I'm using Laravel Socialite to handle logging in with Google. In response I can see the user's domain. I was wondering if there was also a way to get an organization id that's user belongs to.
I was wondering if there was also a way to get an organization id
that's user belongs to.
No. The only information that you have access to is stored in the Access Token and ID Token. The exception being if the Access Token also provides API access (privileges) to GCP or G Suite.
You'll need to request additional scopes to find the organization ID [1].
[1] https://cloud.google.com/resource-manager/reference/rest/v1/organizations/search
Related
I try to implement the microsoft auth into my application using Laravel Socialite, but since I'm working in a multi-tenant environment, I need to assign a user to a organisation. Is there anything such a microsoft organisation id or a domain name I can access in the docs? I'm unable to find it in the docs.
Also I try to get the street, postal and city and wasn't able to access that as well, but this is not as critical as the company identifier.
I found this thread, but it handles over Google, so maybe the approach might be similar:
How do I get a user's organization id when they login with Google oauth?
As I searched, I also found this docs, which seems to list all available fields of oauth: https://learn.microsoft.com/de-de/azure/active-directory/develop/id-tokens
https://learn.microsoft.com/en-us/graph/auth-v2-user#4-use-the-access-token-to-call-microsoft-graph
According to this docs: https://learn.microsoft.com/en-gb/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-permission-scopes you can add tenant details to the request including the id, display name and verified domains.
As my app is designed using flutter and all my app endpoints are created using Springboot. So can call direct APIs using Feignclient in Springboot to create my own endpoint to list all the envelopes for one recipient?
Do we have any endpoint to get all the envelopes by using the recipient name or email id? for example XYZ user needs to sign in 2 envelopes then using XYZ can we be able to fetch those 2 envelopes?
Yes, you are very welcome to call the eSignature REST API directly and not use an SDK. Use API version 2.1. About half of the developers who use the API do so directly.
Updated: authentication
To call the eSign REST API, each of your API calls must include authentication via an access token. You can obtain an access token via an OAuth flow.
If your users have DocuSign user accounts, then they should login/authenticate via Implicit grant assuming that you're using Flutter for a mobile app.
If your users don't have DocuSign accounts (they are signers, not senders), then you need to have a backend server that can securely use the JWT grant flow to obtain an access token on behalf of a "system" account such as "finance#example.com"
If you have questions about authentication, please open a new question on StackOverflow.
https://developers.docusign.com/docs/esign-rest-api/reference/envelopes/envelopes/liststatuschanges/
This endpoint has lots of filtering options including:
email={email_address} Limit results to envelopes sent by the account user with this email address.
user_name must be given as well, and both email and user_name must refer to an existing account user.
user_name={user_name} Limit results to envelopes sent by the account user with this user name.
email must be given as well, and both email and user_name must refer to an existing account user.
How to get userId for getting the activity data of the user from google fit API.
GET https://www.googleapis.com/fitness/v1/users/userId/dataSources/dataSourceId
I can able to get my data by replacing userId with me but I want to create an application for other users.
As stated in the documentation, the only supported value for the user id is "me".
The identity of the user that "me" refers to is conveyed by the OAuth token you pass with your request.
If you want to access the data for a user, they will need to grant an OAuth token to you.
Suppose I have an application in which I have enabled (google) Oauth2 authentication but I want only a few business people can log in to my application with there specific email id and rest of the people can't. How Can we achieve this using Oauth2?
1.) Lots of people have a Google account and can authenticate with Google
2.) I want Only some of them should be authorized to use your app, which maybe deals with business assets
I suspect your requirement is:
Lots of people have a Google account and can authenticate with Google
Only some of them should be authorized to use your app, which maybe deals with corporate assets
In this case I would proceed something like this:
STEP 1: PREREQUISITE USER SETUP
Get a list of users and perform an Administrator Approval step to create them in your product database, perhaps with Name and Email fields.
STEP 2: INCLUDE THE EMAIL SCOPE DURING LOGINS
In the Google login redirect, use scope='openid email' so that you can identify the user via email after login. Allow users to successfully authenticate.
STEP 3: AFTER LOGIN PROCESS THE ACCESS TOKEN
You will then get then be able to get the user's email address from the access token (though you may have to send it to the Google User Info endpoint).
STEP 4: DENY ACCESS WHEN REQUIRED
If you can't find the email associated to the token in your product user data, present a Forbidden message to the user.
FURTHER INFO
See my User Data Write Up for further details on technical options. Note that I have not actually tested this with Google, but I have used the general approach with a few different systems.
I had a "sign in with Google+" function in my web-app. Upon signing in I would show user's email and name on the page and save it to database. To fetch user's profile data after sign in I used Google+ API method people.me with access_token in GET params.
Google+ API is going to shut down on March 7. I have to migrate to Google People or some other api. How do I achieve the same goal with a different google API? I need to fetch email and name by known auth token.
We use this through Laravel's Socialite, and they're replacing it with:
https://www.googleapis.com/userinfo/v2/me
You may want the profile scope as part of the OAuth flow to make the profile data accessible through this methods. Otherwise it will return incomplete data.