I want to know if he given user is admin of google apps domain or not. getting a list of domain admins will also do.
userService.isUserAdmin() gives user admin of google app engine which I don't want.I want to check if user is admin of google Apps domain.
I found that we can use read only access to provisioning api for this,but I could not get any detailed tutorial or code.I also need the authentication for read only access using oAuth 2 only.
Read-only Provisioning API access is only available to Google Apps Marketplace applications using two-legged OAuth 1.0. If you're not developing a Marketplace App, you'll need to get the full read-write users scope.
A java example is available at:
https://developers.google.com/google-apps/provisioning/#retrieving_user_accounts
Related
I am going to write a java backend application that once a day should download data using google ads api.
I did something similar for google search console and I was using a service account in order to authenticate. I would like to use the same mechanism but I don't know how to link the service account to the google ads account.
I found this link but I don't have clear how to:
Request the domain administrator to delegate domain-wide authority to
your service account.
Can someone explain (it would be great with some code example) how to authenticate and use google ads api from a backend java application? Which is the easiest authentication mechanism to setup?
Thanks a lot
In order to get started with google drive in java I have to
Enable the API in my google drive
create new project there and download client secrets.json file
Use that file in my project folder and do stuff
But applications like WhatsApp are able to upload chatbackups to google drive directly without asking the user to do any of the above steps.
in my application I request the user his/her email address and I have to work with that to access that persons google drive.
How do I go about doing this?
What makes you think that applications like Whatsapp havent done that? The only way to use Google apis its to register your application in Google so that google knows which applications are accessing their api and can shut you down if you start spamming them. So Whatsapp if they can write to google drive have a google client.
You cant use client login anymore with google apis it was shut down in 2015 so requesting email and password from your users isnt going to work. You need to authorize them with Oauth2.
anwser
the project in Google developer console identitfies your application to google you cant use google apis without it.
client secrets is used for hybrid authorization method with Oauth2. The only method that doesnt use a client secret is implisit login which is for client side languages like javascript. you cant avoid that.
Use that file in my project folder and do stuff you dont use that file in your project to do stuff. You use that file in your project to request access of users and identity your application to google.
Your users authorize your application to access their google drive account using Oauth2 you will only be allowed to use it within the (Scopes) of authorization that you have requested of your users. If they dont grant you write access you cant write to their account.
Applications like WhatsApp request permission to the user to access their Google Drive. You can't access the user's Drive without asking their permission.
The secrets.json file is intended to use only in your own application [1].
From the web, the only way to obtain user's permission to access their drive is implementing the Google Sign-in in JavaScript [2], this will prompt the consent screen requesting to the user permission to access their Drive (You could set only-read scopes). For mobiles, you can also implement the Google Sign-in [3].
[1] https://developers.google.com/api-client-library/dotnet/get_started#auth
[2] https://developers.google.com/identity/sign-in/web/sign-in
[3] https://developers.google.com/identity/choose-auth
I have created a simple application in Java which Connects to my Office 365 Account and retrieve the unread messages. I am performing some text matching and pattern matching to generate some reports which I receive via Email.
I am using the below url with basic Authentication to do so.
https://outlook.office365.com/api/v1.0/me/messages?$filter=IsRead%20eq%20false
However, I have read a couple of articles and most of them have suggested that Basic Authentication will not be supported and suggested to use OAUTH2.0.
I am not sure how to use OAUTH2.0. A couple of articles mention about registering the Application with AAD for which i need to have access to Azure Management Portal which i do not have. Please can any one guide me how this can be done.
PS: I am using my Corporate Domain Account to access Office
You are correct that Basic will not continue to be supported. You do not need the Azure management portal to register an application, you can use the App Dev portal (apps.dev.microsoft.com) to get a client ID and secret.
Here's a walkthrough for creating a Java web app from scratch: https://dev.outlook.com/restapi/tutorial/java. It shows how to register the app and do the authentication.
Background
I believe the recommended way to access Google services from Android is to use the Google APIs Client Library for Java (for some services play services is recommeneded too).
If you want to access your user's account, you use oauth2 to authenticate the user, but things seem less clear if you want to access your own services (eg. I want to access Google Cloud Storage belonging to my app engine project).
The problem with service accounts
What I see a lot of here is using service accounts, and I've used them server-side and found them to be a comparatively simple solution, but this requires you to deploy your private key so I don't think this could be right for public Android apps.
The solution: Public API access
If you go to the 'credentials' page of the cloud console:
https://console.developers.google.com/project/[your_project]/apiui/credential
it seems pretty clear that they expect you to use a 'public API access key' for the situation I'm describing. It appears that this is not OAUTH based.
I assume that I will still use the type 'GoogleCredential' for this, but in the documentation for the credential builder I don't see how to do this. The set client functions appear to relate to the oauth2 access (which uses client ID/secret).
The Question
How do I use the 'public API access' key to access Google services from an Android app.
Or, if I'm wrong about service accounts - and they really are the recommended solution, then please show me some evidence of this because it certainly apppears to me that they are not the right solution for publicly distributed apps.
The good news is that it's very much easier. You can either use a Service Account (ie. a brand new account dedicated to your app) or a regular account.
For a service account you embed the key in your app, for a regular account you embed a refresh token in your app. In both cases, be aware of the security risk and use the minimal scope necessary.
You can get a refresh token without writing any code by following the steps in How do I authorise an app (web or installed) without user intervention? (canonical ?)
I have a Java web application that uses Google OAuth for authentication (with this API : http://goo.gl/6wWyT3) and it works fine. However, I need a way to allow only users from a certain Google Apps for Education domain e.g mike#wdu.edu.ng to be able to gain access to the app using Google's OAuth. How do I go about this ??
send users off to Google with a parameter hd=<domain.com> in the authorization request (by modifying buildLoginUrl) to skip the account chooser screen and upon return, check that the claims returned from Google contain the hd claim with a value <domain.com> in getUserInfoJson to enforce the access requirement