How can I programmatically retrieve information about an OAuth client given its appId (xxxx.apps.googleusercontent.com). I am interested in retrieving Google API scopes the app is requesting (e.g.: https://www.googleapis.com/auth/userinfo.email) along with marketplace ratings and user coun t (if applicable).
Screenshot
I believe you can only access those stats if you own the app/add-on. Assuming that you're working on a GSute add-on, if you deploy the app via GSuite Marketplace you'll have to explicitly specify the scopes your app requires and you can check those scopes from your Google Console. I believe that there is also a dashboard available to the app developer (probable from Google Console) with analytic data related to performance.
Related
I'm developing a service that requires access to the Google Play Developer API on behalf of my users.
I created an API project of type Web Application. It can successfully request the users' androidpublisher permission using an OAuth consent screen. Based on the documentation, it should be able to make requests to the Google Play Developer API.
But requests to the API fail with the following error:
The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console.
From my understanding, the API Project needs to be linked to the Google Publisher Account from the Console (Settings -> API access -> Linked projects). However, the project doesn't appear in the list (since it's not owned by the user).
Is there any solution to this? Thanks!
There is not a solution to this. The only model the console supports for acting on behalf of developer users is for them to create the project in the Play Console, and you provide them a tool that they can use on their project.
I am trying to access Google play developer API https://developers.google.com/android-publisher/ to build an inapp purchase product for my company Application.
We have to get authorization to make a GET call to the Google play developer API. https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get
I followed the steps presented here. https://developers.google.com/android-publisher/authorization
Created an Oauth client and and also service account. The gmail account I used was part of the 'Users and permissions' in play.google.com console.
But when I tried to access the API, I got an error
As I started searching about this error, I understood that there is something else called 'API Access' in play.google.com. When I tried to access it, All I saw was
But I saw in other posts that there exists a screen with details like
https://i.stack.imgur.com/Hdjjy.png
So how can I go forward to access API. I did everything as mentioned in documentation of google but it didnt work. Also I dont have access to see the screen of 'API Access'.
Also I am confused, if you can create service accounts from both 'API Access' screen and also from 'credentials' screen in console.developers.com, which one should be used ?
Just to check you understand there are a few different APIs to do with in-app purchases.
Play billing library is designed to be used in your app. This is what allows users to buy things from your app
Configuring in app products. When your app supports in-app products you have to support what the products are and the prices. This is done via the Play console, either manually or in batches uploading CSV files.
Finally is the API you refer to in your question. This is not designed for use in your app, and you don't have to use it to support in-app products. Instead this API allows your server (not app) to validate a user's purchase. In order to use this API, you need to enable the "API access" in the page you found. This can only be enabled by the account owner for the Play console, for security reasons. You will need to find the Owner of your Google Play account, and get them to log in and create a service account which has API access.
I am able to access it now. I am not the owner of the Google Play console.That was the issue. You just have to go to API Access page and click on "create OAuth Client" or "create Service Account ".
You can use those credentials to access API from postman or through your code.
We're trying to figure out how to submit to the marketplace, but are not sure what we need to do to alter our existing signup flow to accomodate the SSO requirement
Our app was not originally built to be a marketplace app so our signup flow is built for individual users. We are already following the OAuth2 flow as outlined on this documentation page. However, its not clear to me how this works for an entire org when installing from the context of a marketplace app.
Does the admin grant access to all the individual scopes we currently request for the entire org at once? Is there need for some sort of service account or something since we currently are requesting offline access? I'd like to understand what changes we need to make to our server's signup flow in or whether it is just a scope / manifest mismatch.
We currently request the following scopes from an individual user when signing up.
['email', 'profile' ,'https://mail.google.com/', 'https://www.googleapis.com/auth/calendar'],
Exact questions are...
What (if anything) do we need to do to alter our current individual-focused signup flow to accommodate a Google Apps Admin signing up their whole domain?
What scopes do we need to in our Google Apps Admin listing and how do they relate to the scopes we currently request from individuals?
There are not so many changes if you are already using three legged OAuth2.
The first change would be in you project in the developer console. There you need to enable the Marketplace SDK and make the necessary configurations. Here you will add the scopes that your app will request and those are the scopes that the admin will see when installing the app.
The admin will see the scopes your app is requesting, and he will decide if it's ok to install the application in the domain. If it is approved, then yes, the admin would grant access to the entire domain.
Offline access is part of the Oauth flow, after you receive the refresh token, you can continue refreshing the access token without having the user to grant access again.
It is not necessary to have a service account. The service account has two purposes:
To manage information related to the application. In this case the service account can have access to it's own drive to store and retrieve information that is related to the app functionality.
Impersonation of users. When using domain delegation of authority, you can use a service account to impersonate any user in a domain and act on it's behalf to make API calls.
To deploy your app, you also have to create a new project in the Chrome Web Store, with a manifest for Marketplace.
To answer your questions:
It's not necessary that you modify your current oauth flow. The admin will install the app in the domain, but when a user access to the app, the process for authentication is the same as individual.
The scopes in your Marketplace SDK configuration should match the scopes your app will use. This is mostly for security reasons, it wouldn't be safe if you install an app with some scopes and then the app uses different scopes.
You can try your app before actually deploying it by adding trusted testers in the chrome web store dashboard or in the Console API configuration. This way you can check if your flows and all the configurations were done correctly.
Hope this helps. Let me know if you have more questions.
I developed web application where I need to allow users to embed their google analytics dashboard. In order to access analytics dashboard I need client_id and service_email.
Is there a way to grab client_id and service_email using OAuth, I don't want to force users to manually create client_id so they can integrate dashboard.
Just to mention I'm using Laravel 4.
I get what's the issue here.
You actually have to set up a new project in https://console.developers.google.com. That is where you actually enable OAuth to Access Google Analytics API. The client_id and service_email you are referring to are actually the developer's one, which are accessible under Project > API & auth > Credentials in the Dashboard.
There's quite a lot to take in. I'll be available to clarify concepts for you.
References:
https://developers.google.com/accounts/docs/OAuth2
https://developers.google.com/console/help/new/
I have a marketplace app that I'd like to use to access the Google Drive API. I'm currently using the gdata API using 2-legged OAuth. My understanding is that the new Google APIs, including Google Drive API do not support 2-legged OAuth.
How can I access the Google Drive API for my customers' domain without asking each of my customers's users for individual permission?
On my Google Apps Marketplace Vendor page, there is a link to the Google APIs Console, with a project linked to my Marketplace App, but there is no option to create an OAuth 2.0 Client ID. I can only create a Simple API key.
Apparently, you used to be able to use the two-legged OAuth credentials along with the server api key to authenticate, but it looks like that's no longer the case. I tried to authenticate using this method with an old Google API .net sdk, but got a 401. I downloaded the newest sdk, and two-legged OAuth is completely missing. I checked out a copy of the Ruby sdk, because it was used in the video "Google Drive SDK: Using the Drive API with the Google Apps Marketplace", but it looks like (I don't know Ruby) it explicitly forbids two-legged OAuth:
case authorization
when :oauth_1
STDERR.puts('OAuth 1 is deprecated. Please reauthorize with OAuth 2.')
I feel like Google is intentionally ignoring my questions about this topic.
You can use domain-wide delegation to access users' data without asking each user. Details are explained on https://developers.google.com/drive/delegation