Requirement:
I want to access the Google drive documents of a particular user programmatically(being someone#gmail.com is his email id).
Present Condition:
I am using Google drive SDK to achieve this. The sample provided by Google launches a browser process with an URL which asks me to login with that user account and then give an authorization code to actually perform my tasks.
Problem:
I want to automate the entire process. I don't want any manual interaction in this process.
Findings:
While hunting for the solution I got Use regular Google accounts as application-owned accounts which looked friendly to my solution.
Questions:
Please suggest me a way I can automate Google authentication.
Is there anything like google enterprise solution such that an admin account can look into any account in that organization?
You can perform Google Apps domain-wide delegation of authority to allow a Google Apps domain administrator to access data on behalf of one of the users in the domain. This only works on Google Apps domain and not for gmail.com accounts (for which there's no domain administrator role). You can learn more about this feature on https://developers.google.com/drive/delegation
Related
I need help.
I need to create an app, which takes all events from different calendars from my company, and display them in computers in conferences rooms. This is created, works good. To authenticate I use Oauth 2.0 like google wants, but I tested it only on my computer. When the app was launched on the computer in the conference room, the app needed logging into google account, which surprised me, because I put my oauth 2.0 credentials into my code, so I thought that this would be enough.
How can I skip that part, to authenticate only from code level and not display Oauth popup message to user?
When you run your code locally you are authorizing it. If you are using the official Google api .net client library then it is storing your authorization credentials in the %appdata% folder on your machine. Once you move this to the computers in the conference rooms they have not been authorized and there for will require that you authorize them. So you should be able to just run it once on each machine and authorize it and it will be all set.
If you do however have a google workspace account, I would recommend you look into using a service account and configuring domain wide delegation this would stream line your process a bit.
The following example shows how to use a service account with domain wide deligation.
var credential = GoogleCredential.FromFile(PathToServiceAccountKeyFile)
.CreateWithUser("user#yourdomain.com") // delegate to user on workspace.
.CreateScoped(new[] {CalendarService.ScopeConstants.Calendar});
I am writing an application in C# which would run on a PC and allow a user to login to GCP and manage files there.
I looked at the sample codes on https://cloud.google.com/storage/docs/reference/libraries
The documents show how to use a service account for authentication, but I want to use user authentication.
In this way, if the user do not have permission to say delete data, the application can not do it. If I use a service account, which I don't want.
Is there any way that I use user authentication to log in to cloud storage services?
Is there any sample that I can use for this purpose?
Update 1
My main aim is to develop an application similar to gsutil but in C# and it should authenticate users similar to gsutils.
The same as gsutil, it would be used only by cloud admins who already have access to buckets via gsutils or cloud.google.com
Is the source code for gsutils published? How does it authenticate users?
What you might be wanted to use is this "User account credentials". This at the ends guides you to Firebase Authentication, which supports email and password authentication as well as federated sign in with identity providers such as Google, Facebook, Twitter, and GitHub.
You can sign in users to your Firebase app either by using FirebaseUI as a complete drop-in auth solution or by using the Firebase Authentication SDK to manually integrate one or several sign-in methods into your app. This will be up to your needs and how you want to build your app.
So I have a few accounts that have documents on them, and having to switch between them all the time is quite frustrating, so I wanted to have them shared so that I can just have a link to view the file (no editing or anything).
Problem is, now with v3, I seemingly have to add the Drive API to every account that I want to view, which doesn't work for me. It's too much of a hassle to go through ALL of the accounts, when I have the username/password for them all already.
Is there a way to have a list of all my accounts username/passwords and somehow query to get a token to view only of the files? Or is this completely not possible anymore with v3.
I can get it working fine but instead of username/password, I have to enable drive API on the account, copy/paste the credential/secret instead of the username/password, and it works perfectly. I can search through all the files I have 'found' by accessing and reading the files and AlternateLink's accordingly... I just would like a non-intrusive way for my application to do this.
This is written in C#.
Unfortunately you can no longer use username/password via an API since the ClientLogin API was shutdown in 2015.
Using OAuth, each user can be prompted to grant permission to your application. They need do this only once.
Alternatively and if the user accounts are GSuite based Google accounts, then your C# program could use a single service account and impersonate any or all accounts on your domain (once given permission to do that by your domain administrator). This obviates the need for each user to grant permission to your application. You can read about how to do this in the Delegating domain-wide authority to the service account doco.
Another alternative may be to create a google group and make all 3 accounts members of that group. Then share a folder (view, comment or edit access) with that group and put all files and sub folders there into that folder.
I'm working with the QuickBooks Online API to track user accounts, and I need to track non-admin users after the admin user has granted access. I know how to get the realm id of the admin user after the OAuth procedure, but I need to identify other users on the same company file.
Intuit's docs on https://developer.intuit.com/docs/0025_quickbooksapi/0010_getting_started/0030_integrate_your_app/0030_signing_into_and_out_of_intuit_from_within_your_app/sign-in
say that the realmid may sometimes be available after OpenId login if it is requested, but it isn't for my case. This is what I tried for that:
fetch.Attributes.Add(new AttributeRequest("http://axschema.org/intuit/realmId", true));
I also read that it may be available through the Url referrer, but I can't find it there either :(.
How do I get the realm id of non-admin users?
Update:
This appears to be something completely separate from openid and oauth related to intuit's ipp platform. After the admin for the quickbooks online account grants access, you need to track account management from there, I think.
Correct, you need to keep track of the non-admin users.
I want to fetch my users gmail profile details like phone, time zone, city, contacts, emails, chats and every thing else.
Is it possible to do it with oauth or I should use from something else?
And please guide me how to use oauth or your suggested library.
It is possible, but you have a slight confusion regarding the use of OAuth.
First, OAuth is an authentication protocol which some of Google's APIs support. It is used to verify credentials in a safer and departmentalized way. Meaning that the user can grant limited access to a third party application. The application access can be limited to one or more services.
Note that not all Google APIs support OAuth authentication.
You can read more about Google-OAuth here:
https://developers.google.com/accounts/docs/OAuth2
Second, to access the information you want you probably need to use the Admin SDK which includes the Email Audit API
The Google Apps Email Audit API allows Google Apps administrators to audit a user's email, email drafts, and archived chats. In addition, a domain administrator can retrieve account login information and download a user's mailbox.
This excerpt is from here, where you can read more about this API:
https://developers.google.com/admin-sdk/email-audit/#accessing_account_information
I did not use it myself, but as I understand it, the Admin SDK gives you access to most if not all the information you need. So in case you need to access more information, just look for other Google APIs. Here a list of Google APIs where you can start looking: https://developers.google.com/apis-explorer/