Is it possible to use oauth2 to access the Google calendar of several Google account users external from any user running my app? Can I run the free-busy API call to find out when the external users are available? If possible, do all external users in this call have to be in the same organization? To identify the users, do I need their email addresses? Can I write this in Node.js to run on a server? How can I grant access to the Node.js application running the free-busy query for all the external users being queried?
You can use Google Identity services to call the API and get the necessary token to access the Google Calendar for web applications, either user "Sign-in with Google" or "One tab."
Both options can be used on Mobile devices and web applications.
You can find more information about the authentication with calendar data API in this documentation or more information about the OAuth client library for Node.js here.
Related
We have a REST API built for our company products listing and user accounts. We want to expose this REST API for external clients so they can use integrate our API into their websites. We have the client domains registered in our database. We will be giving them a API key specific to each client for access to our API. The users from the external sites will be registered via our API using phone number and verification code. Can you please advice me on the Oauth 2 Grant type to be used for authentication in this case?
I've created a SPFX feature that needs to call an external API. The external API is part of a system that has its own authentication methods outside of SharePoint. Ideally I would like to send details about the current logged in SharePoint user to this API, validate them to ensure that the user is actually logged in in SharePoint, compare the SharePoint user with the external system's user (they'll have the same email addresses) and, once matched, run the external API's code with that user.
Is there any way to go about doing something like this? If not, what is the best way to handle this sort of problem? Do other Microsoft tools like Azure need to be used for this?
The supported way to authenticate SharePoint framework components to a custom API is by using Azure Active Directory (AAD) and OAuth.
You need to AAD-protect your API. You can configure it so it supports two authentication mechanisms: AAD and your current authentication method. For example, if a JWT token is present, you use AAD+OAuth, and if not you use your other authentication method.
The SPFx to API authentication mechanism is described in details in the page Connect to Azure AD-secured APIs in SharePoint Framework solutions.
In summary, you will need the following elements:
Register an application in Azure AD, which represents your API.
Use a server library to protect your API with that AAD application.
Configure your SPFx package so it has permissions to query your API.
Grant the permissions to your SPFx package in the SharePoint central administration.
Use the AadHttpClient in your web part to access your API.
I want to use Google Drive API, Sheet API, Gmail API in my Python program.
I follow this page. It says
"Create credentials to use the Google Drive API
After Enabling the Google Drive API, Google should take you to the Google Drive API console for your project.
Click Create credentials."
It will create credentials for using only Drive? I read a lot of docs, official, blogs, tutorials, etc. I'm beginner in this topic, so please give some details also, because not everything is clear for me.
There are four types of credentials and they are used for different purposes and require different code to use them.
Browser credentials used for applications which will be hosted on a website. For use with accessing private user data.
Native credentials (other) used for installed applications. ex: A windows desktop application. For use with accessing private user data.
Service account credentials used for server to server communication where the developer has access to the account which will be accessing the API.
Mobile applications.
The first thing you need to do is decide whose data you will be accessing. Are you expecting to access a users data then you will need to use OAuth2 and request the users permission to access the data. If you are acting a static drive account and only that account and you personal have access to set it up you could use a service account.
Browser credentials
Uses OAuth2 to request permission of a user to access their data. Response will be returned to a web site. web app sample
Native credentials
Use OAuth2 to request permission of a user to access their data. Response will be returned to the host where it was sent from. installed app
Service account credentials
Service accounts are dummy users which we as developers can use to pre-authorize a user with access. This method will not require user sign-in or consent. service account
Note
You will probably only need to create one credential type. You will need to enable all of the APIs you intend to use in the Google Developer Console. (Google Drive API, Sheet API, Gmail API) You should know that service accounts do not support gmail API unless you have a GSuite account and can set up the authorization.
You will need to create a service for each of the API types.
drive = build('drive', 'v2', credentials=credentials)
sheets = build('sheets', 'v2', credentials=credentials)
gmail = build('gmail', 'v2', credentials=credentials)
I am creating a Node JS (Express) web app that will display a user's Google Calendar events, once they have logged in.
There will be multiple users, with data such as name and email address stored in a database.
Once a user has logged in, how can I retrieve a user's Google Calendar events associated to them without requiring any additional user input?
I have implemented Google's quick start sample here https://developers.google.com/google-apps/calendar/quickstart/nodejs
However this provides only access to a single authenticated user (authenticated via a terminal authentication process), with no opportunity to request a calendar of another user.
-
Question
How can I authenticate multiple users via a signup page (rather than using the nodeJS terminal) and access these google calendar events later via the data stored in a database? (Server side, with no interaction required )
Thanks
You can try to use Domain Wide Delegation in the Service Account. It is stated here that:
If you have a Google Apps domain—if you use Google Apps for Work, for
example—an administrator of the Google Apps domain can authorize an
application to access user data on behalf of users in the Google Apps
domain. For example, an application that uses the Google Calendar API
to add events to the calendars of all users in a Google Apps domain
would use a service account to access the Google Calendar API on
behalf of users. Authorizing a service account to access data on
behalf of users in a domain is sometimes referred to as "delegating
domain-wide authority" to a service account.
Just remember that you need a service account here to enable the domain wide authority. For more information, just read this link. It also discussed here on how to create service account.
I've originally used Web API 2 with Individual Accounts so that users can create a new account by supplying a username/email and password which is stored in my DB.
I'm now looking to put this API into Azure API service and have looked at the documentation about authentication but this mostly talks about external authentication. Can we use Individual Accounts with Azure API or will I need to handle this myself within the actual API?
Also, with the third party authentication all the examples use a redirected website (FaceBook, Google) to get the user to log in. I want to call this from a mobile app so does it support extenal authentication using API calls or will I have to do that myself?
Thanks
The is no problem in using the security you originally used. The documentation you are looking at describes how to do claim based authentication, authentication with azure ad and internally secure your application with service principals. When using a mobile device, you can go with claims authentication. However you should first figure out what you really want to do.