I would like to create a script to be scheduled in a .bat file that automatically links to google contacts and creates contacts read in a Mysql Database.
I would like a system that does not require any user action.
I know that service-account exist but I have no idea how to create the program. Do you know how to do it?
I hope you can give me a hand.
For the moment, I wish you a good day.
This can be done in three steps if the user is not part of G Suite.
Authenticate the user using OAuth with access_type = offline.
Save the generated Refresh Token.
Use the Refresh Token to generate a new Access Token and then update the account's contacts. The Access Token will be valid (default) for 3,600 seconds.
If the user is part of G Suite, then enable Domain Wide Delegation on a service account and impersonate the user.
Related
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
We used JWT to create users automatically in Docusign, from Salesforce - this is working fine, the users are getting created in Docusign. We have claimed the email domains.
However, when these users try and generate documents (DocGen) or use eSignature (as themselves) they are asked to authenticate (we used the DocGen and eSignature managed packages). The users don't know their login credentials because the automatic provisioning process is supposed to activate their accounts automatically using the DS admin user of the account/organisation and/or with the integration key which has been setup with the following scopes - "organization_read group_read permission_read user_read user_write account_read domain_read identity_provider_read signature impersonation".
Any tips on how to get past this? We don't have SSO setup with Docusign (identity provider)?
Once the user_id being used to make the JWT calls was given full admin access it all worked fine and silent activation took place
Now when the new user logins to SF and tries to generate a new document (doc gen) or send a new document (eSignature) they are asked to 'Authorize' and consent the first time - there is no need for them to login.
I have been trying to implement JWT Auth grant for our back end application which will be creating URLs for signing operations for our end users.
What I want to active is that there will be no login/granting consent operations while sending the envelopes and creating signing URL. I want to dedicate one user for creating envelopes and sending them for signature.
Firstly, I've created a demo account and an organization. I also created an integration key and a RSA key. I needed to choose Implicit Grant or Authorization Code Grant while creating the integration key and I chose Implicit Grant. Lastly, I gave signature impersonation permissions to the integration key.
I have checked and made experiments with jwt example project after configuring with the required info of the user that I want to dedicate. It asked for the consent. After I gave consent, it worked finely. Then I configured the back end with the same integration key and the guid of the user, again it was working with our back end application that I was able to send automated envelopes.
I created another demo account in DS and this time I directly put it to our back end, I am getting consent_required error which I understand that I couldn't give the admin consent properly and it was just working with previous demo account because I gave the consent to that.
I want to know that how long that consent would last. or Is it the correct way to achieve what I want? because I think, ideally, I need to give admin consent to this dedicated user to have it able to send automated envelopes.
Thank you a lot in advance.
I see two questions:
How long consent would last? - forever. Or if you go and explicitly remove it.
Is it the correct way to achieve what I want? I don't know what you want, but the title says "Sending envelopes from one dedicated user" so, in theory that is correct. However, keep in mind that that user will be different when you move to production ("go live") when your application is ready for real usage.
I am trying to access Instagram feeds for my user and hence I have created a Access Token as per documentation
https://www.instagram.com/developer/endpoints/
I am able to access my feeds by passing access token over
https://api.instagram.com/v1/users/self/media/recent/?access_token=
However, I would like to fetch other user's feed (read only). So I want to make user as configurable and when I change user, I get respective user's feeds.
Could you please let me know if I have to use different end points?
I have tried
"https://www.instagram.com/v1/users/{user}/media/recent/"
But it is not working and resulting in page not found.
Any help is appreciated.
Regards,
Suyash Bhalekar
If you don't plan to have more than 10 users you can use Sandbox mode. Access token is connected for given Instagram account, not to your entire app. So other users needs to "log in" to your app and approve access to their personal data. Once they do that you receive access token for their Instagram user and you can use /self/media/recent endpoint.
However if you plan to have more than 10 users you need to submit your app for review.
I have little problem. In my application users are auth via Azure AD and his user profil is in DocumentDB.
When Administrator delete user profile I need to force log out the deleted user.
How to do it? Delete action deleting ad and documentdb entry.
Based on the description, you want to sign-out the users after the administrator delete the users profile from documentDB.
If I understood correctly, it is more likely building a real time application that nofify the specific client when the delete action is performed. I am trying to explain it using a figure below:
And for building the real time application, we can use the SignalR. And you can refer more detail about it from links here.
And another solution for prevent the deleted users to access the proteced resrouces, you can check it before the users access the resources.