I'm using Google Sign-in to register and login users to my web app.
We are an edtech product, so I would like to make sure users are registering with a google account that is tied to a school and not using their personal google accounts.
Is this possible?
I don't see a field in user that would indicate this. I also can't find confirmation as to whether or not school google accounts can have an #gmail.com email or if they must use a custom domain.
Note that these account may or may not be using Google Classroom, so I can't rely on that.
Unless you have a List of the "school" accounts and can test against that there is no way for you to know.
Google is not going to tell you if its a school google account. They may know if its a google classroom account but that kind of information is not shared at login time. Probably due to user privacy.
Related
Should I use a Service Account or an OAuth 2.0 Client ID?
I'm struggling to understand Google's documentation on authenticating for their APIs. I'm creating a basic application that will help users add and modify Google Calendar events for a single Google account (the account is shared between all users). I only need the application to access that one account, it'll never need to access any others.
It seems to me that Service Account would be best for this, but Google's documentation suggests Service Accounts should only be used for automated processes (unless I'm misunderstanding). For instance this page contains the following, describing when to use Service Accounts.
Would my application qualify as acting on the users behalf?
If so, I would want to use OAuth Client ID credentials, which will ask the user to sign in to a google account. In this case, is there a way I can guarantee they only sign in to the one account I want modified?
I can't find any decent documentation on the OAuth authentication requests to figure this out myself. If there is any could you point me there?
I'm sure I'm misunderstanding something basic here, but thank you for any help!
First off you should know that you can only use service accounts with Google aclendar api if you have a google workspace domain account.
You can then set up a calendar and a domain user that the service account can act on behalf of to control the access of that calendar.
Assuming that your application is going to preform all actions on this calendar then yes i would say that you could use a service account for this. If your app bacly has a ui with a calendar on it your just using google calendar to store the data.
However if you intend to share this calendar with the users themselves, this way they could see it within their own google Calendar account. Im not sure a service account would be the way to go.
If you want the users to be able to see it and make changes then you may want to just use Oauth2. Grant them access to the calendar and then request access to their calendar account.
Drawback to that option is going to be the verification process. You will get access to all the users calendars and your going to need write access.
If you can go with a service account you really should consider it it will save you a lot of hassle with verification.
I have implemented a login feature in my app where a user can pay for subscription and have that subscription tied to their in-app login account by using the setObfuscatedAccoundId() method. However, in a scenario where the current user(user_A) makes a purchase, logs out of the app and a different user_B logs in, user_B is unable to purchase the same subscription as it has already been bought by user_A (as they share the same underlying Google Play account) even though I DON'T want these in-app accounts to be related at all. Currently, what happens is user_B gets a responses that states "You already own this item". So that makes me wonder:
Can we actually possibly use a single/the same underlying Play Store account to purchase the same subscription while logging in to an app with different user accounts?
Also, what would be an ideal design approach for a problem like this considering the limitation?
I am still a beginner at this and would really appreciate your inputs!
I'm beginner at this like you and may I was wrong but I think you can not do that because the subscriptions are saved in your google account and you can not buy same subscription you owned already.
I have a platform that allows people to sign up/log in with their Google account.
Inside the platform, there is a calendar feature where people can connect their Google Calendar and share the data between our app.
I'd like to know if there's a way to separate google calendar with the normal login stuff, so when they sign up with Google, we won't be asking for their Google Calendar permission. Once they are in the app, if they want to connect their Google Calendar, they can do so by clicking another button.
Currently, the 2 things are linked together and I'd like to separate them.
My app is https://clascity.com/
Any help is greatly appreciated!
Just because you use Google signin (openid connect) does not mean that you have permission to access the users Google calendar data.
Google calendar data is private user data, you need specific permission to access the users calendar data, you cant just let them login without asking for permission to access the data you need to access. The user needs to know what data you will be accessing and accept that specifically though the authorization form that google supplies.
Yes, in fact, what you are suggesting is considered a best practice [1]. Use incremental authorization as described here [2].
[1] https://developers.google.com/identity/protocols/oauth2/policies#unbundled-consent
[2]
https://developers.google.com/identity/sign-in/web/incremental-auth
I have some site and whant to integrate it with Google Classroom. Should users registred on my site have google account? The should be logged on my site via google?
First, the only people that can use classroom are google apps for education accounts, not just any old google consumer account
If you are thinking that you will be creating and running the classroom classes where students would participate with their schools google account, that is not likely going to work unless you actually are a school/university(and even if it did there is a hard limit of 50 domains for classroom whitelisting)
It depends entirely on what you mean by "integrate". it you just want a user to be ablle to add a url from your site as a post or assignment then that is easy https://developers.google.com/classroom/guides/sharebutton
The People API with 'me' is supposed to give organizations. But found that the organizations comes from user entered Google plus.
I want to find current logged in users Organization Unit under which the admin added them. I am building a Marketplace app, where based on if the user is teacher or a student, the functionality is allowed or restricted.
What is the best way to get this info?