drive API with the Google Apps Marketplace", but it looks like (I don't know Ruby) it explicitly forbids two-legged OAuth:
case authorization
when :oauth_1
STDERR.puts('OAuth 1 is deprecated. Please reauthorize with OAuth 2.')
I feel like Google is intentionally ignoring my questions about this topic.
You can use domain-wide delegation to access users' data without asking each user. Details are explained on https://developers.google.com/drive/delegation
I took a look in some docs at developers.google and some questions here in stackoverflow and I really would like to found an objective answer about use the Google OAuth Server to authenticate an application and grant access to download docs into a Google Drive account with NO BROWSER interaction.
As far as I could look, docs like "Using OAuth 2.0 for Server to Server Applications", "Using OAuth 2.0 for Devices", answers here, I couldn't found an article saying "Is possible to authorize an application to get files from a common Google Drive account in Devices with no browser...".
Anyone have tried and had success in this jorney?
The Devices flow is meant for applications that run on devices where no browser is present (fancy example could be a wristwatch that shows new G+ notifications) and requires the user to do manual steps on a device that has a browser. Also this is for getting access to data on the user's account.
UPDATE:
As you say you have an embedded application running without a browser available and want to access data on behalf of a user, this is definitely the way to go. This however still needs the user to login (once) on another device with a browser. After you got an access token using this flow, you can then access the Google Drive API either manually or by using some library.
So you want to access data on Google Drive that belongs to a special account and only your application can access it without a browser involved?
A Service Account (the Server-to-Server flow) would be exactly what you need. These however are only for usage on a web server, as otherwise your private keyfile would have to be deployed to a client, where it could easily be extracted.
One thing you could do is use your own web server that fetches data from your Google account using a Service Account and have a client application that only connects to your own web server. This has of course also its downsides, especially when it comes to locking down your web server so no third party clients could access it.
It can be done, but a browser does need to be used. I've successfully gotten OAuth 2.0 working on an IBM i (AS/400, iSeries, System i, whatever the name is today) which doesn't have a browser. I've so far implemented the Calendar and Google Cloud Print APIs.
During the OAuth 2.0 negotiation you will be returned a URL and a code. You need to display the URL for the user to go to, then the code to enter to grant authority for that specific API/scope. I have an example in our documentation here:
http://docs.bvstools.com/home/greentools-for-google-apps/docs/g4g-base-commands/g4gregsvc
But, the issue now is that the drive API is not yet available to devices. But, Google has said that soon it should be.