My question is about google API for fetching googlegroups.com users - google-api

What is the google API for fetching googlegroups.com users?
gapi.client.init({
apiKey: API_KEY,
clientId: CLIENT_ID,
discoveryDocs: DISCOVERY_DOCS,
scope: SCOPES
})
My question is related to public googlegroups.com not related to Gsuite groups.

Related

Smart Home sample, "Couldn't update settings please check your connection"

My goal is to get the "Turn on the light" message when I say that to my Google Home. To do that, I visited their documentation page, which listed this sample code. I downloaded it and run it locally. Even thought I ran it locally, by default it was available publicly at "https://something.ngrok.io".
I opened the page and added a new light (I chose monochrome, because it looked simpler than RGB light) like this.
Then, I created a project "Fake Light" at Actions on Google.
Now, I see that app when I click "Add devices" on the Google Home app like below. If I click it, it shows the OAuth page, but when I tried to log in, it says, "Couldn't update settings please check your connection".
The NPM console log is like the following (I censored out some parts):
login successful rick
authCode successful 5*************************
GET /oauth?response_type=code&client_id=***********&redirect_uri=https://oauth-redirect.googleusercontent.com/r/******** 302 8.858 ms - 1418
/token query {}
/token body { grant_type: 'authorization_code',
code: '*****************',
redirect_uri: 'https://oauth-redirect.googleusercontent.com/r/*****************',
client_id: 'ZxjqWpsYj3',
client_secret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
getClient ZxjqWpsYj3, hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv
return getClient { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
client { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
handleAuthCode {}
getClient ZxjqWpsYj3, hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv
return getClient { clientId: 'ZxjqWpsYj3',
clientSecret: 'hIMH3uWlMVrqa7FAbKLBoNUMCyLCtv' }
getAccessToken = { uid: '1234',
accessToken: '*****************',
refreshToken: '*****************',
userId: '1234' }
return getAccessToken = { token_type: 'bearer',
access_token: '*****************',
refresh_token: '*****************' }
respond success { token_type: 'bearer',
access_token: '*****************',
refresh_token: '*****************' }
POST /token 200 6.401 ms - 100
POST / 404 0.401 ms - 140
I used the sample account rick/oldman. The last log did show "404" but I am not sure why this happens.
The fulfilment address had to contain "/smarthome". I had entered "https://xxxxxxxx.ngrok.io". I changed it to "https://xxxxxxxx.ngrok.io/smarthome" and the error did not happen again.
https://github.com/actions-on-google/smart-home-nodejs/issues/58

AAD Token from SPA app works to call Nodejs API but not .Net WebAPI

I have a SPA application that uses MSAL to acquire a token from AAD. Because MSAL works with v2 endpoint and because v2 endpoint does not currently support issuing tokens for custom API's, I'm passing the ID Token to my api and essentially treating my api as the same application. (While this has a smell to it, it does actually work -- at least with Nodejs API).
SPA app
let idToken = Msal.Storage('localStorage').getItem(Msal.Constants.idTokenKey);
this.http.configure(config => {
config.withBaseUrl("http://localhost:3001/")
config.withDefaults({headers: {'Authorization': 'Bearer ' + idToken}})
});
//Call API
this.http.fetch("account")
...
Node.js API
//Using express/passport
var BearerStrategy = require("passport-azure-ad").BearerStrategy;
var options = {
identityMetadata: "https://login.microsoftonline.com/tenantid/.well-known/openid-configuration/",
clientID: "xxxxxxx-xxxx-xxxxxxx-xxxxx",
passReqtoCallback: false,
validateIssuer: true,
issuer: "http://login.microsoftonline.com/{tenantid}/v2.0"
};
app.get("/account",passport.authenticate('oauth-bearer',{session: false}),...
The above all works. Once a user authenticates with the SPA, the token is passed and the call to the Node API works.
I'm now trying to replace the Nodejs API with a .Net WebAPI. I have the following:
Startup.cs
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
TokenValidationParameters = new TokenValidationParameters
{
//Same ID as used for ClientID in Nodejs
ValidAudience = "xxxxxx-xxxxx-xxxxx-xxxxx",
ValidIssuer = "https://login.microsoftonline.com/{tenantid}/v2.0",
ValidateIssuer = true,
AuthenticationType = "WebApi" //Tried both with and without this
},
Tenant = "{tenantid}" //have tried both id and name
}
)
AccountController.cs
[Authorize]
[Route("account")]
public IHttpActionResult AccountProfile(){
//Get Account information
....
return Ok(profile);
}
However, when I point the SPA app to call the .Net api, I always get Authorization has been denied for this request .
Is there something I'm missing?
Edit
Incidentally, I've inspected the token that is being used.
The value I'm using for clientID (Nodejs) and ValidAudience (.Net) exactly match the aud claim in the token. The issuer (Nodejs) and ValidIssuer (.Net) exactly match the iss claim in the token. Lastly, the anywhere in my code where I've inserted {tenantid}, the actual value there matches exactly the tid claim in the token.
We had a similar issue when switching from ADAL to MSAL and got it to work by using a similar approach like this Github project. Specifically take a look at these files:
https://github.com/oktadeveloper/okta-oauth-aspnet-codeflow/blob/master/Api/Startup.cs
https://github.com/oktadeveloper/okta-oauth-aspnet-codeflow/blob/master/Api/OpenIdConnectCachingSecurityTokenProvider.cs
Update: Our Startup.cs:
var provider = new OpenIdConnectCachingSecurityTokenProvider(
string.Format(bc2Instace, tenant, policyId));
var jwt = new JwtFormat(clientId, provider);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = jwt,
});

Facebook token_url parameter

I am using a module for Facebook login in my app using Electron.js. However there is a tokenUrl parameter that I could not find what I should put for it:
here is the code
const config = {
clientId: environment.FACEBOOK_APP_ID,
clientSecret: 's494df4sd6f4984984984',
authorizationUrl: 'https://www.facebook.com/v2.8/dialog/oauth',
tokenUrl: '??????',
useBasicAuthorizationHeader: false,
redirectUri: "https://www.facebook.com/connect/login_success.html"
};
the token_url for google works for perfect, but not for Facebook. here is the Google token_url:
tokenUrl: 'https://accounts.google.com/o/oauth2/token',
We can do the auth using the url as the following:
https://www.facebook.com/v2.8/dialog/oauth?client_id=APP_ID&redirect_uri=AfterAuthURI&response_type=token"

Google authorization code flow - no refresh token

I'm using Google API to obtain access and refresh tokens for offline access, however, the refresh token is always null.
The authorizationCode comes from the client, so I exchange it with the tokens on the server:
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
HTTP_TRANSPORT,
JSON_FACTORY,
clientId,
clientSecret,
scopes)
.setAccessType("offline")
.build();
GoogleTokenResponse response = flow
.newTokenRequest(authorizationCode)
.setRedirectUri(redirectUri)
.execute();
// response has access_token and id_token. don't see any refresh token here
return flow.createAndStoreCredential(response, null);
// this returns Credential with refreshToken = null
Client code:
$(document).ready(function() {
gapi.load('auth2', function() {
auth2 = gapi.auth2.init({
client_id: '<my client id>',
// Scopes to request in addition to 'profile' and 'email'
scope: 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.appfolder'
});
});
$('#signinButton').click(function() {
auth2.grantOfflineAccess({'redirect_uri': 'postmessage'}).then(onSignIn);
});
});
// the onSignIn function sends the one time code (i.e. authResult['code']) to the server
Am I doing anything wrong here?
I saw this question: Google OAuth: can't get refresh token with authorization code but it didn't really answer my question and I'm not aware of refresh token only being created the first time a user logs in.
Edit:
I believe this is actually a client side problem, because the consent window doesn't ask for offline access. Will update this question based on the results of a new question here: Google javascript sign-in api: no offline access

Request with token from ADAL for Cordova returns 401 response from Web Api

I'm hoping someone can help with this:
I have a web api secured with Azure AD Bearer Authentication, where I have two web clients that can successfully authenticate on the web api using bearer tokens from AD. The Web API and both web applications are configured as applications in AD. I've tried to use ADAL for Cordova for accessing the web api a iOS/Android app but it's returning 401.
ClaimsPrincipal.Current.Identity.IsAuthenticated is returning false.
I'm using the client id for the native application I've setup in Azure AD, and I'm receiving the token but this token is invalid. After I've parsed the token on jwt.io, everything seems correct but I've noticed the token doesn't have a header.
I've added permissions to access the Web Api and sign in and access AD as the user.
The code I'm using in Cordova is below, the authority I'm using is the same as the other apps that are working. Where resource is the app Id for the Web Api in AD, and client id is the client id for the native app in Azure Ad.
// Attempt to authorize user silently
AuthenticationContext.acquireTokenSilentAsync(resource, clientId)
.then(function (result) {
sessionService.logIn(result.idToken);
console.log(result);
deferred.resolve();
}, function () {
// We require user credentials so triggers authentication dialog
AuthenticationContext.acquireTokenAsync(resource, clientId, redirectUri)
.then(function (result) {
console.log(result);
sessionService.logIn(result.idToken);
deferred.resolve();
}, function (err) {
console.log("Failed to authenticate" + err);
deferred.reject("failed to authenticate");
});
});
I've also tried using result.accessCode, which also doesn't work.
StartUp.Auth.cs in Web Api:-
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters {
ValidAudiences = Audiences
}
});
}
Can anyone help please?
Thanks
You appear to be sending the wrong token to the API - you are supposed to send result.accessToken. See https://github.com/Azure-Samples/active-directory-cordova-multitarget/blob/master/DirSearchClient/js/index.js for an example.

Resources