i have a question about getting client secret.
in google API doc, we need to enable and download JSON file from google console API. secret->credentials->API.
so in development that totally works fine. so i have a problem when in production. my app need get the API, but how to get client secret from code?
so while the user login/sign up. the user should not go and enable API first at the console.
its that possible to download client secret from code?
thanks
There is no API for Google Developer console. The only way to create a new client, enable APIs for it and get the Client secret. is to do so on the Google Developer console.
It is not possible to programmaticlly download the client secret.
Related
I'm working on an Electron application that needs to render Gmail in a WebView. I've got to the point where I can authenticate via OAuth2 and get a token, but don't know what to do with it from there.
Fundamentally, I need a way to send the token to Google in a way that then loads the regular GMail web interface. Is this possible?
All wisdom appreciated!
I think you have misunderstood the usage of the Gmail api.
I need a way to send the token to Google in a way that then loads the regular GMail web interface
The gmail api allows you to access a users Gmail account the data is returned in json format. If you want this displayed or formated in anyway that will be up to you.
There is no way to pass a Oauth token to anything that will load the gmail website only google can load that.
I'm trining to create live stream on youtube using google API. Now it working only when I use oauth authorisation. When I use API key authorisation I get authorisation error (login required)
When I use oauth authorisation - it require to enter confirmation code each time I create new translation. Is it possible to use "liveStreams->insert" method of API with authorisation that does not require entering of confirmation code?
From what you are writing it appears to me that you haven't understood the concept of OAuth and when to use OAuth vs an API key.
Try to think about it this way: You, as a person, have a Google account. This Google account is not the same as your YouTube account (or, as it is more commonly refered to, your YouTube channel). But your Google account is associated with your YouTube channel (of which you can have multiple). Because you are logged in to your Google account and your channel and Google account are linked, the YouTube website knows who you are and gives you access to your channel.
Now you head over to the Google Cloud Console. Here you create a project, which is very similar to a YouTube account in the sense that it, too, is an independent account which in this case represents your app, but is linked to your Google account so the Cloud Console website knows to give you access to the project as long as you are logged-in to your Google account.
HOWEVER, your YouTube account is not linked to your Cloud Console project. When you make an API request with an API key, the API does not see you as in "your Google account", but rather your apps's Cloud Console Project. That's why with an API key, you can only access publicly available data (everything you could "see" when you browse YouTube while not being logged-in).
So, in order for an application to read private channel information or modify channel information, the API needs verification that whoever makes that request is actually allowed to do that. This is where OAuth comes into play.
When you say you have to provide the confirmation code for each request, I think you don't save the access token and refresh token. I highly recommend you read Using OAuth 2.0 to Access Google APIs and Obtaining authorization credentials over on Google Developers to help get you started.
I tried to build a mobile app (client(mobile) <-> server) and i'm going to use google API to authenticate and identify my user and to sync to my server.
which is the best method to achieve this?
I was thinking to use below method:
Mobile app get authorization code
send the code to server
server contact google server to get access token
both server and mobile client use the access token to access data from google. <-- is this access token generated portable? means: i can use it in server as well as in mobile app?
i'm not sure if above method is the right method that i should use, if it the right method, is there any reference that i can follow (esp. in python) - i tried to read developer.google.com but it's quite humongous type of API there and i got lost...
Thanks for the kind advise
I have a marketplace app that I'd like to use to access the Google Drive API. I'm currently using the gdata API using 2-legged OAuth. My understanding is that the new Google APIs, including Google Drive API do not support 2-legged OAuth.
How can I access the Google Drive API for my customers' domain without asking each of my customers's users for individual permission?
On my Google Apps Marketplace Vendor page, there is a link to the Google APIs Console, with a project linked to my Marketplace App, but there is no option to create an OAuth 2.0 Client ID. I can only create a Simple API key.
Apparently, you used to be able to use the two-legged OAuth credentials along with the server api key to authenticate, but it looks like that's no longer the case. I tried to authenticate using this method with an old Google API .net sdk, but got a 401. I downloaded the newest sdk, and two-legged OAuth is completely missing. I checked out a copy of the Ruby sdk, because it was used in the video "Google Drive SDK: Using the Drive API with the Google Apps Marketplace", but it looks like (I don't know Ruby) it explicitly forbids two-legged OAuth:
case authorization
when :oauth_1
STDERR.puts('OAuth 1 is deprecated. Please reauthorize with OAuth 2.')
I feel like Google is intentionally ignoring my questions about this topic.
You can use domain-wide delegation to access users' data without asking each user. Details are explained on https://developers.google.com/drive/delegation
I took a look in some docs at developers.google and some questions here in stackoverflow and I really would like to found an objective answer about use the Google OAuth Server to authenticate an application and grant access to download docs into a Google Drive account with NO BROWSER interaction.
As far as I could look, docs like "Using OAuth 2.0 for Server to Server Applications", "Using OAuth 2.0 for Devices", answers here, I couldn't found an article saying "Is possible to authorize an application to get files from a common Google Drive account in Devices with no browser...".
Anyone have tried and had success in this jorney?
The Devices flow is meant for applications that run on devices where no browser is present (fancy example could be a wristwatch that shows new G+ notifications) and requires the user to do manual steps on a device that has a browser. Also this is for getting access to data on the user's account.
UPDATE:
As you say you have an embedded application running without a browser available and want to access data on behalf of a user, this is definitely the way to go. This however still needs the user to login (once) on another device with a browser. After you got an access token using this flow, you can then access the Google Drive API either manually or by using some library.
So you want to access data on Google Drive that belongs to a special account and only your application can access it without a browser involved?
A Service Account (the Server-to-Server flow) would be exactly what you need. These however are only for usage on a web server, as otherwise your private keyfile would have to be deployed to a client, where it could easily be extracted.
One thing you could do is use your own web server that fetches data from your Google account using a Service Account and have a client application that only connects to your own web server. This has of course also its downsides, especially when it comes to locking down your web server so no third party clients could access it.
It can be done, but a browser does need to be used. I've successfully gotten OAuth 2.0 working on an IBM i (AS/400, iSeries, System i, whatever the name is today) which doesn't have a browser. I've so far implemented the Calendar and Google Cloud Print APIs.
During the OAuth 2.0 negotiation you will be returned a URL and a code. You need to display the URL for the user to go to, then the code to enter to grant authority for that specific API/scope. I have an example in our documentation here:
http://docs.bvstools.com/home/greentools-for-google-apps/docs/g4g-base-commands/g4gregsvc
But, the issue now is that the drive API is not yet available to devices. But, Google has said that soon it should be.