I am working on a project which needs to be integrated with Gsuite.
I am using .NET Core & EF Core for my project.
I have no idea how to integrate Gsuite with my application.
I've done lots of script that works with Google API's but I put all it needs manually(service account json file etc.).
Now, I want to make an application where users clicks the integrate with gsuite button.
Here is the scenario:
1) User clicks the "integrate with gsuite" button.
2) A service account is created with needed scopes in their GCP.
The result should be like this:
Any suggestions? Thank you.
Related
I have developed a desktop app that uses the Gmail API to download emails from only my own Gmail account. When I try to make the app "Internal", I am told that I cannot do so, because I am not a Google workspace user. So I started the verification process and went thru the first step - the domain verification process. After this step, I received this email from api-oauth-dev-verification#google.com:
Hi,
Thank you for your patience while we reviewed your project.
It looks like your app is only used by the people in your domain, so your project doesn’t need to be verified.
(Learn more about internal vs. public users).
Note: internal use and personal use are different.
Applications for Internal Use
If this is correct, please let us know by replying to this email. We'll then close your request, and you can update your project from public to internal by following these steps:
Sign-in to Google Cloud Console
Select the project ID: getEmails (id: getemails-354519)
Go to OAuth Consent Screen under APIs & Services
Go to User Type
Select Make Internal
Click Save**
But every time I try to make the app internal, I am prevented from doing so with the same message "Because you are not a Google Workspace user, you can only make your app available to external users".
How do I get around this Catch-22 situation? Any help would be greatly appreciated.
I have developed a desktop app that uses the Gmail API to download emails from only my own Gmail account. When I try to make the app "Internal", I am told that I cannot do so, because I am not a Google workspace user.
To set an app as internal you would need to have created that app on google cloud console using a user on your google worksapce domain. You can not set an app to internal if you have created it on a standard google gmail user.
So I started the verification process and went thru the first step - the domain verification process. After this step, I received this email from api-oauth-dev-verification#google.com:
If this app is being only used by you why would you want to verify it? verification is only needed when your going to have additional users then yourself.
But every time I try to make the app internal, I am prevented from doing so with the same message "Because you are not a Google Workspace user, you can only make your app available to external users".
Again you need to login and create the app from a user on your workspace domain not on a normal gmail user.
How do I get around this Catch-22 situation? Any help would be greatly appreciated.
If its single user, and you don't have a workspace domain. Don't verify it there's no need to.
I'm currently building a web application that works with the Gmail API. I'm waiting for approval from Google's security team to have a proper OAuth connection, but I noticed that users can pre-approve your application by searching within the API Controls settings by your App ID.
This setting is located in the Google Account via: Admin Panel > Security > API Controls > App Access Control.
I noticed that if a user does this before they try to connect your app it doesn't go against your 100 account limit within Google Developer Console while in beta.
My question is, could you have this as permanent solution to get around the Google OAuth application if Google never approves you? Of course, through this method the user is still giving permission, just curious if this has been done by anyone before.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Help
I'm trying to create a Web Application based on create-daml-app and this Web Applications React Typescript will be deployed to Project DABL as well. How can we use the Parties that were been setup on the Project DABL Ledger Settings and be used as a login on the Web Application using React Typescript? Based on the create-daml-app, they are using the link (https://login.projectdabl.com/auth/login?ledgerId=${ledgerId}`) for the login wherein it uses the Project DABL Account.
I know we can download the parties as a json and then be used on the Web Application but can we dynamically used directly the setup that was been done on Project DABL Ledger Settings?
Thanks for future help!
In DABL, the parties you create are mapped to your DABL user account. The first time you join or create a ledger, a party is created in your name automatically, and you have the option of adding more. However, each additional party you add through the console still gets mapped to your particular DABL account.
Interactions with the ledger are authorized by party JWT tokens. The login button & link is essentially a shortcut to allow a user to log in to their DABL account, while automatically supplying the party ID/JWT for that user’s default party back to the deployed web app instance. The web app should store the resulting token and use it when communicating with the API.
If you're creating the additional Alice and Bob parties for the purpose of demoing or testing your application from the viewpoints of different parties, I would add some additional form inputs to the Login component that allow for entering the party ID and JWT directly. These can be copied from the Ledger Settings page in the console. Your React app would simply read the ID/JWT inputs, store them in state, and use them when making API requests in the future. This way you don't need to continually redownload/replace the parties.json file every day.
The Login component for DABL Chat is a good example app you can look at, that handles both the button and this ID/JWT input approach. You can deploy a copy of it onto a new project if you’d like to see how that works, or take a look at the source for a better understanding. Since you’re also using create-daml-app as a template, you will need to do some modifications to add those inputs and hook them into the API calls.
Note that if Alice and Bob are meant to be real production users of the system, then the recommended approach is to have them use the Login with DABL button, so that they join with individual DABL accounts. In this scenario, the parties.json from your Ledger Settings will not even include their JWTs, since you wouldn't have access to credentials belonging to other accounts.
See the DABL documentation on authentication and onboarding for more details.
Essentially, I'm wanting to create an Oauth Client as an App so I can get data from Dynamics for multiple customers. Does anyone know if this is possible to do in AppSource or do you know of another way?
I have a service that will be served in a cloud different than Azure so there really isn't anything for me to submit as an App and I really don't want every customer to have to setup their own App that gives my service the privileges/access it needs, but it's looking like I may have to.
It sounds like you'll want to register an app with Azure AD (the OAuth2.0 service/identity provider for work and school accounts), and create a multi-tenant app. Then you can configure this app in the Azure Portal to get permissions to the APIs the app wants tokens to call (in your case Dynamics or the Microsoft Graph).
Once this app is written, you can code up your app using one of the Azure AD Auth Libraries. Here's some sample code for a .NET web API. You can find more code samples on Github and search active directory. Moreover, the Azure Active Directory Developer Landing Page is a great place to look for more resources on doing all of this.
My team is trying to develop a product for the google apps marketplace and I am having issues with the workflow in the new ADMIN SDK.
With the now deprecated Provisioning API we simply ask for a username and password from the account we are trying to manage.
With the ADMIN SDK it seems as though they would need to go enable the API, create a key and do a lot of manual work for this to happen. This really is a tough option for us as the technical level of our clients is not likely to be able to make this transition.
Is there something like the work flow for the provisioning API where they can enable management from a third party or a recommended workflow for a developer to build an application that can access any number of google apps accounts?
A use case for this is say I want to develop a different option for a console, I want to build a console web app and simply ask for credentials or easy setup routine and allow our users to manage their google apps account in a different way.
Thanks in advance,
Steve
The Admin SDK Directory and Reports APIs work correctly with 2-legged OAuth 1.0a which is what the Google Apps Marketplace currently supports and automates. You do need to turn the Admin SDK on under "Register for additional APIs" from your Vendor Profile page on the marketplace. Also, the Administrative APIs for the domain must be turned on. You'll get a generic error that the domain cannot use the APIs if it's off in which case you can direct the client to the exact CPanel page where they can turn it on.