Does ADMIN Directory have API for dealing with EMAIL Settings. Or do we need to continue using GDATA API for Email Settings.
The Email Settings API is still GData based. Until it is upgraded to the new Google API model, you'll need to continue to use the GData API and libraries to access it.
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I'm trying to build a plugin for a WordPress App, that uploads file to the users Google Drive space. I don't want the end user to create the Cloud Console Project. but rather just have him give consent so the plugin can access the needed data from his Google Drive account.
When I create OAuth 2.0 Client IDs in the Google Cloud Console (Web Application), Google asks for Authorized JavaScript origins and Authorized redirect URIs. Since the plugin will be portable and can be installed on different websites I can't define this.
How can this be solved that an OAuth2 Authentication by the user can be done, without knowing the URL where the app is running?
Thanks
You cant. Redirect uri must be configured properly, to point webserver the code authorization is running on.
You will need to instruct your users in how to create their own client.
Also as this is a WordPress application, you would need to share your client id and secret with the users. This is also against googles TOS.
possible workaround.
If you put up an authorization server on your own server. The users of your app could then login though that. A refresh token will be returned to their website running your app and stored locally. Your code could then run using the refresh token to access their data.
However you are then going to be responsible for verifying an app with google drive scopes.
I am trying to login to gmail and read the inbox messages (Subject, content).
I have basic code for that to login and read the messages. But I'm unable to do so. Reason for this is, I will have to use Oauth to authenticate orchange the settings in gmail as "Allow less secure apps to ON" (I tried and it's working) as suggested here. But i don't want to go with second option to change settings. How do i use Oauth/Oauth2 to login to gmail and read the inbox messages, subject and content (Python code) ?
You may check this documentation which describes OAuth 2.0, when to use it, how to acquire client IDs, and how to use it with the Google APIs Client Library for Python. The oauth2client library is included with the Google APIs Client Library for Python. It handles all steps of the OAuth 2.0 protocol required for making API calls. It is available as a separate package if you only need an OAuth 2.0 library. The sections below describe important modules, classes, and functions of this library.
Check this Python Quickstart for Gmail API.
I already have a django app running on App Engine, but the current user authentication is provided by Djoser, which uses a simple token authentication.
Now I want to write some new APIs to third party applications to allow them to access user data. So I need to implement the OAuth2.0 authentication.
I found some libraries such as django-oauth-toolkit. But the tutorial assumes that you build your app and database from scratch. So I wonder if there's a way to use my current user database to do OAuth2.0 authentication, instead of asking the user to signup again with the same username. Thanks.
So there's no need to start all over again from a new user database. One can continue using whatever authentication methods currently being used to register users. Just write a new app (for the new APIs) and add OAuth2 and run a database migration, which will build several tables needed by OAuth2.
When the OAuth2 authentication process starts, these tables will be filled with grants and access tokens and client application related info.
I'm running a Django app, and I'd like to make a Chrome extension to allow users to post content. My users can sign in via Twitter, Facebook, and Google (via python-social-auth). I presently do not require accounts to have passwords, so there's no way to log in outside of the oAuth2 methods. How can I authenticate users in the Chrome extension to allow them to post?
The workflow would be something like this:
Install Chrome extension
Authenticate with my site, which has no password-based user accounts
Interact with my API (w/ authentication also via separate oAuth2 consumer, presumably)
I was able to read the user's session cookie from my site's domain and interact with my API w/o a problem.