I am trying to use google api with google scripts.
I can get data from google apps for example by:
var result = AdminDirectory.Groups.get(OptionalArgs);
but when i try to do the same with:
var result = AdminDirectory.Groups.aliases.list(OptionalArgs);
I receive
TypeError: Cannot call method "list" of undefined
How can I get and update list of google apps groups aliases using google scripts?
What am I doing wrong with this sample?
The alias property should be capitalised.
var result = AdminDirectory.Groups.Aliases.list(OptionalArgs);
Not knowing what you already have done and what hasn't been done, I suggest that you please check and ensure that you enable advance services before use and as described in the API's prerequisites documentation, the Admin SDK must also be enabled on your domain.
And, to retrieve all group aliases,
use the following GET request and include the authorization described in Authorize requests. The groupKey can be the group's primary email address, the group's unique id, or any of the group aliases' emails. For the request and response properties, see the API Reference:
GET https://www.googleapis.com/admin/directory/v1/groups/groupKey/aliases
Lastly, as also noted, these are editable group aliases in the account's primary domain or subdomains. For group aliases outside of the account, see the group's nonEditableAliases property.
Reading through Google Apps Script Quickstart might also help.
Related
I have some applications served to my company users on EKS (i.e., Jenkins). In company we use Google Workspaces (GSuite) for email and stuff. So I want to allow users to login with Google creds to those applications I serve. I figured out I could use Cognito to achieve it but I cannot connect those and flow end with Google showing 403. Error: app_not_configured_for_user. In their documentation I can find:
Verify that the value in the saml:Issuer tag in the SAMLRequest matches the Entity ID value configured in the SAML Service Provider Details section in the Admin console. This value is case-sensitive.
but how do I debug it? I do not see a logs from neither AWS and Google sides :/
I think I followed all possible guides and I cannot find what I'm doing wrong. I found that Google has this page but they do not provide exact scenario for AWS Cognito. Anyways all of those are very similar so I guess I shouldn't have problems, but I do have.
What I did:
In Google Admin (one for workspaces) I created "Web and mobile app" of SAML type
I downloaded metadata file
In AWS Cognito console I created User Pool
I created IdP provider and uploaded metadata file there
I created application client
Using those values I filled fields ACS URL and Entity ID in Google Admin using values:
ACS URL: https://my-domain-i-just-created.auth.us-east-1.amazoncognito.com/saml2/idpresponse
Entity ID: urn:amazon:cognito:sp:us-east-1_myPoolId
I also selected Name ID format to be Persisted
In attribute mapping I mapped email value to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
In AWS Cognito I enabled HostedUI and also created mapping of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress to email field.
And now when I click View Hosted UI in AWS console it will redirect me to Google authentication and after it directly to before mentioned 403 app_not_configured_for_user page.
I tied it 3 times with slightly different configurations of mapping, signed responses, etc. but nothing gets me past that error.
Anyone tried to integrate it?
How to troubleshoot the 403 app_not_configured_for_user error related to SAML apps from the Google Workspace Admin console
The first thing you need to do is to grab a HAR file recording the whole login process and find the SAML request. Steps can be found here.
Once you get the file you can open it using that tool and search for SAMLreq at the top right (see image).
After that you will get a list of values containing information. You will have to check one by one until you find the one that has the SAML request in the request tab (see example below).
Once you get the value from the SAML request, copy it and you can use this tool to do a SAML decode and find the entity ID. You can use Ctrl + F and search for saml:Issuer to find the value faster. If the value does not match, then you know you have an error and you will need to contact the support team from the app to see which value is the correct one.
In case the value matches I would recommend opening a ticket to check with Google.
I'm interested in setting an xray "trace" UserID within an asp.net core web api (based on authenticated user claims contained within HttpContext User.Claims)
To me, it makes sense that if OAuth token has for example some claims containing identity information regarding the client of an api, that the xray trace have some attribute which is also contained within the claims (user email, or even custom claim)
What method do I need to call on the AWS XRay SDK in order to manually set this value?
Is there a method on an instance of AWSXRayRecorder?
Ive tried the below but this does not appear to be the solution, rather just a weak attempt or educated guess.
AWSXRayRecorder recorder = AWSXRayRecorder.Instance;
recorder.AddAnnotation("UserID", "123");
recorder.AddAnnotation("User", "456");
How does the sdk allow this type of control? Does it allow this type of control such that we can set the value of UserID?
Here you can see within the analytics tab, User is not set (showing "-")
I understand I can use annotations in a similar way, but here what I am specifically asking about is what shows on the UI above, the "User"
Ive also tried the below, however, this does not appear to have any effect on what I see on the analytics
var segment1 = (Segment)AWSXRayRecorder.Instance.GetEntity();
var segment2 = (Segment)AWSXRayRecorder.Instance.TraceContext.GetEntity();
segment1.SetUser("User1");
segment2.SetUser("User2");
I think currently you can set values like userID or user in the trace data using AddAnnotation or AddMetadata method. Would you be able to explain why AddAnnotation method is not the right usage for your use case? I don't think X-Ray SDK supports any other APIs to set such values other than AddAnnotation and AddMetadata methods.
I'm using the delivery endpoints of the Facebook Marketing API (v3.2)
I've successfully got this one working:
/{AD_ACCOUNT}/delivery_estimate
(Note, as usual the docs are misleading and you have to use the prefix act_ for it to work)
I can't get this to work:
/{AD_SET}/delivery_estimate
(Ad sets are groups of ads within a campaign).
If you just supply the number on its own, it fails, as you'd expect, with:
Cannot determine the target object for this request. Currently
supported objects include ad account, business account and associated
object.
I've tried a few variations - ad_, adset_, ad-set_, ad_set, adsetid_ etc. - none of which work.
Anybody know what it is? I've not found anything in the API docs, so if anyone does have a Facebook URL that explains it…
Answer - there's no prefix or special way to write ad set IDs. I'm unclear why it wasn't working before.
You can use this to get a list of adsets for the account (as an array in 'data'):
https://graph.facebook.com/v3.3/act_0000000000/adsets
Then you just supply the ID on it's own after the API version number:
https://graph.facebook.com/v3.3/12345678901234567/delivery_estimate?targeting_spec...
I am attempting to connect to the Google Analytics API using Matillion ETL on an AWS EC2 instance in an effort to load a data lake.
When I try to add the callback URL into the Google Developer Console http://ec2-99-99-99-99.compute-1.amazonaws.com/oauth_redirect.html, I get the error:
"Invalid Redirect: domain must be added to the authorized domains list before submitting."
I do have amazonaws.com added to the Authorized Domains on the OAuth Consent screen. If I add, compute-1.amazonaws.com/oauth_redirect.html, it accepts it. So I know it's recognizing amazonaws.com, but not for my specific EC2 instance
I was thinking it was because it's a sub-sub-domain, but I'm not sure if that matters. Based on other posts such as this other people have been able to connect.
I've also tried adding a new record set in Route 53 instead of the AWS provided URL, but I don't know how to change the default callback URL in Matillion. I've sent their support team a separate question about that, and will let you know if that resolves it.
I do think this is a problem on the Google side that should resolve it though. Could there be some setting in the Google console that I'm missing to allow this?
Edit: Using the Route 53 URL instead when signing into Matillion will force the OAuth config to use that instead when getting the callback URL. I'm able to connect to Google Analytics now. I will leave this post up in case anyone else runs into the subdomain.subdomain.domain.com issue with Google
As suggested in https://stackoverflow.com/a/36112649:
You can use free DNS by http://xip.io/. So for IP 99.99.99.99 use
http://99.99.99.99.xip.io/callback. And it would be resolved to
http://99.99.99.99/callback.
Further, make sure the redirect URI in the .env file or other similar configuration in AWS is set to http://99.99.99.99.xip.io/callback.
I have looked at all to documentation and I cannot find any API to allow me to get a list of the domains from a Google Apps instance: is there really no query I can do to get all of the verified domains?
You can get a list of all domains using the Directory API (Admin SDK) with the following get request.
GET https://www.googleapis.com/admin/directory/v1/customer/my_customer/domains
The documentation for this API method includes the APIs Explorer at the bottom of the page (under the Try It! heading) that provides a convenient form to execute this API call. Enter 'my_customer' in the customer field.
The response will include a list of Domains and DomainAliases.