I currently access Google Sheets using the Node module edit-google-spreadsheet, which takes as one of the authentication options, an email address and a PEM file (converted/encrypted P12 file?), which doesn't require input from the user (typical OAuth flow).
I'd like to do the same in Ruby, but I can't find a way to do it. This is a service account accessing a configuration document, it's not applicable to have a user going through an OAuth flow.
Can anyone give me some guidance here?
Thanks!
Related
Is there a way to automatically authenticate the google javascript api client, without user interaction?
Something like this:
User loads webpage -> webpage automatically signs in into a predefined user account -> api calls get executed
Basically i want to prevent the popup where you have to select an account and sign in to it. As the account which will be signed in is always the same.
EDIT:
pinoyyid answer looks promising and is what im looking for. But this only works if the user has signed in with an account at least once, if im not mistaken.
Now i dont want to use an account supplied by the user, but a predefined account which i am the owner of and sign this account in.
Im not entirely sure if this is even possible, as i have to provide the password/some authentication code to google and somehow do this in a secure way.
Use Case: The website will create a Youtube Broadcast via the Youtube Data/Livestream API for the specified account.
Yes you can do that. Referring to https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
there are three pieces of information that will get you where you want to be:-
The OAuth URL can include a login_hint which is the email of your intended user
The OAuth URL can also include prompt=none which will do its work silently
This all needs to run in an iframe because this is based on origins and redirects.
==EDIT==
If the requirement is for a browser client to connect to a Google Account other than that of the browser user, then this is not possible. It's kinda obvious really that to do so would require a credential in the browser which by definition is not a secure environment.
The approach I would take would be to use a service such as Lambda or Google Cloud Functions (or whatever marketing name they have this week) to create a proxy for the corresponding Google API using a credential stored server-side.
The main use case is using IPython as CLI to my own Google accounts. What I am really after is minmizing the fussing around between starting the IPython shell and actually issuing usefull calls against the API.
The docs for authenticating with Google APIs focus on setting up application which other user will use to access their data.
This leads to a lengthy Oauth dance involving a browser in order to allow other users to authenticate without compromising their credential.
However, I do not mind sharing my private credentials with myself. I am not planning on sharing the code. If I did share the code I would use something like dotenv to separate the credentials from the code.
Twitter provides developers a second set of credentials
that allows developers to access their own accounts for testing.
Thus it is possible to access ones own account programmatically
by just providing to sets of credentials: the developer credentials that allow the calls to the API and the other credentials that grant access to the developers own data. For example:
from twitter import *
t = Twitter(
auth=OAuth(token, token_key, con_secret, con_secret_key))
# Get your "home" timeline
t.statuses.home_timeline()
# Update your status
t.statuses.update(
status="Tweeting from Python")
Where con_secret* are the developer credentials and
and token* are the account access credentials.
How can I do something equally simple with Google APIs?
Where can I get credentials to access my own account?
How would I use them in Google API?
As an example what would be the simplest procedure for retrieving the contents from one of my own Youtube playlists?
I have com to think that a Python headless browser library could be give me what I need. I have asked a related question on SE Software Recommendations
https://softwarerecs.stackexchange.com/questions/35744/python-headless-browser-library-for-oauth2-authentication-from-ipython-console
I would like to download a set of credentials
Google offers this ability through it's client_secrets.json file. There are different ways to download this, depending on the type of account you want to use (Web application, installed application, Service account). The different techniques can be found here .
Store the credentials locally and keep using them without requiring
new credentials every call
This also isn't a problem, the client secret is valid until you renew it - AFAIK there is no automatic expiry unless you specify otherwise.
Once you have downloaded your client_secrets.json, store the file in a non-public directory (normally inside your project directory/config).
Similar to the downloading of the file, there are different techniques (flow classes) to use the JSON file depending on what type of account you are using. As an example, the below would be used for installed and web applications;
from oauth2client.client import OAuth2WebServerFlow
...
flow = OAuth2WebServerFlow(client_id='your_client_id',
client_secret='your_client_secret',
scope='scope URL here',
redirect_uri='http://example.com/auth_return')
Other flow class examples can be found here
Hope this helps - If you need further information, the official documentation (which be warned, can be incredibly inaccurate and confusing) can be found here https://developers.google.com/api-client-library/python/guide/aaa_oauth
I want to supply my users a Dropbox access token trough my Parse server.
For the one who don't know, Dropbox access token is a string that supplies direct access to a dropbox account files, it should be secret, because if anyone finds it he can delete all the files.
My server should store many access tokens and it should supply the user the correct token, but the problem is that because the anonymous log in i'm afraid that if someone will know the parse server key, he could get all the secret dropbox access tokens.
In first place i supply the access tokens in server for security reasons and not put it hard coded to protect it.
But what's the difference if i put the parse key hard coded?
Is there a way to handle this?
thanks.
Yes you are correct. If somebody knows your ApiKey he can query your parse server without any problem unless you use ACL
ACL is access control list which allows you to decide (on the application level) which users/roles can read or write to one or more parse objects or parse users. In runtime Parse will check if the logged in user has an access to read or write the object and only if it will have an access it will return the results to the client.
So i suggest you to protect your users/tokens with ACL's if you like to protect only the access tokens then i suggest you to create a separate class that will store the user access token and in this class you need to create an ACL for the relevant user only.
You can read more about ACL's in here:
iOS SDK
Android SDK
JavaScript SDK
you may help me here.
I want to write a script using Ruby, which sends emails on behalf of a user who gives permission to send emails to his contacts using gmail restful api (link to view). So I found Gmail API Client Library for Ruby, and I am getting stuck while trying to use it.
Now my question is which would is the best way to make a script using the gmail API, which will ask the user permission to send email on his behalf and save the access token, then fetch all his contact email addresses and any other permitted info in json preferably and finally setup the system to save a given email content file on his behalf to a selected friend/friends.How will I authenticate the users accounts from the terminal? will it be Simple API access (API keys) or Authorized API access (OAuth 2.0)?? whats the difference by the way?
Please advise the best tools, and other resources.
Use Oauth2 as it says in the API docs:
https://developers.google.com/gmail/api/auth/about-auth
If you have more specific questions, please write them. As it is now your question seems a bit general.
See: https://developers.google.com/accounts/docs/OAuth2#installed for examples on how to do Oauth2 authentication from different environments.
Is it possible to read or set the recovery email address in Gmail programmatically?
For example via OAuth.
I need to do this for a web app in Ruby on Rails.
Yes, you can do it via web page requests, using a gem e.g. mechanize or system tool e.g. curl.
https://support.google.com/mail/bin/answer.py?hl=en&answer=6566
As far as I know, there's no API way to change it for a normal gmail user.
Google Apps users may have additional capabilities, and so do Google Apps admins, and if you're able to use these then read about admins and provisioning here:
https://developers.google.com/google-apps/email-settings/?hl=en
Retrieving the domain administrator's secondary email address is possible via HTTP:
http://code.google.com/apis/apps/admin_settings/docs/1.0/admin_settings_developers_guide_protocol.html#RetrievingAdminSecondEmail
So is changing the domain administrator's secondary email address; see the same link above.