I'd want to get user's emailID from an Action on Google. I understand that Google Sign-In is the best way to do that. Even though I don't really need the user to sign in to the action, I think there is no other way to get user's email (please correct me if I'm wrong). But according to the documentation,
Google Sign-In for the Assistant is currently in developer preview. You can build Actions that use this feature, but they can't be published at this time.
However, Walgreens action does the same thing. I wanted to know how. I tried to search a lot, and ended up with these answers. I have done this already and it works. But I wanted to know, if there is any way to release an app using Google Sign-In.
If not, do I need to go through OAuth2.0 flow, and if so, I assume I'd need to have my own authentication system in place?
Please correct me if I'm wrong and help me find the best way to get user's emailID. I think there should be something easier than getting an authentication system in place and getting it to support OAuth2.
if there is any way to release an app using Google Sign-In.
You want the email id of the user. Google sign-in is nothing more than you getting the user's email address (inside a token that is signed by Google so you can verify it).
If you just get an email address as a "string" then you'd need to verify it before you can use it. So think of Google sign-in as an optimized UI flow to get a user's email address. Once you get the verified email address from Google, you can let them have access to the data on your site that is under that account.
Let me know if that is not clear.
From a timeline perspective, this should be out of developer preview within a month. Let me know if you want to try using it before that.
From my own research I think you are right. Until the Google Sign In account linking graduates from developer preview you would have to implement an OAuth workflow, which is a bit of a pain (although the implicit one doesn't look too bad). So perhaps the real question is ... when will Google Sign In account linking be fully available? Anyone from Google? Even a ballpark estimate would be useful.
Related
I built a Chrome Extension using the Google Slides API ~8 months ago, with users having to sign in with the OAuth consent screen as to be able to use the extension. The extension has over a thousand users, and for the past weeks I've had reports of people seeing an error that says "Sign in with Google temporarily disabled for this app".
I checked and indeed the OAuth page was still "being verified", although it still said it would only take a few days / several weeks. I'm not using any sensitive scopes either, so it all seems very odd. If the app didn't meet the criteria I would have been rejected, but that doesn't seem to be the case.
So my question is, how can I get it verified, or if anything rejected so that I can make a new submission? I looked all over the place and I haven't found a way to get it unstuck. I'm pretty sure 8 months for verification isn't normal whatsoever.
Google seems to manually validate each OAuth screen. That's a long (and costly process), but to my experience, it generally takes 24 hours if you don't use any sensitive/restrictive scopes. As it's your case apparently, I presume your submission has probably being lost somewhere.
My recommendations:
Check in the Google Cloud Console the status of your OAuth Screen. After logged in Google Cloud console, click on the hamburger icon and select "APIs & Services" > "OAuth consent screen". At the top of the page you will see the status. If it's something like "pending verification", go to step 2. Otherwise, make sure the form is completed and submit it to verification again.
Search in your emails if you have been contacted by "api-oauth-dev-verification-reply [at] google [dot] com" (the address might slightly change as they use a ticketing solution). Maybe they tried to contact you but the email went to spam?
Get in touch with the OAuth team by emailing "api-oauth-dev-verification-reply [at] google [dot] com". Make sure to add your
Google Project number in your email, so they will be able to check
what's wrong.
Disclaimer: I don't work at Google. But I'm bit familiar with that process now :)
How? Easiest method?
Tried using postman on desktop, googles OAuth2 playground and google help pages to try make sense of what to do. Ended up using GAM as this is the easiest and gives the most helpful responses.
I have tried changing this from multiple places and i always get the error:
ERROR: 400: #UserInIllegalDomain Invitation cannot be created for user in this domain - failedPrecondition
the command:
gam update course 8077159861 owner hiddenusername#longleypark.ac.uk
(username is DEFINITELY correct ive just hidden it as its not vital information)
Any help would be much appreciated, from what i can tell some guides said to add longleypark.ac.uk to whitelisted domain under classroom but because this is the primary domain for this g suite it says you cant add your current domain so this isnt an option.
I believe the google API is broken. If anyone can prove otherwise would be a great help.
Google API support haven't managed to give me any proper response, keep saying they will test and let me know but I haven't been informed of any results yet.
Google forums support has informed me once a user account is deleted and 20 days have passed the account becomes unrecoverable which means any classrooms they are the owner of become "orphans" which means "limited functionality" and the inability to change the owner ever again, the only solution is to recreate the classroom from scratch, unfortunately along with the original account all the documents submitted to that classroom are also lost.
There are NO ways around this even though the ownerId field for a classroom really should be editable from some sort of database management tool or admin console/API.
I have run into this problem today. Thought using the API I'd be able to swap the ownerId, but no.
Bizarre that Google don't let you do this as a Google Workspace admin. We know have 3 GCSE sets which are unusable with 3 months of the 2 year course left. Very frustrating.
I'm trying to get reCaptcha working on my website.
I found out I have to register my domain for this first, since I already have a google account this is quite easy, but the very last checkbox made me think:
How does google determine who the owners are?
And what kind of alerts will those be? E-Mails?
I'm a bit worried that some random person will get an E-Mail one day not knowing what to do with it since I'm not the only one working on that domain. And if they just mean my google account I'm registering this with...that doesn't make sense because they should've written "you" instead of owners then. - although your site is making this even more confusing. :D
I'm aware this is not directly a programming question.
I'm open for suggestions for a better Stack-exchange platform to ask this question at, there are too many - I couldn't find any other that seem to fit.
In the reCAPTCHA admin settings, there is a textbox where you can enter a list of email addresses for owners. This will grant them access to manage the reCAPTCHA settings and send them alerts, if enabled.
This is a similar question to How can i get list of Domain user's from Google Apps account?
However, I'd like to use a normal account (not an administrative account) to retrieve the user list. It seems like this should be possible as the gmail autocomplete returns domain contacts not listed in the user's contact store. I've looked at the autocomplete Ajax call, but it requires something in the beginning of the string (and no, I don't really want to loop through a-z one by one - that is just way to hacky). For example:
https://mail.google.com/mail/c/u/0/data/contactstore?ac=true&ct=true&gp=true&hl=en&id=domain&max=15&out=js&tok=beginningOfUsersName&type=4
Both versions of the Google contacts API seem to omit domain users unless you have them imported into your own contacts list. I've also looked at querying users in the "Coworkers" system group, all to no avail. I also find it interesting that "add a coworker's calendar" on Google calendar does not provide autocomplete - they use a popup instead.
I'm working on a C# project, but this is a general Google API question, so any pointers in any language would help.
Update
It looks like this is feasible now with admin/directory google api endpoints
see: https://developers.google.com/admin-sdk/directory/v1/guides/manage-users?authuser=0#retrieve_users_non_admin
Original answer
I was able to work around this issue, so I'll document the workaround, even if it doesn't involve Google. I wrote a program (in C#) to query the internal Active Directory (LDAP) store and pick up all the users from there instead. At that point I could get their email addresses and query Google with it. Not the best method, but it worked for my needs.
The C# was roughly patterned from this powershell script, although I pulled out the computers query and added in the capture of the user's email address: http://www.visualbasicscript.com/List-all-users-or-computers-in-the-default-domain-m35650.aspx
The LDAP property I included to get the proper email address for Google was 'proxyAddresses', although this will not be correct for all environments.
I am looking for a step by step guide to implement Google OpenID+OAuth in our Webapplication running on Heroku for getting calendar/contacts data. I have looked at many documents and Q&A about this but still can't make things work and was wondering if anyone here knew of a place which describes the plugins, gems needed and a step by step guide. The reason for using the hybrid is that we need a permanent token from Google that we can track for users across multiple sessions.
Truly appreciate any help.
Best,
_KK
You cannot use Google's OpenID to access other service. So you will need to ask user to provide username/password when you want to access calendar (make sure it's SSL-ed!).
So for calendar you can use: GCal4Ruby.
But in general you can access user data using official Google GData gem.