We are attempting to track referral source in our app, but most of the referrals are Onelogin, which is hiding the actual referral. How may we obtain the actual referral?
Related
I am trying to use the google static street view API to get an image of a property. The docs for the API state that I need to use a "digital signature": https://developers.google.com/maps/documentation/streetview/overview
I am trying to generate a signature, but the guide google provides doesn't seem to make much sense. These are the docs I am reading in regards to generating a signature: https://developers.google.com/maps/documentation/streetview/digital-signature#get-secret
But when I navigate to this page it doesn't seem to show the things mentioned in the docs that allow you to generate secrets.
When using Street View Static API or Maps Static API, the documentation specifically says:
"We strongly recommend that you use both an API key and digital signature, regardless of your usage."
Regarding your question, you seem to be on the Metrics page instead of the Credentials page.
Now on how to generate a digital signature, let me just quote the guide from the Documentation and add some additional details to help you.
Go to the Google Maps Platform Credentials page in the Cloud Console.(You should be on the one I circled on the above image)
Click the project drop-down and select the same project you used when you created the API key for the Street View Static API.
Select the APIs drop-down and select Street View Static API.
Scroll down to the Secret Generator card. The Current secret field contains your current URL signing secret.(If there's no current one, Generate Secret button will be the only one you'll see).
The page also features the Sign a URL now widget that allows you to automatically sign a Street View Static API request using your current signing secret. Scroll down to the Sign a URL now card to access it.
To get a new URL signing secret, select Generate/Regenerate Secret. If there's an existing one, the previous secret will expire 24 hours after you've generated a new secret. After the 24 hours have passed, requests containing the old secret no longer work.
Since your question is only about generating digital signature, you'll have to read the Documentation for more details and for the next steps.
Hope this helps.
I couldn't figure this out, but turns out you don't actually need to use a signature to access the API.
As per Google Assistant documentation for Smart Home, the agentUserId used in action.devices.QUERY is defined to 'Reflects the unique (and immutable) user ID on the agent's platform. The string is opaque to Google, so if there's an immutable form vs a mutable form on the agent side, use the immutable form (e.g. an account number rather than email)'
However there can be cases where the same device (with same agent user id) is attached to multiple Google Assistant accounts and in such cases a DISCONNECT request may result is ceasing report state for all accounts. The solution will be to add some unique ID corresponding to the Google Assistant account, however such information is not available in any request.
Has anyone seen similar issue and is my understanding incorrect?
The agentUserId is meant to be the user account on the smart home platform. SHP user '1234' may have a vacuum and two lights, but could be linked to multiple Google accounts.
During the account linking process, you would be expected to give a refresh and access tokens to allow for Google to have authorized control over these devices. If you assign unique access tokens for each Google account that signs in, you'd be able to determine which Google account the request is coming from.
At that point, once the user disconnects, you can use the access token in the request header to associate that with a specific Google account and only disable reporting for that account while not affecting other accounts.
So, yes the solution is to have a unique ID connecting to the account. While this is not passed in the agent ID, there is already a mechanism to make this association through the authorization system.
Alternatively, you could append a key in the agentUserId, ie. '1234-user#gmail.com'. However, this may have unintended impacts in the Home Graph. In a multi-user home, you may end up seeing the devices duplicated because Google doesn't have the right information to deduplicate.
I an developing a chrome extension which doesn't has any sign up or sign in flow, instead depends on authentication of a separate web app. I started integrating mixpanel and tracking user events anonymously, Now i want to identify those anonymous users using "alias" and "identify" api. I have a user_id for identifying users from the web app exposed REST api. Now if i apply a boolean check and make sure i call mixpanel "alias(user_id)" once and call "identify(user_id)" every time user visits a page, I can see a user entry in explore tab of mixpanel but live events tab has a anonymous user with same user_id and its tracked data, I wish to link such anonymous users with appropriate user profiles.
Please help me with this if you have some understanding of mixpanel. I am new at this.
Since I didn't had a sign in or sign up flow, I cannot use
mixpanel.alias
Hence i am now calling
mixpanel.identify
As soon as user installs the plugin, Since "identify" api can be called any number of times for an user, We are able to track all future events as soon as plugin gets installed.
This way by not letting the user generate anonymous events we can handle such situation.
I’m having an issue with Mixpanel identification. I want to be able to track events logged before the user logs in and identify them as such.
Here’s an exemple. Louie opens the webpage and visits the “About” page. Using mixpanel.track('Visit About'), I’m able to log Louie’s anonymous visit. All is fine and dandy.
Louie decides to log in, and a mixpanel.identify(user.id) call identifies him — and subsequent events can be tracked back to Louie. However, the first event (“Visit About”) still shows up with a random, Mixpanel-set distinct ID and hasn’t been associated with Louie.
Is this behaviour expected? What can I do? Cheers
You want alias.
From their Javascript API reference:
Use alias() when a unique ID is first assigned (registration), and use identify() to identify the user with that unique ID on an ongoing basis (e.g., each time a user logs in after registering). Do not call identify() at the same time as alias().
From your description, it sounds like, rather than viewing the "About" page anonymously and then logging in, Louie is viewing the "About" page anonymously and then signing up.
In that case, call alias when Louie signs up, and call identify when he logs in after that. That should associate the random, anonymous Mixpanel ID with Louie's new registered user ID.
Note: using this method will mean that, because Louie triggered an event anonymously and then logged in, Louie's anonymous id for that event will not be linked to his distinct id from logging in. If he had signed up after triggering the anonymous event, you would call alias, and they would be linked. This is a known limitation of Mixpanel, unfortunately. From their documentation:
This is the first time he's accessed your site from this device, so we assign a brand new distinct_id to him. He clicks around and then logs in. You should not call mixpanel.alias() in this situation - we haven't seen him on this device, but he is not a new user. ... Instead of calling mixpanel.alias() you should just call mixpanel.identify(). This will remap his phone activity to the original ID he used when signing up for your service, which is the most desirable outcome. This does mean that regrettably the events he fired before logging in will not be associated with him.
More about aliasing in Mixpanel here.
It took them a while, but here it is...
It's called Mixpanel Identity merge and it should fix the whole problem of connecting the actions an anonymous user did before signing up /logging in
The new system improves the behavior of identify(), alias(), and adds a new event called $merge.
All pre-authentication activity can now be mapped back to a user
The ID merge system makes it possible to link pre and post authenticated event streams under a single identifier. This eliminates “false-uniques”, ensuring the most accurate conversion and drop-off rates in funnels and flows.
Previously, Mixpanel could only map pre-sign up activity back to a user who was later identified. Any activity a user did anonymously before signing in again could not be attributed to that user.
Here is the whole blog post
Alias doesn't work for the scenario when existing user logs in, but I found work around for this.
When a user first logs in, check to see if the distinct_id of the request cookie matches the user id.
If they don't match, create a backend task to backfill the anonymous distinct_Id to the user's distinct_id.
Load the events with JQL, then fire them again using the mixpanel import endpoint.
The downside is that you will have duplicate events in the system since there are no way to delete events from the anonymous distinct_id.
For the imported events, you can add a property to them indicating that they are imported so they can be filtered out if need be.
Is it possible for me to create an application that can send our requests to access to users' Google Calendar so that I can see the events in there and be able to add, edit, and delete events?
I do not want the users to log into my website to enable this access. Rather, I want to be able to send this request, perhaps via email.
Alternatively, perhaps they could log in the web app and authorize access themselves somehow.
One option would be to e-mail the user a link to the OAuth 2.0 consent screen. The users would still need to open the link in a browser, sign in to their Google account (if not already signed in), and click the "Authorize" button to grant your application access to their Google calendar events.
First, you will need to register your application as a Web App in Google's Developer Console (just like for any other application) and obtain a client_id. Be sure to fill in the name of your application and a link to your website in the "OAuth consent screen" section, because these values will be shown to your users when they click the authorization link.
Then, follow these steps:
Send the user an authorization link in an HTML e-mail message. The link should be constructed according to the guidelines in "Redirecting to Google's OAuth 2.0 server", and pay attention to the following aspects:
Ensure that the redirect_uri parameter in the authorization link points to your application.
Since you already know the e-mail address of the user, consider including the login_hint=<email address> parameter to bypass the account selection screen.
Important: provide a value in the state parameter so that you can link this authorization request with the user.
The link should be placed in an <a> tag somewhere in the body of the e-mail: Allow access to my Google calendar
When the user clicks on this link, their browser will open and show the standard Google consent screen:
Once the user has made a choice, their browser will be redirected to the redirect_uri which you have provided.
Make sure that the redirect_uri will work even if the user isn't signed in to your application. Capture the state and authorization_code values which Google appends to the redirect_uri, and then return a confirmation page (e.g. "Thank you for giving us access to your Google calendar" would be a good idea).
Using the state and authorization_code values, follow the rest of the standard OAuth 2.0 flow and retrieve a refresh_token which will allow you to access the user's Google calendar from your application.
Keep in mind that the calendar owner (the user who is clicking the link in the e-mail and granting your application consent to access the calendar) may not even be a user of your application. This is why it is important to provide as much information as possible on the consent screen and in the confirmation page.
Since your confirmation page will be loaded even if the user does not grant your application consent, you could take the opportunity to give the user a full description of why you are asking for access to their calendar and provide a link that will take them back to the consent screen. This should increase your success rate.
Every request your application sends to the Google Calendar API must
include an authorization token. The token also identifies your
application to Google.
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses
Google+ Sign-In, some aspects of authorization are handled for you.
The details of the authorization process, or "flow," for OAuth 2.0
vary somewhat depending on what kind of application you're writing.
For more details on the workflow to gain access click here. Once your app has access, it will be able to view and edit a user's calendar events, depending on the approved permissions.