I want to fetch my users gmail profile details like phone, time zone, city, contacts, emails, chats and every thing else.
Is it possible to do it with oauth or I should use from something else?
And please guide me how to use oauth or your suggested library.
It is possible, but you have a slight confusion regarding the use of OAuth.
First, OAuth is an authentication protocol which some of Google's APIs support. It is used to verify credentials in a safer and departmentalized way. Meaning that the user can grant limited access to a third party application. The application access can be limited to one or more services.
Note that not all Google APIs support OAuth authentication.
You can read more about Google-OAuth here:
https://developers.google.com/accounts/docs/OAuth2
Second, to access the information you want you probably need to use the Admin SDK which includes the Email Audit API
The Google Apps Email Audit API allows Google Apps administrators to audit a user's email, email drafts, and archived chats. In addition, a domain administrator can retrieve account login information and download a user's mailbox.
This excerpt is from here, where you can read more about this API:
https://developers.google.com/admin-sdk/email-audit/#accessing_account_information
I did not use it myself, but as I understand it, the Admin SDK gives you access to most if not all the information you need. So in case you need to access more information, just look for other Google APIs. Here a list of Google APIs where you can start looking: https://developers.google.com/apis-explorer/
Related
This is my first question on the Stackoverflow. I have already read the https://stackoverflow.com/help/how-to-ask section and I have read and read and read over the internet to find the connection between OAuth2 and MFA. Which made me more confused. When I take them separately I understand the basic concept.
Background. I am developing a windows application and using mailkit to implement the email there. When I research how to implement MFA on that, most of the answers are talking about OAuth2. That's why I really need to find an answer for this questions.
I have read
https://learn.microsoft.com/en-us/answers/questions/513048/microsoft-office-365-outlook-sending-emails-using.html and https://github.com/jstedfast/MailKit/blob/master/ExchangeOAuth2.md and many more articles to achieve my goal. They all are talking about OAuth2 not MFA.
I am sorry if my questions doesn't make much sense. Please help me to understand this.
Thank you.
OAuth 2.0 and MFA are not related to one another directly.
OAuth 2.0 is an authorization protocol which provides a client application with the delegated access. Way of delegation is defined by grant type and based on the use case you can choose one or another. It does not tell you directly how to authenticate the end user.
For example, using classic authorization code flow you can point the user to login page and optionally consent screen (allow / deny access to the app). An example of URL would be:
https://authorization-server.com/auth?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=photos&state=1234zyx
Then it's up to authorization server how to authenticate the end user. It can be a login / password screen followed by any type of MFA.
MFA, on the other hand, stands for multi-factor authentication, meaning that there can be 2 of more factors of authentication (such as login and password pair followed by one time code, SMS or anything else).
Based on my understanding of the OAuth2 with Exchange that you've shared, you just need to register an application on Microsoft platform in order to access Microsoft APIs for email sending. That's indeed an OAuth 2.0, but I don't see anything related to MFA there.
The Company I work with has many clients who uses Google Ads to do marketing for their websites. The company wants to use client's data for Analysis.
I am given a project to integrate Google Ads API using C# to get all the data such as Campaigns etc from Google ads and move it to our system for each client.
I am only given developer token and customerID for Clients.
such as
Customer ID for Client A
Customer ID for Client B
I am bit lost when I went through the google ads API documentation. In the documentation, the OAuth2.0 needs creating in order to use client library which would generate client ID and Client Secret, Refresh token to integrate the API.
My question is. Do I need to create OAuth2.0 for each client or do I need to ask my company to generate Client ID and secret in company's Manager Account or Client that uses Google ads would provide me these?
The following Link I found to create OAuth2.
https://developers.google.com/google-ads/api/docs/oauth/cloud-project
This is what I believe would require in C#
Content can be found at https://developers.google.com/adwords/api/docs/guides/first-api-call#.net_1
Would highly appreciate if any one can help me what actually I need to configure google ads using C#
If your company manager account is a manager for the relevant client accounts, you would just need to authenticate as the manager account using your developer token, client id and secret. This gives access to the Ads data for all clients linked under the manager account.
E.g. calling Google Ads API CustomerService > ListAccessibleCustomers returns a list of customers accessible to the authenticated client.
Further to comments where you say you will be creating a console app:
The link in your question says use a desktop application if:
You're managing all of your Google Ads accounts using a single top
level manager account. You're a first-time user, or want to get
started quickly with the simplest setup. Your app will only
authenticate Google users from one machine.
So using a manager account which links the required client accounts would be required in this case. See OAuth desktop application flow.
If you used a web application, the clients could log in and your app could read and store their refresh token in a database to make future calls to the api for their account.
You only need to create one application in the Google Console and have one Client ID and Client Secret for it.
Using that one set of credentials, you can go through the OAuth flow with each user to get an access token and refresh token for each of them. The access token, along with your Developer Token, will give you access to AdWords APIs for the user that granted it to you.
You need both your Developer Token and your user's Access Token in order to access the AdWords API.
If you're not as familiar with OAuth, you may look at a managed provider like Xkit (where I work). They have step-by-step instructions for accessing the Google AdWords API including how to generate the credentials and how to use them.
I am writing an application in C# which would run on a PC and allow a user to login to GCP and manage files there.
I looked at the sample codes on https://cloud.google.com/storage/docs/reference/libraries
The documents show how to use a service account for authentication, but I want to use user authentication.
In this way, if the user do not have permission to say delete data, the application can not do it. If I use a service account, which I don't want.
Is there any way that I use user authentication to log in to cloud storage services?
Is there any sample that I can use for this purpose?
Update 1
My main aim is to develop an application similar to gsutil but in C# and it should authenticate users similar to gsutils.
The same as gsutil, it would be used only by cloud admins who already have access to buckets via gsutils or cloud.google.com
Is the source code for gsutils published? How does it authenticate users?
What you might be wanted to use is this "User account credentials". This at the ends guides you to Firebase Authentication, which supports email and password authentication as well as federated sign in with identity providers such as Google, Facebook, Twitter, and GitHub.
You can sign in users to your Firebase app either by using FirebaseUI as a complete drop-in auth solution or by using the Firebase Authentication SDK to manually integrate one or several sign-in methods into your app. This will be up to your needs and how you want to build your app.
I am new to UWP and I am trying to make an app that includes sign in with Microsoft account. The problem is that I got very confused what API should I use and how to make the authentication.
After very long search I found that Microsoft have APIs and SDKs for everything - Outlook, OneDrive, Live, Office365, Microsoft Graph etc. But there is no clear documentation, what developer should use to authenticate a user and get his account details such as name and email.
It seems that the Live SDK could do the trick, but Microsoft state that this SDK is legacy and developers should use OndeDrive SDK. But OneDrive don't suit my needs, I can't get users email address and also I have to have developer account so I can build a sample app to test it. This is too much just for a test, isn't it?
After more research I found that Microsoft Graph could help, but it seems that it is only for business purposes or maybe I am wrong?
So in short what I try to achieve is making an app that let the user sign in with his Microsoft account. After successful authentication I need to get his account details so I can build him a profile in the app. And all of this I want to do it without having to make developer or business accounts.
Hope someone could help, becaouse the Microsoft documentation is very confusing.
Microsoft Graph does support the ability for you to sign in with a Microsoft Account, and then access the user's very basic profile and their personal consumer OneDrive and Outlook. Token acquisition is achieved through the new v2 endpoint (converged auth, that allows you to get a token for the signed in user, whether they are a consumer user through Microsoft Account or a commercial/business/school user through Azure AD).
I recommend taking a look at a couple of places. One place is https://graph.microsoft.io/en-us/docs/authorization/converged_auth and here on app registration and token acquisition: https://azure.microsoft.com/en-us/documentation/articles/active-directory-appmodel-v2-overview/ and here for get started for windows apps: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-devquickstarts-wpf/. NOTE: This last one uses a preview/experimental client library.
Hope this helps,
I have an Azure account and currently a Mobile Service setup with a SQL Database so that my Windows Store app can communicate with the database.
I have developed sites using ASP.NET WebPages authentication. And I need something similar for my Windows Store app.
I have successfully gone through the documentation and tutorials on the Windows Azure website and implemented ACS (Windows Live ID, Google, Yahoo!, and Facebook) - but the thing is - I don't want Google, Yahoo!, Facebook or even Windows Live ID or Microsoft Account) logins - I want my OWN login but it seems that they don't give you this option (correct me if I am wrong).
I need to allow users to signup from within my application (that means, providing their name, DOB, email, phone, address, etc) and shove it all in my database.
Now, after implementing Microsoft Account login with my Azure service, I found out that you can't even get the most basic information about any user who has logged in to your application - not even an email address.
I have spent hours searching online for something that could possibly help but I am running out of keywords - and have not hit a single related result yet.
Does anyone know if this is possible? How would we go about integrating login and signup with a Windows Store app that set/gets this data into/from a Windows Azure service?
Any code, samples, links, tutorials, documentation, etc would be highly appreciated.
You have gone down the road of hooking up external identity authentication, which in my opinion for an external facing web application is a better approach. Benefits are:
Your application is only responsible for Authorization not Authentication. There is a whole lot of work involved in Authentication and a large number of best practices. Best let those who know best take the burden of this. This doesn't mean you shouldn't try and understand it though.
If your site gets hacked you don't have to tell them that their username / email and password combo has been compromised and they will probably have to change there passwords on other sits.
You are also making sure that your users don't have to remember / manage yet another username / email address password combo
If you really want to do the Authentication then that is fine but you will need to do it yourself. Have a look at examples on Asp.Net Membership. This is not the only way and nor is it the best way but there are lots of examples.
Now if you decide you want to use external authentication I can give you some pointers to help with your current implementation.
First thing to note that the Id you get back from Live, Google, Facebook can only be assumed to be unique for that provider. Therefore if you want to keep a profile in your system for that identity and you want to use more than one provider you will need to implement it in such a way that you can keep the id unique in your system and help you associate it with a provider.
Website Authentication with Social Identity Providers and ACS Part 2 – Integrating ACS with the Universal Profile Provider
As you have found out not all of the Authentication providers return the same "claims". A claim is something that user claims to have, such as an email address, name, date of birth, etc. All the ones you can use by default via the ACS return Uid and some return a name and email address. What you have to do is fill in the gaps. When someone registers you will need to pull the relevant claims and then ask them to fill in the missing ones. You may also want to map the different claims in the ACS to a common name that you can use in your app as one provider might use slightly different names.
Federated Identity with Windows Azure Access Control Service
Just because you do not handle Authentication you still need to be responsible for keeping your application secure. Half of the work has been done for you so your code should be a lot lighter but you will still need to make use of roles.
Windows Azure Role Based authentication (ACS)
The really nice thing about this approach is you can implement your application the same why SO have done with there identity model. You can allow users to associate multiple identities against their profile meaning they can login how they want to.
If you choose not to use the built in providers for ACS you will need to implement your own Identity Provider using SAML, OpenId, etc...
You can look into the Windows Identity Foundation (WIF) for implementing WS-Trust or WS-Federation.
There is also ADFS which has the same set of support but uses Active Directory with WIF and Azure has its own version of AD that can be used.
There is also thinktecture identityserver which can jumpstart your venture into IdP land, but I have not used it myself yet.
If you want to go the OpenId route there is DotNetOpenAuth.
If you're looking to add custom identity to your Mobile Services app, check out Josh's post on custom auth: http://www.thejoyofcode.com/Exploring_custom_identity_in_Mobile_Services_Day_12_.aspx