I am trying to view API logs for the Directory API within Google Admin. I see that I can look at Oauth logs and such, but I am interested in looking at general logs for the Directory API. Is this possible?
Related
I'm trying to build a plugin for a WordPress App, that uploads file to the users Google Drive space. I don't want the end user to create the Cloud Console Project. but rather just have him give consent so the plugin can access the needed data from his Google Drive account.
When I create OAuth 2.0 Client IDs in the Google Cloud Console (Web Application), Google asks for Authorized JavaScript origins and Authorized redirect URIs. Since the plugin will be portable and can be installed on different websites I can't define this.
How can this be solved that an OAuth2 Authentication by the user can be done, without knowing the URL where the app is running?
Thanks
You cant. Redirect uri must be configured properly, to point webserver the code authorization is running on.
You will need to instruct your users in how to create their own client.
Also as this is a WordPress application, you would need to share your client id and secret with the users. This is also against googles TOS.
possible workaround.
If you put up an authorization server on your own server. The users of your app could then login though that. A refresh token will be returned to their website running your app and stored locally. Your code could then run using the refresh token to access their data.
However you are then going to be responsible for verifying an app with google drive scopes.
The Current Situation
My Squarespace website uses client-side, custom JavaScript and JQuery injected into the Head section of a page as well as the Amazon Web Services Command Line Interface SDK. The custom JS, the JQuery and JS Libraries, and the SDK are loaded into the page Head each time the page is loaded.
That Is Objectionable
The SDK uses two predetermined, static, handshake credentials to connect to the AWS server. They are stored in a file, "credentials," in a hidden directory, .aws, created by the SDK when it first loads. At that point, however, they have no values.
The Situation Exposes Supposedly Secret AWS Login Credentials To A Potential Hack
Currently, it is necessary to set their values programmatically when the page loads by executing a CLI "updateConfig" command in the custom JS. The credential values are thus in a plain-text config file client-side.
As such, they are not so secret. Any site visitor who loads the page in his browser could use the browser's developer tools to view the source code and, potentially, discover the supposedly secret credentials thus compromising the security of the AWS account.
One Ought Not Put The Secret Credentials In Client-side JS
For that reason, AWS rather forcefully insists that one not put the credentials in client-side source code. The preferred method is to instantiate the SDK on the server-side and set the credentials one time only. Thereafter, the hidden .aws directory and the credentials file persist server-side at the root level of the website's Home Directory.
The Problem
So the problem is to load the SDK in the server-side Home Directory where it will persist over the site's lifetime.
The Question
The question is on a Squarespace website can one load the SDK server-side at the root level on the site's Home Directory. Can it be done in Developer Mode? How?
Unfortunately, Squarespace doesn't support the use of server-side/back-end code:
You can't add server-side code. Server-side code is handled by a server, not by a browser, and includes:
- PHP
- Ruby
- Ruby on Rails
- SQL
That would also include server-side JavaScript/Node. Because Squarespace only supports the front-end addition of HTML, CSS and Javascript within Code Injection, Code Blocks, and Developer Mode, you need to use front-end JavaScript in order to utilize third-party APIs (which is what you're doing currently).
Enabling Developer Mode only exposes template files for the site. Beyond the JSON-T templating engine, Developer Mode doesn't enable any sort of server-side logic or requests to take place. Therefore, it seems the answer to your question is no.
A potential alternative solution may be to use Google Apps Script or Google Cloud Functions instead, storing the credentials in the code there, and making a front-end request (via JavaScript on your website) to that endpoint in order to perform the handshake and get back the data you need.
I am doing a simple front-end project where I (or a user) make an API call to the openweathermap api, fetch weather info and display it on a website.
Simple HTML, CSS and vanilla JS
So I want to keep the repo public & host the site with GitHub Pages... but my js file contains the API key which is required at runtime.
Extra Info:
(all this I found when I searched)
I know there is a way to keep an API key in a GitHub secret, then reference it in a yml file as an environmental variable in GitHub Actions.
But how can I put that secret in js code at runtime for any user who access my website?
Please note that what you're attempting to do is not secure. Even if there was a way to get GH Pages to inject the secret API key into the js file at the time of the request, every web client would then have a copy of that js file with the cleartext key embedded.
You will need some sort of minimal backend which stores the API key securely and relays calls from your static web page to the openweathermap API.
There are many ways to set up such a backend. The older question linked in the comments discusses some approaches. Note that nowadays, you could use a serverless FaaS service such as AWS Lambda or Azure Functions.
This is a perfectly valid question by the way and you're certainly not "too dumb". Good luck!
I am pretty new to GCP, and are working on a project requiring the DialogFlow API.
The purpose of the project is to get an IVR system to connect to the bot and let users interact with it trough their phone.
I have built a test bot that works fine when I test it in the DialogFlow console, or trough Google Assistant.
However, when I try to access the bot trough the telephony system it fails.
Looking at the API Metrics, I can see which methods that fail, however, I am not sure where to find some detailed information about this. I have a screenshot of the methods that fail below:
I have tried to look at the Logs, but nothing shows. I have also tried to enable Audit Logging for the DialogFlow API, but nothing shows.
I am not sure where to look for the error message, so if anyone knows where this can be found, I would be grateful.
EDIT:
Based on the answer from Jones, I want to clearify:
I have enabled Audit Logging, and have used the filter he specified, however it shows nothing. I have also made sure that I have the right permissions to view logs.
If I look under "Audited Resource" instead of "Global", I get some logs, but not the ones I am looking for. Picture below:
Ideally, I would like logs that point to why
google.cloud.dialogflow.v2beta1.ConversationProfiles.ListConversationProfiles
and
google.cloud.dialogflow.v2beta1.Conversations.CreateConversation
Fails.
If you have enabled Audit Logging, you can find the logs in Stackdriver using this filter:
resource.type="global"
logName="projects/YOUR_PROJECT/logs/dialogflow_agent"
You can also just click on Open logs under the Log interaction to Google Cloud button on your Dialogflow agent's setting page.
I am on Google Apps unlimited license, and I am trying to obtain the download log of both domain user and external user via Google API. I have tried the Activities List API of Admin SDK to obtain the activities logs but according to the following man page
https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/drive-event-names
the download event properties is not included in the API result. However, is there any API that allow me get the download log?
Or if there are any other ways, such as using 3rd party Google Drive Addon, any suggestions are appreciated.
Thank you
It does not appear that there is an audited activity for downloads: https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/drive-event-names