I am writing a slack app having a bot user also. I am currently working on a workflow where if a user is sharing a file with the bot or uploading to a channel and then sharing a file with the bot I want to download that file. Till now what I have done is if a user is sharing a file then I am listening to file_share event and whenever I got the event then I am getting the file object with the event also having a field named "url_private" which helps me to download the file. But now the issue is to download the file I have request that URL along with user token or api token(Token that starts with xoxp-) but for a team that token is the token of the member who has installed the app in the workspace but for all other members I don't have the token so I am not able to download the file. So I want to know if I can get the token for all other members to download the file or my understanding is incorrect and I am not obliged to download the file that belongs to the user. Please help.
No, you do not need to gather access tokens from all you users.
Once a file has been shared in a channel with your bot you can download it using the bot's token as follows:
Make a GET call to the URL from the url_private property
Provide the bot's access token as authorization in the header. The syntax is:
Authorization: Bearer A_VALID_TOKEN
See here for reference and additional infos.
Related
Using this nodeJS example, I could get the data from a public sheet.
But how do I get the data from a non-public sheet owned by me (my google a/c) ?
Is there some way to send in the username and password as arguments ?
I don't want OAuth way as I want the data to be pulled from the sheet & displayed on a public webpage.
The other option I can think of is to have OAuth2 done once write a script to handle refresh tokens automatically as a cron every hour ?
Since this is a file that you the developer own i would recommend using a service account
If you share the file with the service account it will then have permissions to access it without you needing to go though the oauth2 steps of authorizing your application.
On google cloud console simply create Service account credentials
const {google} = require('googleapis');
const auth = new google.auth.GoogleAuth({
keyFile: '/path/to/your-secret-key.json',
scopes: ['https://www.googleapis.com/auth/spreadsheets'],
});
Then change your auth code slightly. Open the service account key file and look for the service account email address its the only one witha # in it. Share the file with the service account like you would any other user in google drive web app.
Once it has access you shouldn't need to authorize the app again.
I have a video on Google drive API upload file with Nodejs + service account which might help you a bit you just need the authorization code. Everything else you have should work as is.
I have an app in NodeJS which calls the outlook api and reads a user's mails. I'm connecting this to a MySQL db where I'm storing specific email replies.The app is working perfectly.
My problem is that I have to sign-in every hour to refresh the access token.
I need a way of calling the outlook api, returning the emails, store them in a db, and then expose them through an API. And I wanna automate this outlook api call through a cron job.
Does anyone have any ideas on how I can accomplish this?
What I believe you are looking for is App-only access a.k.a access without a user. More on this below.
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
In addition, you get a refresh token along with the user consented access token. You can then refresh the access token periodically using the refresh token. More on this below:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code#refresh-the-access-token
I received this error when trying to authorize my app with my own account:
Your project is trying to access scopes that need to go through the verification process.
{invalid=https://www.googleapis.com/auth/contacts}
If you need to use one of these scopes, submit a verification request. Learn More
When I use a different account, the error message is different:
This app hasn’t been verified to access:
{invalid=https://www.googleapis.com/auth/contacts}
Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again.
If not, contact the developer for help.
As per the announcement on May 11, 2017, publicly available applications with access to certain user data must pass review. If you see an access error for your app, submit a request using our OAuth Developer Verification form.
For personal-use apps and those you are testing, join the Google group Risky Access Permissions By Unreviewed Apps, which allows you to approve data access for personal and testing accounts. See the Google API Services User Data Policy for more information.
UPDATE: Corrected broken link to form.
I am creating a windows plugin which would access Yammer data like groups user follows etc, for this i created a client application and accessed yammer rest api using client id and access token i get after user allows my app to access his data in a consent page. I am able to successfully do all this when people of my network are trying to login but this does not work when the plugin is being used by people of other networks, I am able to receive the access token after the user gives his consent in user consent page, but when i try to access his data like fetching groups using rest uRL i get an error saying "{"response":{"stat":"fail","code":17,"message":"Attempt to access a protected resource failed."}}"
please be noted the client app i created is not yet deployed into Global App directory, I really doubt if this is the actual cause of the issue, because i think if this was an issue it should not have recognized the client id itself and would not have shown the external network users the consent page too. may be if i am wrong please correct me
To access users on other networks' data, your app must be globalized (even if you don't want it to be listed in the Global App Directory). Without the user's consent, your app is not allowed to attempt to login on behalf of the user, thus they see the popup for authentication, and then the auth process fails because the app is not globalized.
I am using Google Drive Java API. I need to copy a file from one Google domain to another, so my approach is the following:
authenticate with source domain service account
share file with user in destination domain
authenticate with destination domain service account and impersonate
the user
copy the original file from origin domain to destination domain
delete the share permission from the original file
Everything works as expected except that I don't want the destination owner to receive the Google Drive email notifying him about the shared file. When the file is shared via the Web GUI one can disable the notification email so I guess this is also possible via the API, the question is how ^^ Anyone?
PS: I am open to new 'less tedious' methods to create a copy of a file from one domain to another if that is possible.
On step 2, when sharing the file with the new user, you'll be using the permissions.insert() API call. You'll want to specify the sendNotificationEmails=false parameter along with this call to suppress the email notification.
In the Google Drive API V3 with permissions.create() it has changed to singular: sendNotificationEmail=false
In a POST request it would be like this:
https://www.googleapis.com/drive/v3/files/*FILEID*/permissions?sendNotificationEmail=false