I have the client ID and client secret for my oAuth App. Unfortunately, I am not sure which google account we used to create that app. Is there a way to find what google account is a client ID associated with?
Related
I'm trining to create live stream on youtube using google API. Now it working only when I use oauth authorisation. When I use API key authorisation I get authorisation error (login required)
When I use oauth authorisation - it require to enter confirmation code each time I create new translation. Is it possible to use "liveStreams->insert" method of API with authorisation that does not require entering of confirmation code?
From what you are writing it appears to me that you haven't understood the concept of OAuth and when to use OAuth vs an API key.
Try to think about it this way: You, as a person, have a Google account. This Google account is not the same as your YouTube account (or, as it is more commonly refered to, your YouTube channel). But your Google account is associated with your YouTube channel (of which you can have multiple). Because you are logged in to your Google account and your channel and Google account are linked, the YouTube website knows who you are and gives you access to your channel.
Now you head over to the Google Cloud Console. Here you create a project, which is very similar to a YouTube account in the sense that it, too, is an independent account which in this case represents your app, but is linked to your Google account so the Cloud Console website knows to give you access to the project as long as you are logged-in to your Google account.
HOWEVER, your YouTube account is not linked to your Cloud Console project. When you make an API request with an API key, the API does not see you as in "your Google account", but rather your apps's Cloud Console Project. That's why with an API key, you can only access publicly available data (everything you could "see" when you browse YouTube while not being logged-in).
So, in order for an application to read private channel information or modify channel information, the API needs verification that whoever makes that request is actually allowed to do that. This is where OAuth comes into play.
When you say you have to provide the confirmation code for each request, I think you don't save the access token and refresh token. I highly recommend you read Using OAuth 2.0 to Access Google APIs and Obtaining authorization credentials over on Google Developers to help get you started.
I have 2 applications, the old application is using Oauth2 to access the Google Analytics API. All current users have granted access to an email from my domain.
The second application is using credentials with Service account authentication.
The problem is that the email for the Service account keys is using a different domain:
"client_email": "xxx-service#xxx.iam.gserviceaccount.com",
I need it to use my old email from my domain that already have permissions from clients.
How can I do that, I already downloaded the json file for the Service account keys.
There is a diffrence between Oauth2 and service accounts.
Lets start with the old app using Oauth2. When a user starts using the application they are displayed the authentication form which asks them to grant application X access to their data. Assuming they accept it application X can now read there data. Application X is given a Refresh token which can be used to access the data at a later date.
In the background the developer of Application X registered their application on Google Developer console and was given a client id and client secret. When the user authenticated to the application the Refresh token is created using the client id and client secret. You can not take a different client id and client secret and use it with the refresh token from another application they are not interchangeable.
Service accounts are different in that they are preauthorized. If you take that service account email address you have and add it as a user on the Google analytics website admin section. The service account will have access to read the information just like any other user.
Clarifications / answers.
You can not pick the service account email address these are generated by Google.
You can't use a service account to access data granted to an application though Oauth2. they are not interchangeable.
If you have access to the users data using Oauth2 you should be using your refresh tokens to access their data you do not need a service account.
I need to read/insert events into a specific calendar, using Google API. All registered users (in my app) can read and insert events into the calendar. I don't have to authenticate each user with OAuth 2.0, because the app will not read the user data - only specific account data.
I'm a professor and all my students can read and insert in my calendar. So, they do not need to login (Google Account) to do it, because it's a single account's data.
Is there a way to set a unique key for the main account?
OAuth2 doesn't makes me sense.
Maybe you need a service account here. It is an account that belongs to your application instead of to an individual end-user. Your application calls Google APIs on behalf of the service account, and user consent is not required. (In non-service-account scenarios, your application calls Google APIs on behalf of end-users, and user consent is sometimes required.)
The Calendar API can use the Delegating domain-wide authority to the service account. For example, an application that uses the Google Calendar API to add events to the calendars of all users in a Google Apps domain would use a service account to access the Google Calendar API on behalf of users.
For more information, check these threads:
Delegating domain-wide authority to the service account
How to list Google Calendar Events without User Authentication
Embed Google Calendar only users logged into my website (not necessarily through Google) can see
I'm trying to create contacts in my google account using the 2lo (2 legged oauth), to achieve this Ive created a service account using my test account AAAAAAA#gmail.com, this step creates a "new email address" for the service, something like: XXXXXXX#YYYYYYYY.iam.gserviceaccount.com.
I'm able to access the google api with this account without the user intervention (2lo), and when I create a new contact using the api, this contact is related to XXXXXXX#YYYYYYYY.iam.gserviceaccount.com and not to the account I used to create the service account AAAAAAA#gmail.com, I can't see the created contact using my test account (AAAAAAA#gmail.com).
Is it possible to create a contact on my AAAAAAA#gmail.com account using a service account? what steps shou;d I follow?
Thanks
No, you cannot create contact. You need service account, which is an account that belongs to your application instead of an individual end user. Your application calls Google APIs on behalf of the service account, so users aren't directly involved.
If you want to access user data for users in your Google Apps domain, then delegate domain-wide access to the service account. Then, your application prepares to make authorized API calls by using the service account's credentials to request an access token from the OAuth 2.0 auth server.
You may follow the steps listed here: . It shows how to create a service account.
I want to access multiple account of ad words from my website. Is there any possibilities to access using one client id and secret key.
Because when I change the client customer id (xxx-xxx-xxxx). I always need to change client id and secret key. And also I need to generate refresh token.
If all your Ad Words accounts are grouped under a single MCC account, then you need not change client id, secret key, refresh token every time. Changing client customer id is sufficient.
You will need to create a top level mcc adwords account - then put all the accounts under this and you will be able to access all accounts with one refresh token.