I have a single page application with some user-related calendars. The task is to write integration with the google calendar. A user should be able to click on 'integrate with google calendar', select his google account, give read+write access to the calendar, and then the application should be able to do a number of things within the user google calendar like creating a new calendar and sync all events inside it with the application data.
I started with this example, https://developers.google.com/calendar/quickstart/js
It works, but as I understand it's for online front end work only. Is it possible to retrieve authentication from this front end and send it to the back end? I want back end to operate server-to-server mode, while the user is offline.
I have checked the other, back end gapi integrations, but they do not look so cool, there're some redirects. I want to keep everything inside a single page with ajax and popups.
In order to access a users data when the user is off line you need something called offline access. When you authecate the user you will need to request offline access then the server will return to you a refresh token.
A refresh token is long lived you will be able to use your refresh token at anytime to request a new access token which will allow you to access the users data.
You cant use offline access with JavaScript you will need to use a server sided language like say node.js, php, phython .... you will not be able to use gapi
Related
Is there a way to automatically authenticate the google javascript api client, without user interaction?
Something like this:
User loads webpage -> webpage automatically signs in into a predefined user account -> api calls get executed
Basically i want to prevent the popup where you have to select an account and sign in to it. As the account which will be signed in is always the same.
EDIT:
pinoyyid answer looks promising and is what im looking for. But this only works if the user has signed in with an account at least once, if im not mistaken.
Now i dont want to use an account supplied by the user, but a predefined account which i am the owner of and sign this account in.
Im not entirely sure if this is even possible, as i have to provide the password/some authentication code to google and somehow do this in a secure way.
Use Case: The website will create a Youtube Broadcast via the Youtube Data/Livestream API for the specified account.
Yes you can do that. Referring to https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
there are three pieces of information that will get you where you want to be:-
The OAuth URL can include a login_hint which is the email of your intended user
The OAuth URL can also include prompt=none which will do its work silently
This all needs to run in an iframe because this is based on origins and redirects.
==EDIT==
If the requirement is for a browser client to connect to a Google Account other than that of the browser user, then this is not possible. It's kinda obvious really that to do so would require a credential in the browser which by definition is not a secure environment.
The approach I would take would be to use a service such as Lambda or Google Cloud Functions (or whatever marketing name they have this week) to create a proxy for the corresponding Google API using a credential stored server-side.
There is a web application that I use regularly, and it uses Google OAuth for login. What I mean by that is that I get the following screen when I visit the application after a considerable amount of time.
Now, I want to develop an application, that directly makes a call to an API that this application makes a call to. But it turns out, the credentials that I send in the POST request work as long as I am logged into this application, but not after that. So, is there a way that I can log into this application programmatically, say every 2 hours?
I guess you are looking for "offline access". When you send the request, you are sending an access token that expires after an hour.
With offline access, the first time you log in, you will get a refresh token (you need to store it in your database) that allows you to generate new access tokens (without you being present) when old tokens have expired.
I suggest you to take a look on this link.
Hope this helps.
I have an app in NodeJS which calls the outlook api and reads a user's mails. I'm connecting this to a MySQL db where I'm storing specific email replies.The app is working perfectly.
My problem is that I have to sign-in every hour to refresh the access token.
I need a way of calling the outlook api, returning the emails, store them in a db, and then expose them through an API. And I wanna automate this outlook api call through a cron job.
Does anyone have any ideas on how I can accomplish this?
What I believe you are looking for is App-only access a.k.a access without a user. More on this below.
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
In addition, you get a refresh token along with the user consented access token. You can then refresh the access token periodically using the refresh token. More on this below:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code#refresh-the-access-token
How can I get Google Analytics report on my SPA without authorization by Google?
Without authorization as a participant of project made I get this error
403 PERMISSION_DENIED
403 PERMISSION_DENIED
Means that you do not have permission to do what it is you are trying to do.
How can I get Google Analytics report on my SPA without authorization by Google?
You cant you must always be authenticated in order to access google analytics data.
In order to access private user data you must have permission to access it. Your google analytics data is private. There for you must be authorized though google in order to access that data.
If you are looking for a way of doing it without requesting access of the user. For example if you would like to display data from your personal Google analytics account to others without requiring that they have access to the data then you could use a service account. Service accounts are preauthorized so that your code will run and have access to the data without having to request access of a user.
Don't do Analytics API requests for your own data at the client side.
What you should do is have a server side job that requests data from the API every day and caches the result. Then you can provide the result for clients.
The API have limits in place that avoid more than 10k requests per day, having this done at client side means that you will reach this limit. This limit is in place exactly to discourage use cases like yours.
Having this done on the client side means exposing your credentials at the client side which would also likely allow users to query data you don't intend to share or maybe even change settings in your account depending on which scopes you are authorized.
You have to rethink your design to not do this job on client side.
In the documents of Google One-Tap sign in, it says:
Returning users are signed in automatically, even when they switch devices or platforms, or after their session expires.
Question 1:
But it doesn't say anywhere how it does this? Is the user refresh token saved in the browser's cache? How can it then auto log in a user cross devices?
Question 2: The reason I ask is because I have a setup where I initialize the Google API client for JavaScript ("GAPI"). The GAPI library also automatically logs in a user whenever the client is "initialised" through gapi.client.init().
Now the problem is that after I have added the Google One-Tap code (Or should I say "YOLO code"? : ) my user gets logged in through One-Tap and also through GAPI. I can prevent this by not initializing the GAPI client, but I don't think that's wise, because I thought this whole library is built to manage my refresh tokens etc. Is my understanding correct that One-Tap does exactly the same and in case I only want to Authenticate users I do not need the GAPI client anymore?
Really, which library does a better job at managing my refresh tokens? And how do they differ? I'm clueless...
The way I implemented my login is the following:
Try to login in the user first using gapi.auth2. Maybe the user was previously signed into the site.
If can't login user automatically, then use googleyolo to try to find existing user accounts.
If no existing accounts, then present a signin button for user to signin.
I can give you some code snippet if you need.
To answer your questions.
#1, the credential is stored within the browser/device. If the user has never signed into google in a device, then yolo won't be able to sign in the user.
#2. googleyolo will also login the user, the difference is that it will give the account selector even if there's only one user to select (it will automatically login the user if there's only one). gapi simply sign in the user without showing anything.