(I have done a search through the questions to see if I could find something on this, but have not found answers.)
I have two google groups through my G-suite and I want to automatically add people to both groups after they sign up for my club through a process on my website. I think this should be possible using:
https://developers.google.com/admin-sdk/directory/v1/guides/manage-group-members
I have gone into the API Console, created a new project, enabled the Admin SDKI API, and got an API key. However, I think I am running into the Authorization issue because we keep getting an error that the authorization token is missing.
I have tried using the OAuth 2.0 but I'm not sure if this should be "Internal" or "External". I'm not creating a whole app for someone to use - all I want to do is on the back end of the site take information that comes through when someone joins the club and automatically have them added to my google groups.
Is it possible for someone to please explain to me what I need to do?
I'm sorry this is kind of a basic question.
Thank you for your help.
Related
I'm developing a webapp which allows users to log in with their Google accounts, using OAuth2.0.
I've created an OAuth2.0 client ID, configured the OAuth consent screen with the Publishing status set to 'Testing', and added a test user.
The frontend of my app is built with React, and I'm using a package (react-google-login) to handle the flow. I can successfully sign in with the Google account I added as a test user, and retrieve the basic profile information needed.
The problem is I can also sign in with other Google accounts, which have not been added to the list of test users. I imagine that Google should simply not issue access tokens for accounts which are not in the list of test users.
I feel like I've misunderstood something about the OAuth process, or I have configured something incorrectly. I would appreciate if anyone had any pointers?
Thanks.
It is indeed bugged.
I was in the same spot as you, assuming I had misunderstood something. After reviewing my code over and over with no luck, I made a Stack Overflow post, in which I was advised to post to Google's bug tracking system. After doing some troubleshooting with Google they confirmed the bug, and they are now working to fix it (for a little while already).
I included this thread as an example when talking to Google. I meant to post an update here after getting in touch with them, but I forgot, sorry!
The buganizer thread with more details:
https://issuetracker.google.com/issues/211370835
Is it possible you're only asking for the email scope?
It appears the test user filter and possibly the whole concept of the 'app' being in test mode exists only inside the consent screen feature.
For some reason, Google doesn't show the consent screen if you only ask for email.
So... maybe that means you don't need a consent screen, and therefore don't need to care what that feature thinks about your app (that your app is in test mode and needs to be verified before going into production).
Or maybe it's a bug? Or maybe just because you can do this doesn't mean it's allowed by Google's terms. Maybe they just haven't implemented preventing that use case.
Anyway, it may help you to know that if you add a more significant scope like the Calendar API then the following things will change:
Non-test users will get a message like "The developer hasn’t given you access to this app." and won't be able to complete oauth
Test users will get a message like "Google hasn't verified this app"
Test users will see a consent screen
Basically, everything starts working as expected.
By the way, just putting "email" or "profile" for scope seems to be an old way of doing things, and all the newer scopes want you to use a full URL for the scope (despite google themselves not using the full URL when you're configuring your scopes).
For example, if you want the email and calendar scopes, you can put this value for your scope field:
email https://www.googleapis.com/auth/calendar
Or you can use this equivalent value:
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar
Not suggesting you add a scope like email for the sake of it, just that it sheds light on what's happening, and if there's a scope like that that you need anyway, adding it will solve your problem.
Trying to create SSO for AWS keeping Azure users as source of Truth. Followed below Tut's.
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial
http://blog.flux7.com/aws-best-practice-azure-ad-saml-authentication-configuration-for-aws-console
Anything is to be more precise with user attributes in Azure ? Has anything to enable in AWS to accept the SSO ?
Login is successful(Can see signin's in Azure AD) but it displays message "Your request included an invalid SAML response. To logout, click here
". Any idea what has gone wrong ?
Yes, I think you are on the right path. It seems that you are missing the custom attributes which we are suggesting to add for your application. Those are Role and RoleSessionName. Please see the step #5 in my article https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial and make sure that you use the same casing and namespace for the claims. With that the integration should work correctly.
May be I am late to this post. As Jeevan mentioned. You are missing custom attributes that you need to add. I have been struggling with same and found this well explained video. I hope, this will help any one who is struggling with this issues.
I am working on an app that uses facebook's check in feature from mobile phones. I have created multiple versions of the app on facebook so that i can keep production, test and development separated. All good. However, all my checkins whether test or dev or prod are going to the live facebook platform leading to check ins like "this is a test" or "blah blah" on live facebook pages. Is there a way to be able to check in but not on these real/live pages? In other words, is there a sandbox or development version where developers can freely update content?
Thanks you guys!
Best,
Sachin
So, as with many other things in life, banging my head against the problem helped a bit. I found out that I can create test users for my app - upto 500 of them. The documentation is at http://developers.facebook.com/docs/test_users/. I was able to create test users for my app, login to facebook with those test users and verify that my actions did not show up on public pages. Phew, now i need to deface these public property no more. :-) When doing this, you need to use the app access token not the regular user accesss token. To get that, follow this link: https://developers.facebook.com/docs/authentication/applications/. The last gotcha I faced was that the second link above states that you should have a parameter named grant_type=client_credentials in your graph request. I kept looking for types of client credentials that i could substitute what i thought was a place holder named "client_credentials". That term needs to go in verbatim. (GOTCHA). Also, twice when I tried to create a user, facebook responded with an error json saying that an "unknown error has occured". I was almost ready to give up... but like i said before, banging head against the problem helps. Facebook responded with a json like so after the third request:
{
"id":"*******1832",
"access_token":"*****",
"login_url":"https://www.facebook.com/platform/test_account_login.php?user_id=*****&n=*****",
"email":"****",
"password":"*****"
}
Hope this helps someone else who might also be looking for this info.
I should first note that I am a newbie in python/django applications but I am trying hard to learn :)
I am working/experimenting on a django project that supports login through openid providers. So I was able to login through my google account with no problems.
Recently, I decided to change the url of my site but at the same time I kept the current database because I dont want to lose my data,users etc. After that point, I am not able to login to the application. This is the following scenario that happens all the time:
Try to login to my site
Site doesn't remember me and I am redirected to google server
I fill my credentials in google server
I am redirected to my site that complains that the user already exists
So, I don't know how to manage with this problem. Is there any workaround or a hack that I can do to my database that will solve this problem? When I browse to my database I find several tables that may be related:
django_authopenid_association, django_authopenid_nonce, django_authopenid_userassociation,django_authopenid_userpasswordqueu
One of the tables in my database (django_authopenid_association) contains the following data. Do you believe that If I reset anything there is going to help?
If you have any good advices/tips are more than welcome.
Thanx
I found a solution/temp hack that worked for me. Of course, this doesn't imply that my solution is the optimal nor that I recommend this to anyone else.
What I did is to create a second account to my application using the same gmail account but having different user name. Then, I edit the new entry in the django_authopenid_association table, copy paste the openid_url value and use it for my old user (database entry 1 in the screenshot of my question).
After that, since I was able to login with my old user, I delete from the database the new user and everything seems to work smoothly until now.
I am currently developping a mobile application with a drupal 7 website as a backend. Using the services API with a REST server I was able to easily access the nodes, users, files and comments to see their content.
I am able via a POST request to log in the website but I cannot create a comment through the services API. Actually, there is no error and a new comment is well created in the database but it is empty and its nid is 0.
I also tried to download a valid comment, modify it with new datas, and send it but I have the same result.
I also need to add that the comments I am using or not just simple ones, they include some specific fields in their form.
Can anyone help me to solve this problem ? Has anyone ever experience something similar ?
Thank you
Check you are posting an object that is correctly structured, services isn't doing a comment_save()
Have a look at the test scripts for the structure
http://drupalcode.org/project/services.git/blob/refs/heads/7.x-3.x:/tests/functional/ServicesResourceCommentTests.test#l100