in my account the google drive api is disabled but still when I authenticate a thirdparty app using oauth2.0 it can access my drive files. Then what is the use of this enable api.
Cloud developer console is a place for developers to create applications. when you create a new application you must decide which APIs will be used by that application.
I authenticate a third party app using oauth2.0 it can access my drive files
Unless you are the developer of the third party application setting this will not have any effect on what applications created by other developers can do with your account. If you dont want them accessing your drive account then dont install any third party applications that request permission to access your drive account.
Related
I am trying to make a desktop application with Twitch API and Google API.
Since this application requires Twitch user permission, a user needs to authorize my application through twitch's OAuth and I think there's no way to omit this process.
Now, I want to add some functionalities from Goole APIs, for instance TTS.
My application will be installed and run on user's local machine,
it cannot store API key or credential information safely.
I think I have three options:
Add Google OAuth: This is most safe way, I think, but I don't think I can convince users to authorize another Google account even though they already authorized their Twitch account.
Make a kind of proxy server which verifies request for Google API using twitch authentication information and relays request to/response from Google API. This seems feasible but it requires additional payment to running server for sending data from Google API. I already have to pay for TTS service, another payment for proxy server which sends binary data frequently would be a financial burden for me.
Make a server to acquire API key for Google API. This also requires additional server, but it does not involve lots of traffic because application will access Google API directly once API key acquired. However, I concern that the API key may be easily stolen using monitoring tool such as wireshark.
Which method should I use here, and how can I improve it?
Or, is there better way for this case?
When I want to use Google's Gmail API within my web application in order to receive and send emails, then must this web application be deployed in the Google Cloud as a precondition and any on-premise hosting will fail? Is this the price one must pay to use it?
Your application's code can be hosted anywhere you want. However, you do need to create a Google Cloud account to create a project, enable the APIs and get the application credentials:
Cloud APIs use application credentials for identifying the calling applications. Credential types include API keys, OAuth 2.0 clients, and service accounts. You can use Google Cloud console to create, retrieve, and manage your application credentials. For more information about application credentials, see Authentication Overview.
Once you have your project's credentials you can just create the code within your current app and use the credentials wherever they are needed. You can refer to one of Google's quickstarts for that.
Sources:
Getting started with Google Cloud APIs
Developing on Google Workspace
Gmail API Overview
I want to write a program that downloads files from my Drive systematically, and uploads them elsewhere in my Drive. In order to use the Drive API, does my program have to be on the Drive app store? Or can it simply be used privately and locally on my computer.
The Google Drive API is just a rest api.
REST-compliant Web services allow requesting systems to access and manipulate textual representations of Web resources using a uniform and predefined set of stateless operations.
Which basically means access runs over a webserver. Any programing language that can handle a HTTP POST and HTTP Get can access these rest APIs. You can write an application in java or C# that sits on your local pc and accesses Google drive API.
I am not sure what you mean by drive app store. To my knowledge drive does not have its own dedicated app store.
Note: to access Google APIs you must register your application on Google Developer console
We are trying to put an app on the marketplace which needs multiple client_ids
(The app is running on appengine standard with python 2.7)
a client_id for the service_account with domain wide authority
a client_id for the web application
a client_id from an apps-script library
All client_ids use different scopes. I have combined all scopes and entered them on the marketplace SDK configuration.
When i deploy the app on a test domain, only the serviceaccount seems to be authorized.
When the user then access the webapplication he is presented a grant screen which we want to avoid.
The documentation https://developers.google.com/apps-marketplace/preparing?hl=fr seems to imply that multiple client_id's are possible.
How should i configure the marketplace app so that multiple client_ids are authorized?
Is there something special i should do on the credentials configuration page of the api-manager?
Check how you implement the authorization using OAuth 2.0, Service accounts allow a Google Apps domain administrators to grant service accounts domain-wide authority to access user data on behalf of users in the domain. You can also read Server to Server Applications documentation.
Note: You can only use AppAssertionCredentials credential objects in applications that are running on Google App Engine or Google Compute Engine. If you need to run your application in other environments—for example, to test your application locally—you must detect this situation and use a different credential mechanism (see Other). You can use the application default credentials to simplify this process.
Hope this helps.
It turned out all three client_id's were being authorized after all.
the days that i was testing this, it took very long for the authorization to take effect.
At this time all scopes and clientid are authorized within a few minutes.
I am implementing an integration with Google Drive, which is to show a user's Drive files on our own website (after a 3-legged OAuth2 authorization).
So it is not a webapp that you will connect to the Google Drive UI, and thus I don't see the need to publish it in Apps Marketplace.
My project is created with my personal (free) account on console.developers.google.com,
and I'd like to confirm here: if not published, will it still work with any types of accounts, especially with enterprise accounts(e.g. Google Apps for Work)?
It does not need to be published as long as the domain administrator has not disabled Drive Apps. If a domain admin has disabled Drive Apps, I believe publishing to the Google Apps Marketplace is required so that the domain admin can install the App for all domain users.