According to documentation I created simple authentication in my outlook add-in https://learn.microsoft.com/en-us/graph/tutorials/javascript?tabs=aad&tutorial-step=3
But i get an error: DeviceCodeCredentials is not supported in the browser; when i try to create auth provider in my outlook add-in. Which authentication I should use to successfully create 'graph client instance'? Or better solutions exists?
`
const graph = require('#microsoft/microsoft-graph-client');
const authProviders =
require('#microsoft/microsoft-graph-client/authProviders/azureTokenCredentials');
_deviceCodeCredential = new azure.DeviceCodeCredential({
clientId: settings.clientId,
tenantId: settings.tenantId,
userPromptCallback: deviceCodePrompt
});
const authProvider = new authProviders.TokenCredentialAuthenticationProvider(
_deviceCodeCredential, {
scopes: settings.graphUserScopes
});
_userClient = graph.Client.initWithMiddleware({
authProvider: authProvider
});
`
I also tried other auth methods, but all they didn't work. How I can auth my user in outlook add in? Maybe there are some ways to auth without azure?
Probleme
I want to create a server application that modifies playlists on spotify, deezer and youtube (to create multi-platform playlists). My problem is that these different services require OAuth2 authentication to manipulate playlists, and that this authentication requires human intervention
What I've tried
I tried to use the api key, but it did not allow me to edit the playlist (access_key needed).
My Research
from what I understood from the different documentation, the api key is made for server applications (like my case) and that the OAuth2 authentication is more made to authenticate a client.
Question
how to authenticate a server side application with an OAuth2 flow. or how to allow a server application to modify/manipulate playlists on youtube, spotify, deezer.
Details
i use node server.
The first thing you need to under stand is the difference between public and private data. Private data is data that is not owned by anyone that any one has access to. Public videos on YouTube for example can be read by anyone. Private user data is data that is owned by a user that being their play lists for example.
API keys will only give you access to public data not private user data.
The only flow available to you to read YouTube private user data is Ouath2. What you should do is follow the official node.js sample.
When you run this sample it is single user it will store the user credentials in TOKEN_DIR. Then it will use the refresh token that was generated in order to request a new access token when ever it needs one. So you will need to authorize your code once then it will be able to run on your server without you having to grant it permissions.
var fs = require('fs');
var readline = require('readline');
var {google} = require('googleapis');
var OAuth2 = google.auth.OAuth2;
// If modifying these scopes, delete your previously saved credentials
// at ~/.credentials/youtube-nodejs-quickstart.json
var SCOPES = ['https://www.googleapis.com/auth/youtube.readonly'];
var TOKEN_DIR = (process.env.HOME || process.env.HOMEPATH ||
process.env.USERPROFILE) + '/.credentials/';
var TOKEN_PATH = TOKEN_DIR + 'youtube-nodejs-quickstart.json';
// Load client secrets from a local file.
fs.readFile('client_secret.json', function processClientSecrets(err, content) {
if (err) {
console.log('Error loading client secret file: ' + err);
return;
}
// Authorize a client with the loaded credentials, then call the YouTube API.
authorize(JSON.parse(content), getChannel);
});
/**
* Create an OAuth2 client with the given credentials, and then execute the
* given callback function.
*
* #param {Object} credentials The authorization client credentials.
* #param {function} callback The callback to call with the authorized client.
*/
function authorize(credentials, callback) {
var clientSecret = credentials.installed.client_secret;
var clientId = credentials.installed.client_id;
var redirectUrl = credentials.installed.redirect_uris[0];
var oauth2Client = new OAuth2(clientId, clientSecret, redirectUrl);
// Check if we have previously stored a token.
fs.readFile(TOKEN_PATH, function(err, token) {
if (err) {
getNewToken(oauth2Client, callback);
} else {
oauth2Client.credentials = JSON.parse(token);
callback(oauth2Client);
}
});
}
/**
* Get and store new token after prompting for user authorization, and then
* execute the given callback with the authorized OAuth2 client.
*
* #param {google.auth.OAuth2} oauth2Client The OAuth2 client to get token for.
* #param {getEventsCallback} callback The callback to call with the authorized
* client.
*/
function getNewToken(oauth2Client, callback) {
var authUrl = oauth2Client.generateAuthUrl({
access_type: 'offline',
scope: SCOPES
});
console.log('Authorize this app by visiting this url: ', authUrl);
var rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});
rl.question('Enter the code from that page here: ', function(code) {
rl.close();
oauth2Client.getToken(code, function(err, token) {
if (err) {
console.log('Error while trying to retrieve access token', err);
return;
}
oauth2Client.credentials = token;
storeToken(token);
callback(oauth2Client);
});
});
}
/**
* Store token to disk be used in later program executions.
*
* #param {Object} token The token to store to disk.
*/
function storeToken(token) {
try {
fs.mkdirSync(TOKEN_DIR);
} catch (err) {
if (err.code != 'EEXIST') {
throw err;
}
}
fs.writeFile(TOKEN_PATH, JSON.stringify(token), (err) => {
if (err) throw err;
console.log('Token stored to ' + TOKEN_PATH);
});
}
/**
* Lists the names and IDs of up to 10 files.
*
* #param {google.auth.OAuth2} auth An authorized OAuth2 client.
*/
function getChannel(auth) {
var service = google.youtube('v3');
service.channels.list({
auth: auth,
part: 'snippet,contentDetails,statistics',
forUsername: 'GoogleDevelopers'
}, function(err, response) {
if (err) {
console.log('The API returned an error: ' + err);
return;
}
var channels = response.data.items;
if (channels.length == 0) {
console.log('No channel found.');
} else {
console.log('This channel\'s ID is %s. Its title is \'%s\', and ' +
'it has %s views.',
channels[0].id,
channels[0].snippet.title,
channels[0].statistics.viewCount);
}
});
}
You may want to monitor it there are some instances where a refresh token will be expired in the event that happens you will need to authorize the application again.
An OAuth 2 application delegates the authentication to services (eg. Google, Spotify, Amazon, Github, LinkedIn, etc.) that host a user account and asks for (limited) authorization from those services, after the user has given consent.
There is a difference between authentication and authorization.
Authentication makes sure a user is who they're claiming to be. Whereas Authorization governs what the user has access to.
So your OAuth2 application is leveraging Spotify social account integration to delegate authentication to Spotify and in turn receiving limited authorization to modify playlists (only).
To answer your question: To be able to perform any action (eg. modify Spotify playlists) you'd need the access token from Spotify API. Here's what the process looks like:
User logs in to your website using their Spotify account.
User is redirected to the consent screen. They give approval for the permissions your application is asking for (i.e., modify playlist permission).
Once the user consents, your application receives an access token (along with a refresh token, and profile information).
Your application then uses the provided access token to modify the user playlists.
Passportjs is a very well built library around OAuth2 and it has support for Spotify OAuth2. I have recently documented about the complete process to implement multi-provider OAuth2 in node.js along with the explanations.
I am working on Google Cloud Search API to search documents stored in Google Drive. I have Google Workspace account and few documents stored in Google Drive. I am able to search using Google Cloud search console but facing issue using below node.js code for searching using API.
Issue: I am able to generate the access token but get below error for search query:
Error: This project doesn't have Cloud Search's Query API Enabled,
and/or the Cloud Search Platform license has not been assigned to the
user account calling the Query API
var {google} = require("googleapis");
var serviceAccount = require('C:/nodejstest/key/serviceAccountKey.json');
// Specify the required scope.
var scopes = [
"https://www.googleapis.com/auth/cloud_search",
"https://www.googleapis.com/auth/cloud_search.query"
];
var jwtClient = new google.auth.JWT({
email: serviceAccount.client_email,
key: serviceAccount.private_key,
scopes: scopes,
subject: 'sample#example.com'
});
// Use the JWT client to generate an access token.
jwtClient.authorize(function(error, tokens) {
if (error) {
console.log("Error making request to generate access token:", error);
} else if (tokens.access_token === null) {
console.log("Provided service account does not have permission to generate access tokens");
} else {
var accessToken = tokens.access_token;
console.log('accessToken= ' + accessToken)
// Include the access token in the Authorization header.
}
});
const service = google.cloudsearch({version: 'v1'});
service.query.search({
auth: jwtClient,
requestBody: {
requestOptions: {
searchApplicationId: 'searchapplications/default',
debugOptions:{enableDebugging: true}
},
query: 'My query'
}
}).then((res) => {
console.log(JSON.stringify({results:res.results.length}));
console.log(JSON.stringify({resultsInfo:res.results[0]}));
}).catch((err) => {
console.error('Unexpected error with cloud search API.');
console.error(err.toString());
});
In above code I am passing workspace admins email id as subject.
I followed steps mentioned at below link
Configure access to the Google Cloud Search REST API
Perform Google Workspace domain-wide delegation of authority
Go to the google console then select the your project.
Then search for Cloud Search API then enable it.
Also make sure that your service account have access on Cloud Search Indexing API
I am new to SalesForce and Heroku platform. I am trying to explore and learn as much as possible.
I have developed React app and deployed to Heroku. Its working as expected, but I am at a stage where I am suppose to make Rest API call to Salesforce and get data from SalesForce Object.
I tried jsforce, nforce plugins to connect to Salesforce and fetch data. But unable to.
I used Postman to connect to SalesForce, I am able to connect. But I am getting error when I am trying to connect to Salesforce through code stating (400 bad request).
I have enable CORS on my environment (sandbox). Please let me know if I am missing some configuration settings, it will be really helpful.
var org = nforce.createConnection({
clientId:
"3MVG9sLbBxQYwWqvgNjn4MAlHFib10UPpW1IV7IDsN55vY7xaljuzUxvnsVrk",
clientSecret:
"F762DF566D8B29455F54EC8176CBC19C54CBE953517AC",
redirectUri: "https://www.google.com/",
environment: "sandbox",
mode: "single",
autoRefresh: true
});
let creds = {
username: username,
password: password + securityToken
};
org.authenticate(creds, function(err, resp) {
if (!err) {
console.log("Access Token: " + resp.access_token);
oauth = resp;
} else {
console.log(err);
}
});
And below is the error which I am getting:
In my c# desktop app, I'm using Google's API to authenticate and retrieve the access token for an API. I noticed that the API will cache this token and use it again until it expires.
Using my browser, I was able to revoke the token using:
https://accounts.google.com/o/oauth2/revoke?token=1/xxxxxxx
I did this to test out how the API handles revoked tokens. As exepected, the API fails. The problem I have though is getting the API to use a new token. It continues to retrieve the cached token, even though it's been revoked. The following code is used to authenticate the use of the API:
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(GoogleClientSecrets.Load(stream).Secrets, Scopes, "user", CancellationToken.None);
How can I get the API to remove the cached token and request a new one?
You have to log out before getting a new token. You can read about OAuth 2.0 here https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth?hl=uk .
Below how I've done that for my windows phone 8 application:
var string const GoogleTokenFileName = "Google.Apis.Auth.OAuth2.Responses.TokenResponse-user"
public async Task LoginAsync()
{
await Logout();
_credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(new ClientSecrets
{
ClientId = _xmlfile.GoogleClientId,
ClientSecret = _xmlfile.GoogleClientSecret
}, new[] { Oauth2Service.Scope.UserinfoProfile }, "user", CancellationToken.None);
return session;
}
public async Task Logout()
{
await new WebBrowser().ClearCookiesAsync();
if (_storageService.FileExists(GoogleTokenFileName))
{
_storageService.DeleteFile(GoogleTokenFileName);
}
}
Hope it helps.