Is there a way to limit the 3rd party applications that can authenticate to a Yammer network? Currently it looks like there are only 2 options, either we restrict any 3rd party applications from authenticating, or we can allow all. Would it be possible for a verified admin to create the application with their own account, and would this not count as a 3rd party application, but rather an internal application?
Thanks!
Disabling 3rd party applications is an "all or nothing" setting. Once this setting is made, all 3rd party applications will be disabled and tokens will no longer be valid between 3rd party apps and Yammer. An alternative in this situation would be for admins to manually send the Data Export to the 3rd party app instead.
Related
Does google API allow us to get 'List of user 3rd party apps authenticated through Google' ?
I can't find any references in documentation. But, it seems like it should be in API
https://support.google.com/a/answer/6294828?hl=en#zippy=%2Cautoprovisioning-status
If I understand correctly what you need is to get the list of all the third party apps that your users have logged into using their Google accounts using the Google APIs. If so, what you can use is the tokens.list method, that way your will retrieve all the tokens a user has issued to 3rd party applications.
You can use the displayText and clientId values you get in the response to identify the app, and check the scopes to see the permissions of the app.
My objective is to verify a 3rd party app (that uses google for auth/sign-up/sign-in) is connected to a google account, by calling a google API from my google app. Is this possible with the current google APIs? I haven't been able to find any documentation on this which leads me to believe it is not possible, likely for privacy/security reasons.
The best I've come across is a call to: https://www.googleapis.com/oauth2/v1/userinfo?alt=json which doesn't seem to return anything about connected accounts. And https://developers.google.com/admin-sdk/directory/reference/rest/v1/users which is for users in an enterprise domain which doesn't help me as my app is for consumer users.
There is no way for you to know what apps a user is using on their account. Even if its your own app there is no way of knowing. Unless the user has authorized you and you have an access token then you will know they have verified your own app.
Having an api which would tell us what apps a user has authorized IMO would be a bad idea.
I want to get all the sign up & sign in with Google events of my Google Workspace users using API.
I can see the Tokens activity from my Google Workspace admin account, under the audit log (https://admin.google.com/u/5/ac/reporting/audit/token), but it's limited to first sign ups, and doesn't show any of the following sign in events of my users.
Is there any way to see all the events related to third parties sign ins / sign ups of my users? is there any place that lists the summary of all of the third parties linked to users in my organization?
As far as a summary, you can retrieve a list of applications authorized by your users using the Directory API tokens.list method.
Unfortunately when it comes to OIDC sign in events, there currently is no way to see when users are logging into a 3rd party application. You will see activity events for tools accessing Google APIs, but not for login.
I guess you could use tokens.delete to revoke access, making the users re-authorize to log in again (which will be logged). But that's a rather heavy handed approach.
I think I've found what you're after:
https://developers.google.com/admin-sdk/reports/v1/guides/manage-audit-tokens
You can use this api call to retrieve all authorization events for third party applications.
The general format of such requests is below (parameters are surrounded by a double asterix)
GET https://www.googleapis.com/admin/reports/v1/activity/users/all
/applications/token?endTime=**end date**&startTime=**start date**
&maxResults=**maximum number of events returned on a response page**
Hopefully this gets you the info you want. I don't have access to a google admin account myself so I can't test this api call.
I am creating a training environment for a 3rd party app linked to slack. In the training, I want users to link a 3rd party app (not my app) to a slack account. I do control the user accounts in slack, and I am the workspace owner in slack.
When the training is done, I want to clean up the accounts by revoking the 3rd party authorization for all accounts in slack. I'd like to script this, and use the API to revoke the authorization. However, all of the endpoints that I look at seem to require that it be done by the 3rd party app itself (or at least to have secrets that I don't have).
Is there a way for me to do this through the Slack API?
I am providing my Google Apps Domain users content via Google Sites.
Furthermore I have 3rd party content which I would like to integrate. This content needs to be secure and available only to the Google Apps Domain users.
I have implemented openid which authenticates that the users are from my domain. I consider the users to be "stupid" so I wish to avoid any access request pages, which also makes my site look rather unprofessional / unpolished.
I can see the security setting under my personal account here:
https://www.google.com/settings/security
Is there anything in the SDK which will allow me upon user creation to add the necessary account permissions?
Hypothetically if you can host your 3rd party content on Google app Engine (GAE) and all your users reside in your Google Apps Domain it is possible to set Authentication Type to "Google apps Domain" More about GAE authentication can be found here
Do not forget to deploy GAE under same Google apps Domain account
Authorization protocols like OpenID and OAuth have been deliberately designed to require explicit user confirmation of access privileges. Any mechanism that bypassed user intervention would effectively be a security exploit. I'd recommend you save yourself time and frustration by accepting that you're not going to get around that interstitial authorization page.
For better or worse, scope authorization pages have become a well-established part of the modern web application landscape. Users these days routinely confirm authorization dialogs for Facebook, Google+, LinkedIn, and Twitter access without batting an eyelash. Your less savvy users may not recognize it as such, but using existing security mechanisms is a sign of greater professionalism than rolling your own.