Classroom Topics API is giving me Account Restricted error - google-classroom

I'm trying to create a topic inside a course using the Classrom API. All other scopes (creating courses, adding teachers, adding students) work just fine. Only the Topics scope is giving me that error. Before anyone asks I am a teacher inside the course I'm trying to create the topic into.
Screenshot

I just figured out the issue. The Classroom Topics scope is, for some odd reason, not part of the Classroom service on GSuite. For that you have to enable "Access to additional services without individual control" inside the Admin Console. After I enabled it the scope started working as intended.
Here is the link where I found the answer: https://issuetracker.google.com/issues/152686011

Related

Calendar API not auto accepting for new accounts

I generate a auth link like:
https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar.events&prompt=consent&response_type=code&client_id=xxx&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fapplication%2Fsettings%2Fgcal&flowName=GeneralOAuthFlow
As you can see I call for the authorization as defined in the documentation here https://developers.google.com/calendar/api/guides/auth however, when I go to auth this is what I am presented with: and I thought this might be some new security thing from google but then I look at connecting to other sites and the account works just fine there.
This application is also fully verified for the consent screen.
While doing some comparison between my calls and other site's I notice that mine have /v2/ in the path while others do not. I have tried multiple individual google accounts with same result, but I always get a v2 redirect.
Anyone here know why this happens with v3 accounts and how I can solve it?
Unfortunately, this is the new default behaviour
It is realted to the new policy of More granular Google Account permissions with Google OAuth and APIs
It is being gradually introduced and is not related to either v2 or v3 accounts are being used but rather will eventually implemented for all accounts
Should the user not grant you all the scopes necessary for your Addon to run - you will need to handle it programmatically checking which scopes have been granted and requesting additional scopes if required
Best practive would be to make it very clear to your users PRIOR to the app installation that checking all checkboxes is crucial for the correct functionality of the app.
There is a very good stackoverflow post that explains the new change more in detail and includes many useful references.

List of ALL Class Assignments using Graph API Beta

I have been asked to retrieve all Class Assignments from Teams for education using the Graph API.
I have taken info from educationClass Methods to list all classes, members, etc. in my ASP core console app. but I cannot get assignments due to access permissions.
It appears that the method 'List assignments' does not support the 'Application' permission type.
I then created an ASP Core Web app with Azure authentication, wired up the Graph API and was able to see a handful of assignments whilst authenticated as myself.
If I log in as a 'test' teacher then I can see their class assignments, which makes me wonder whether I could do this automatically for all teachers? Could you somehow get class assignments on behalf of a user? Ideally, this will be a console app running on a server.
I have very little experience using Graph so I am wondering whether there is a way to get the information I need. I am an O365 administrator and I was hoping this would give me access to everything I needed.
Any advise is much appreciated as I'm not sure how best to approach this task
John

Email from Google: Using a Google product name as the project in OAuth consent screen

I received this message for the second time and i still dont understand why. Can someone help me?
Action required: Critical problem with your Google Cloud/API project
Youtube API (id: tonal-topic-123301)
Dear Developer, We have recently
detected that your Google Cloud/API project Youtube API (id:
tonal-topic-123301) is using a Google product name as the project name
shown to users on the OAuth consent screen, which violates the Google
API Services: User Data Policy. You can fix the problem by revising
the project name and other relevant content so that the OAuth consent
screen shown to users accurately reflects the identity of your
application. To revise the project name visible to users, please take
the following steps:
Please review the Google API Services: User Data Policy, specifically
the following section- "Do not make false or misleading statements
about any entities that have allegedly authorized or managed your
application. You must accurately represent the company, organization,
or other authority that manages your application. Making false
representations about client credentials to Google or Google users is
grounds for suspension."
Sign in to the Google Cloud Platform Console.
Select your project.
On the Home Page Dashboard, select Go to APIs overview under APIs.
In API manager, select Credentials on the left bar, then select OAuth
consent screen. Change the name in the field under Product name shown
to users and then click on Save. We will suspend your Cloud project in
3 days unless you correct the problem. Please submit an appeal if you
have any questions. Please note that you should be logged in as the
project owner to access the appeals page. For more help on submitting
an appeal or to learn more about the process check the Policy
Violation FAQ. Please take a moment to review the Google API Services:
User Data Policy, the Google API Terms of Service, the Google Cloud
Terms of Service and the applicable Terms of Service for the specific
Google API you are using so that you do not violate our terms and
policies in the future.
This is obviously a naming issue regarding something in the google product range.
You Should be able to re-name your project to solve this.
If not, try a Google forum or help pages.
The problem you are having is that Google does not allow you to use a Google product name as the name of your in your application. Users can become confused and assume your third party application was created by them.
How to fix it:
Go to Google Developer console find the credentials screen. Click on the Oauth consent screen tab at the top rename your application.
Note: If you don't do this google is going to shut down your application they are very picky about this.

Linkedin Rest API suddenly stopped working

I'm developing a Rails app, which contains importing of profile information from LinkedIn to a Rails DB.
It works fine a lot of the time, but over the last 2 weeks it suddenly stopped working...
Default Application Permissions on LinkedIn is only r_fullprofile
I use linkedin gem as a wrapper
Fields to import - positions, educations, summary, languages, picture-url
Error, which I see in PROD logs:
LinkedIn connect failed: Scope NOT_AUTHORIZED : r_fullprofile
.rvm/gems/ruby-2.1.2/gems/oauth-0.4.7/lib/oauth/consumer.rb:178:in `request'
.rvm/gems/ruby-2.1.2/gems/oauth-0.4.7/lib/oauth/consumer.rb:194:in `token_request'
.rvm/gems/ruby-2.1.2/gems/oauth-0.4.7/lib/oauth/consumer.rb:136:in `get_request_token'
.rvm/gems/ruby-2.1.2/gems/linkedin-0.4.3/lib/linked_in/helpers/authorization.rb:22:in `request_token'
As I see in debug, for some reason request token and secret are nil,
so I decide that the API to authorize client with my linkedin-app does not work.
ALso, I found an answer on stackoverflow that some API rules were changed some time ago:
After May 12th, 2015, apps will no longer be able to request this
member permission without being specifically reviewed by LinkedIn for
compliance with the Apply with LinkedIn use case
(https://developer.linkedin.com/docs/apply-with-linkedin) or some
other partnership program membership which grants access to that
permissions.
But, does some analog of r_fullprofile permisson exists now, which give an access to get all profile information from linkedin?
Here is what I found in Developer Program Transition Guide:
Access to the r_fullprofile member permission now requires explicit approval from LinkedIn. Additionally, the focus of this permission has changed to become much more specific. Going forward, data received from the Profile API using the r_fullprofile permission can only be used to complement your company's careers pages, as described further on the Apply with LinkedIn page.
If you are already using member data provided by r_fullprofile and you believe your application meets new useage criteria, you will still be required to apply for permission on the Apply with LinkedIn page to maintain your application's ability to use the r_fullprofile member permission.
Here is a link for Apply with LinkedIn if you need it:
https://help.linkedin.com/app/ask/path/api-dvr
I have asked for restoring API-access from my application,
hope that LinkedIn support help me.
Use Apply with LinkedIn to:
Round out your knowledge about a candidate’s background, their recommendations, interests and who’s in their network
Incorporate a candidate’s full profile data in your careers site
Make it easy for qualified candidates to apply to your company’s jobs
And in a few days I received an answer that my access to API is restored!
Thanks LinkedIn Review Team, they are great guys!

Google+ API - Moments visibility

I am currently researching Google+ REST API to post to a user's stream.
The basic requirements are:
The post should be created without user's review using server side request (user should give his permission to post on his behalf in the future).
The post must be visible to all user's friends.
As i understand from reading the documentation, posting to the stream without actually getting permission in creation time from the user is impossible, however, creating 'moments' doesn't require permission upon-posting, so the user should give his permission when authorizing the app.
Since i didn't find anything that explains how can a moment be created to be visible to all user's friends - can someone who is familiar with this API explain how visibility of a moment is being determined and on which step? reference to an API documentation would be good as well, but i didn't find any.
Thanks
The moment methods do not write directly to a user's Google+ stream. They instead write to a user's profile, and are not necessarily viewable by others depending on the user's preferred sharing settings.
Manage app activities in Google
During authorization the user chooses who their activity is visible to.
Once authorized a user should be able to see their own activities on Google+ and you can view other people's activities by clicking on an app from their profile about page.

Resources