In order to get started with google drive in java I have to
Enable the API in my google drive
create new project there and download client secrets.json file
Use that file in my project folder and do stuff
But applications like WhatsApp are able to upload chatbackups to google drive directly without asking the user to do any of the above steps.
in my application I request the user his/her email address and I have to work with that to access that persons google drive.
How do I go about doing this?
What makes you think that applications like Whatsapp havent done that? The only way to use Google apis its to register your application in Google so that google knows which applications are accessing their api and can shut you down if you start spamming them. So Whatsapp if they can write to google drive have a google client.
You cant use client login anymore with google apis it was shut down in 2015 so requesting email and password from your users isnt going to work. You need to authorize them with Oauth2.
anwser
the project in Google developer console identitfies your application to google you cant use google apis without it.
client secrets is used for hybrid authorization method with Oauth2. The only method that doesnt use a client secret is implisit login which is for client side languages like javascript. you cant avoid that.
Use that file in my project folder and do stuff you dont use that file in your project to do stuff. You use that file in your project to request access of users and identity your application to google.
Your users authorize your application to access their google drive account using Oauth2 you will only be allowed to use it within the (Scopes) of authorization that you have requested of your users. If they dont grant you write access you cant write to their account.
Applications like WhatsApp request permission to the user to access their Google Drive. You can't access the user's Drive without asking their permission.
The secrets.json file is intended to use only in your own application [1].
From the web, the only way to obtain user's permission to access their drive is implementing the Google Sign-in in JavaScript [2], this will prompt the consent screen requesting to the user permission to access their Drive (You could set only-read scopes). For mobiles, you can also implement the Google Sign-in [3].
[1] https://developers.google.com/api-client-library/dotnet/get_started#auth
[2] https://developers.google.com/identity/sign-in/web/sign-in
[3] https://developers.google.com/identity/choose-auth
Related
I am going to write a java backend application that once a day should download data using google ads api.
I did something similar for google search console and I was using a service account in order to authenticate. I would like to use the same mechanism but I don't know how to link the service account to the google ads account.
I found this link but I don't have clear how to:
Request the domain administrator to delegate domain-wide authority to
your service account.
Can someone explain (it would be great with some code example) how to authenticate and use google ads api from a backend java application? Which is the easiest authentication mechanism to setup?
Thanks a lot
I'm using angular, google app engine and JAVA on the backend server.
User can authenticate without problem with an opendId connect URL where code is passed back to my server to authenticate.
Now what I wan't to do is send mail to user (refresh password, confirm account mail) and to myself (server error message) with my account myaccount#gmail.com.
Also I have sheets I need user to write and read datas to/from. Magically I've made it worked as an installed offline app (only 1 api at a time, I never made the two worked together).
I've tried service account but from a last post somebody explained me that in order to make gmail work I needed a g suite account which I don't have and suggest me to go through oAuth2 authentification. Now the question is how can I implement that in java with a single authentification, I explain, I wan't to authorize app to have access to certain scopes but it should be only be authorized once because I don't want user to have a consent screen popup and even if they had they couldn't authenticate as it is on the behalf of my personnal account. I don't think I can use installed app for a google app engine app but maybe I'm wrong.
just to let you know I have tried lot's of different manners and spent about 3/4 days trying to find a solution without clearly understanding/finding what to do.
Any help is greatly appreciated please let me know if you need more explanations or code.
I think you are missing a few key concepts here.
DATA
There are two types of data private user data and public data. Private user data is owned by a user and there for you must have permission or concent to access it. Public data is data that is owned by anyone.
Oauth2
Oauth2 is the protocol we use to request connect from a user for our applications to access their data. A user can grant you access to their gmail account and their google drive account granting you access to the sheets on their account.
Service accounts
Service accounts are preapproved dummy users. As a developers we can create service accounts and grant them access directly to our drive account then the service account will then be able to access to the data without being requiring consent as it already has pre approved access. (not all google apis support service accounts. gmail (with the exception of gsuite) and YouTube are two that dont)
What you are trying to do
However i do not understand why you want to use the users gmail account to send them an email. If you want to send them an email i would think you would be using your own email system.
If what you are trying to do is use your gmail account to send users of your application emails from YOU. Then you should consider going directly though the SMTP server to your own account. Having an application that uses the gmail api is one of the scopes that will be flagged by google when you try to get your application approved. You are going to be going though a lot of red tape with them to show why you need access to a users gmail account.
(Google Developers)Does Deleting google account provide callback to the all the apps to which we login via google account?
If we are deleting a google account, does google sends the callback to all the app which are linked to it for instance any thirdparty sign, which we do with the help of google account like cleartrip, oracle login or makemy trip etc.
No it does not work that way. The login process for an app is one way, meaning that the app will send login information to Google and Google will either provide a valid user or not.
I wanted to access the files stored by the admin in google drive in my app engine app.
Currently I am able to access the contents in "Application Data" which is hidden and difficult to manage.
I wanted to access the files stored in admin's google drive . (which is visible and can be managed through UI https://drive.google.com/#my-drive).
(In Java)
Either run the oauth flow to get the admin refresh token, or share the admin folder you want with the special user that appengine has.
I want to know if he given user is admin of google apps domain or not. getting a list of domain admins will also do.
userService.isUserAdmin() gives user admin of google app engine which I don't want.I want to check if user is admin of google Apps domain.
I found that we can use read only access to provisioning api for this,but I could not get any detailed tutorial or code.I also need the authentication for read only access using oAuth 2 only.
Read-only Provisioning API access is only available to Google Apps Marketplace applications using two-legged OAuth 1.0. If you're not developing a Marketplace App, you'll need to get the full read-write users scope.
A java example is available at:
https://developers.google.com/google-apps/provisioning/#retrieving_user_accounts