I currently have a Mirror API only application that I am transitioning to a Hybrid (Mirror API + GDK App). The Mirror section of the application has the needed credentials and on new installs I am able to create the account (using the Account Manager system https://developers.google.com/glass/develop/gdk/authentication).
However, the Account insert call that happens from the Mirror API needs the userToken. The userToken is only provided on the initial authentication request from Google (and it specifically says not to save the userToken).
Is there some other identifier I can use in order to create the accounts? I'd like to back fill the account credentials for my existing users to make the transition to a hybrid application as smooth as possible.
It sounds like you're asking for a way to create accounts on Glass automatically for existing users of your application, correct?
Unfortunately, that's not possible; as you found out, a call to mirror.accounts.insert can only be made using the userToken that you receive from the MyGlass redirect. In order to create an account on the device for the GDK component of the application, your users will need to disable and then re-enable your Glassware so that they are redirected through your new authorization flow.
Related
This question might be borderline for here.
I am trying to get the API key for Google Cloud Vision. However, when I go to create an API key, that is not shown (only OAuth and serviced accounts are available).
How can you go around it?
Click the link "Credentials in APIs & Services" to create API Keys.
You'll need to choose the correct project but the link should be:
https://console.cloud.google.com/apis/credentials
API Keys are Project not API specific; the name makes this confusing, admittedly.
However, once you create a Project-specific API key, you can edit and should add API restrictions and you can select the Vision API there.
I encourage you to add Application restrictions too.
CAUTION You want to make the restrictions as restrictive as you possibly can. API Keys are bearer tokens and, by their nature, are often distributed. Anyone that holds the API Key (token) can access the project resources that its use confers.
You can use a Google Cloud console API key to authenticate to the Vision API. Follow the instructionsVision API -> Using an API key and Creating an API key
You can create a Key following the next instructions:
First you need to create a Service account as:
Then you need to specify the Service account name and ID, and you can add a description such as:
You click create and continue then you need to add the roles to the service account that you need just to show you I added Editor role:
Then I clicked done, and it created me a Service account then you need to click on the email of the service account.
There is an option menu on the top you click on Key, and then you click on ADD KEY.
Finally you have to choose the Key type that can be JSON or P12.
I've been stumbling around for a few hours trying to understand Cognito and identity management in a mobile app. I'm relatively new to mobile app development. I've made a mobile app before, but never one with a back-end. so now I'm playing around with AWS intending to try just that.
I want to make sure that each user using my app can be uniquely identified so that I can store content that they submit to the server associated with them. But I also want other users to be able to see their submitted content. I haven't decided on a data storage mechanism yet (Amazon seems to offer a few), but whatever it is will have to be an indefinitely free service since I'm not planning on spending (or earning) any money on this app.
Part of what is confusing me is the need to create App IDs with whatever service I wanted to use with federated identities. I am starting to suspect there are multiple kinds of identities that I'm getting confused. Does the App have its own identity independent of a user's identity? I didn't expect to have to create Google and Amazon App IDs just to allow users to log into my app using their Google or Amazon accounts. I suspect I'm understanding the API wrong, and I'm having a really hard time finding applicable sample code usable from Xamarin.
I have this much code (unique identifier x'd out):
CognitoAWSCredentials credentials = new CognitoAWSCredentials(
"us-east-2:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", // Identity pool ID
RegionEndpoint.USEast2 // Region
);
And that seemed to run (in a debugger) without throwing an exception at least, but I'm not clear what it has given me. I'm doubting that this credentials object uniquely identifies the user after they might reboot their device, and start the app again the next day. For that I suspect I need something more, and I'm not clear what. What's the next simplest step to get a unique identifier for a user which I can store along with their content to associate it with them?
Are you set on having users use third part identity or do you want to provide user's their own identity? For federated identities (3rd party) you need to provide an Identity Pool ID which is created in Cognito to identify the federated identity provider. For your own identities in Cognito you create User Pools which also have an ID.
If you want to provide user sign-in and sign-up you want to use Cognito identities and not federated identities. The link below has some good references regarding this -
https://aws.amazon.com/cognito/dev-resources/
We're using Google Analytics API in our application and perform actions (read data) on behalf of our users (we get their tokens via OAuth2). We use a client id and client secret to authorize our Google API project (application).
The problem is that we're unable to reach this project in Google's developer console, because the user in our Google App account who created this project was deleted. Regardless, the Google API still works (we have the key and the client secret) but we're unable to reach it in the admin section in the browser, but we can't access it because the owner was deleted.
What are the options to recover access to this API project? Is it possible to transfer ownership of this project using Google API? It's running in production so we can't afford to generate a new API project.
Is it perhaps possible to generate a new API project by keeping all our users consents (they authorize their accounts using an authorization popup in our web app)?
EDIT: it's also possible the user still exists, but we don't know who's the owner. Is it possible to retrieve this info using the app's api key/secret?
How to find out who owns your credentials.
Authenticate your application the pop up window will appear. Click on the name of the application the little arrow and a drop down will apear with the email address of the developer who owns the project.
If you have lost access to this account i am not aware of any way of getting access back. However for the sake of curiosity i am going to contact someone at Google and find out if they have a procedure for account recovery or not. I will update this when i hear back.
If the account that has a credential was a gsuite user then we can transfer the project to the admin of the domain.
Have the admin of the GSuite contact me with information on the project, client id, email of the user who was deleted. We can then add the admin of the gSuite as the owner of the project.
From the question, this was likely a gsuite user because even after the account is deleted, the project was not deleted.
I've created a Glass app in Python. I began with the mirror quickstart for Python and have my app running fine except some users are getting multiple notifications. I only have one row per user in my Credentials table, however when I go and look at my own Authorized Access on my account I see that I have my Glass project listed 8 separate times.
Can anyone tell me how to check and see if the user has previously granted access to my app when they sign in and if so then skip creating a new token.
You can use the user's ID to prevent storing more than one credential for each user.
When you complete the OAuth flow, you'll receive an ID token along with the access and refresh tokens. If you decode this token, you'll see something like this:
{
"iss":"accounts.google.com",
"at_hash":"HK6E_P6Dh8Y93mRNtsDB1Q",
"email_verified":"true",
"sub":"10769150350006150715113082367",
"azp":"1234987819200.apps.googleusercontent.com",
"email":"jsmith#example.com",
"aud":"1234987819200.apps.googleusercontent.com",
"iat":1353601026,
"exp":1353604926
}
The sub key is the one you're interested in. Use this value to uniquely identify your user. If you see a user authenticate with a user ID that you already know, replace the old value.
If you update your question to include the code you're using for your OAuth flow, we can provide more specific advice. Or, you can learn more about this from Google's OAuth documentation.
Is it possible to get a list of alerts for ALL users within a given site? After messing with the GetAlerts method in /_vti_bin/Lists.asmx, it seems it always executes in the context of the user who provided it with credentials, and will only return the Alerts for THAT user. I was hoping to get a list of EVERY alert within the site.
I know I can probably do this via the SharePoint API in a console app but was hoping to use web services or another method that didn't require direct access to the SharePoint box.
I guess the other method would be to write a custom web service... but I was hoping for something quick and easy.
I think you have answered your question. There is no easy way, only custom coding is left.
Couldn't you use the _vti_bin/sitedata.asmx GetListItems (it allows you to send CAML) method to retrieve alerts and just run the call to the service as the application pool's identity, that should retrieve all items, since the application pool identity is the system account for your site collection....