My teacher has given me as an assignment to log into gmail and then send one e-mail or read the list of unread e-mails, but I can't use IMAP/POP3/SMTP or anything that isn't HTTP or HTTPS. I've tried looking for libraries in Ruby/Java to do it but nothing really worked for me.
I tried looking at the gmail source code page but I couldn't really understand what was going on. The page seems to call a post method on a link, but sniffing the packets what I saw was a GET apparently using a session generated using the info I send. So sending it "raw" didn't work either.
I've no idea what to do now.
After you authenticate with OAuth, you can get unread emails via an atom feed.
URL to hit: https://mail.google.com/mail/feed/atom/[<label>]
You can toy around with this at the Google oauth playground. Get an access token by continually clicking buttons and authenticating, and then hit discover feeds.
If you want a Java OAuth library, signpost is really good. You'll need to read the google documentation on its open authentication scheme. Specifically, you need to pass a scope query parameter when you attempt to authenticate. This is nonstandard, and it will trick you up if you're not looking for it.
If you're confused about OAuth or why its necessary, you may want to check out this resource.
Check out httplib2—it has (among other things) Google Account Authentication.
Related
We are using BotFramework Composer to create bots. These bots are supposed to get information from a backend REST service, where we need to know, which user is submitting the request for data. We are currently using {turn.activity.from.id} to get the Teams user's id, and sending it in a special http header in the "Send an HTTP request" action. We then perform a mapping of this id to our internal users.
We are, of course, aware, that this is not secure at all, since anyone who knows this, could get the user's id and send it to our service. We are currently thinking along the lines of generating a short-lived jwt token in the Bot to send to our application. However, we see no direct way of implementing this token generation in the Bot Framework Composer itself.
Also, we don't want to use OAuth, because we don't want the user to have to log in via the bot.
Is there a way to implement custom token generation using C# or js and assigning it to a dialog variable to be used in a "Send an HTTP request" action?
This document discusses how to implement an HTTP request in Composer. The first half is focused on creating a login for OAuth, which I know is not your focus, so look at the second half. If you set up a simple server that can generate a token for you, then you can make a request to it from Composer using the method described.
As links can break and docs can change (and Composer is still in Preview), I would recommend saving the doc somewhere and checking back every so often for any updates.
I've used HTTP requests from within Composer, myself, so I know this will work for you.
Hope of help!
You can create a custom Action or a package component and create any c# methods there for JWT generation. This will keep it all local to the bot.
https://learn.microsoft.com/en-us/composer/how-to-create-custom-actions
My site is using Google reCAPTCHA control but I am hearing its being block in
China, Is there anyway around this I see there is some people reporting that changing the API to https://www.recaptcha.net works in China?
Anyone try this because I see it still going out to google?
string apiUrl = "https://www.recaptcha.net/recaptcha/api/siteverify?secret={0}&response={1}";
As google says in his assistance page, you should use this domain "www.recaptcha.net" instead "www.google.com" on the api call.
First, replace src="https://www.google.com/recaptcha/api.js" with
src="https://www.recaptcha.net/recaptcha/api.js"
After that, apply the same to everywhere else that uses "www.google.com/recaptcha/" on your site.
Obtained from: https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-globally
Edit: to clarify on some of the comments, while if you try it outside of china yes you do get references to gstatic.com but if you try this in china, any references to gstatic.com are replaced with gstatic.cn (don't forget to add it to your SCP). So this solution is still valid.
IMHO, google things are not stable in China as it can be blocked anytime.
From Baidu threads, it also mentioned that sometime google recaptcha works, sometime it doesn't.
https://www.v2ex.com/t/492752 (Chinese)
In programming world ,unstable function means useless or more code for dealing with exception.
If you really need to use google recaptcha,
you would better test properly using VPN (IP in China) first.
Here are some options you can consider,
You can use alternative captcha
Google will tell you various captcha.
Build your own captcha
Open Source Invisible reCAPTCHA alternatives
Use proxy web server(nginx) to send and receive data to or from google recaptcha
I have shared the solution to this problem by using cURL.
https://stackoverflow.com/a/63568516/11910869
cURL acts as a middle man between the client and the server. So even if google.com/recaptcha can not be accessed by the client because it is blocked by the service provider, cURL can act as the proxy to send the HTTP requests and get the response.
I am a beginner trying out api for fun.
The problem is, lets say, I want to write a simple windows program with golang to let my friends read and edit one of the sheets saved on my google drive. How can I do this without having them download a credential file?
What I want it to do is simply redirect them to the Oauth Page right away, and if their email address is one recognized by the app it will grant them access to that google sheet.
What i think you need is to integrate your go app with Oauth protocol.
More specifically, with the Google provider.
This is mainly 3 steps:
add the oauth client to your application
something like this: https://github.com/golang/oauth2
See their docs on how to do it.
go to google dev documentation and see how to integrate google auth flow into the client: https://developers.google.com/identity/protocols/OAuth2
I'm not sure if google has something more specific for google drive integration and/or go-lang client in particular. Please do some searching.
make the glue code on your go app so that the user can interact with this (the login button (or command, if it is terminal based), error messages, logout, etc)
More questions will appear when you start to do this, however it is a great example to learn Oauth as well.
General guidelines:
https all the queries or oauth is basically useless
oatuh has many auth-flows and you must choose which one(s) you support. use whatever google documentation recommends for m2m scenario (machine 2 machine)
log errors so that your friends can send you a log file for you to debug issues
maybe set some feature flag so that you can simply disable this feature to run/test localhost ? maybe useful? you decide.
All I want to do, with PHP and google-api-php-client, is create a new playlist and add it to my YouTube Channel server to server. All guides seem to require me manually clicking a link generated to authorize a token. What?!? With an API key shouldn't I just be able to do server to server changes/uploads/edits without any need of human interaction?
I enabled the API, created API Keys and OAuth ID/Secrets, but still can't figure out how to do it.
Any guide would be appreciated. Server to Server, with PHP, without me needing to open the file in a browser to allow access to account.
Thanks
Tried this: https://developers.google.com/youtube/v3/code_samples/php for adding a playlist and can't get it to work, even after clicking the link and allowing access to account.
You want to start learning something called OAuth. Don't worry, it's only sounds scary. I'll try and ease it a bit for you. But before I begin, no amount of loitering around avoiding that OAuth thing is going to get you anywhere. Good news is: it's not that twisted.
Imagine you were YouTube. An application, say a web application someone wrote that you didn't know about were to come to you making an HTTP request on you.
The request were to say, "Hey, YouTube chum! Can you add this bunch of erotica to John's playlist and just make it all public for everyone to see?"
What would be your response?
If I were YouTube, mine would be --
"Yeah! fook you, dude! Go ask John first! Then, show me some proof that you did."
"And wait a second, before you leave, I forgot to ask, who the fook are you, in fact? You got something to show me for who you are?" I, the YouTube, would add.
You see the problem? For YouTube, there are really two parties involved in this transaction:
The application that's making the sleazy request; and
Poor John, who probably knows nothing of all this even when he should.
Otherwise, what's to stop any application asking YouTube (or Facebook or Google or Github or any place else) for John's data?
So, as far as YouTube is concerned, it needs a way for the application to authenticate itself with YouTube (thus the Application Id and Client Secret or App Secret you created on the Google Developer Console), and it needs John's permission to let the said application do what it is asking you (YouTube) to do (thus the need for John to interact with a UI).
Enter OAuth.
OAuth is a document of rules that allows this co-operative transaction. But for it to work, all the three, YouTube, the web application, and John, must first conspire together.
There are three parties in OAuth:
The OAuth server -- that has John's data. In this example, it was YouTube.
The third-party application that wants to do something with John's data that's kept on the OAuth server, i.e. YouTube.
Poor John, a user on the OAuth server (YouTube), and also wanting to use the third-party Web application that wants YouTube to do something with John's data.
Now, there's a whole lot to learn about OAuth before you write a single line of code, and I can't write it all here but here's a YouTube playlist that starts by explaining the very basics of OAuth and then provides demos in (sorry, no PHP) C# and also in JavaScript.
Once you understand the OAuth transaction mechanism and see some code, then re-visit the YouTube API documentation page you linked to and it'll start to make an enormous amount of sense. It'll click and you won't need to look any place for help writing that example. It'll just come out of you like poop. :-)
Is there a way to access a Gmail Mailbox using the google-api? I'm trying to do this from command line using Java FWIW.
I already have code in place that achieves this via IMAP so that is not what I'm looking for.
You can access GMAIL IMAPS and SMTP using XOAUTH authentication, see here :
https://developers.google.com/gmail/xoauth2_protocol
It is not really the google-api-java-client, it is plain IMAP/SMTP but authentication is OAUTH2.
After going through the Google API once again and considering this question did not get an answer in the past 6 days, I guess it is safe to say there is no other way aside from IMAP/S.
NOTE:
This question was initiated because I was told by numerous people that a certain Google API was available and preferable for this purpose. It seems they were all informed by the same person who was not able to show me his source of information and agreed that according to the documentation IMAP indeed is the only API available as of now.