I have an application that uses Google Cloud IAP to authenticate users. IAP requires the user to authenticate using their Google account, and then headers are passed to the application afterwards that identify that user (user id, user email, and a token).
I would like to get the user's Google account photo after authentication using the People API (would use the Plus api, but it is being shut down).
NodeJS code examples would help a ton, but either a high level guide or examples in other languages would also be very helpful. Thanks in advance!
For anyone that may come across this, here is the solution I found.
You will need to enable the People API in your GCP console. Then create an API key for it.
Get the 'x-goog-authenticated-user-id' header and strip the 'accounts.google.com:' portion of it to just leave the id.
Pass that id and your api key to a GET request, like so:
https://content-people.googleapis.com/v1/people/${userId}?personFields=photos&key=${apiKey}
Hope this helps someone else, too!
Related
So here is what i am trying to do :
I built a bot with api.ai for my business that is hosted on my webpage and my Facebook page right now. Bot works well.
I want to push it to the next step by allowing my customers to make querys on my calendar, ask to book a specific time, see if available, if not offer other time similar, then make a booking.
I have been reading this thread and the great answer attached to it but i think my case is a bit different.
I was wondering if the bot could always have a token so every guests won't have to Auth to query the calendar ?
Obviously i am new to this, i have been reading the guide of google calendar api and api.ai but i don't really see how to do that yet. I guess there is a way to store a token somewhere and then just trigger the query with some specific intents but not to sure how.
I have also done the node.js quickstart guide of the G-calendar api, and it works fine if that helps.
Thanks for your help !
You will probably want to use a Service Account that is permitted to the calendar in question. Service Accounts are similar to regular accounts, but they are expected to do server-to-server communication only, so the method to create an auth token is a little different to keep it secure.
See https://developers.google.com/identity/protocols/OAuth2ServiceAccount for more information about using Service Accounts.
In general, you'll be using a shared secret to create and sign a JSON Web Token (JWT) you send to Google's servers. You'll get back an access token which you'll then use to call the Calendar API. The access token expires in about an hour, at which point you'll need to repeat the process.
There are libraries available to do much of this for you. For example, if you're using the node.js library https://github.com/google/google-api-nodejs-client, then it will take care of this for you (although you need to modify the key file - see the documentation for details).
I want to run a node script as a cronjob which uses Gmail's API to poll a gmail account I own.
I am following these quickstart instructions:
I'm stuck on the first step. When requesting credentials for a cron script it tells me that "User data cannot be accessed from a platform without a UI because it requires user interaction for sign-in":
The docs are confusing in general, and mention "service accounts," "OAuth," and other things -- I cannot tell which apply to my use-case and which don't. I've used many SaaS APIs, and the typical workflow is to login to your account, get an API key and secret, and use those in your script to access the API. It seems this is not the paradigm used by the Gmail API, so I'd appreciate any guidance or links to clearer instructions.
I also find that the documentation can be confusing at times, but what you want to to is actually pretty straight forward once you get it:
Register your App at Google, and say what APIs you want your App to have access to (only the Gmail API in this case). This will give you two strings, a client_id and a client_secret (which is the content of the client_secrets.json-file above).
Since you are just going to write a script for your own account only, you don't need a http-server. The Oauth Playground will suffice. Press the Settings Cog on the top right and use your own OAuth credentials.
Select the Gmail API in the list of APIs and follow the outlined steps.
Now you have an access_token and a refresh_token you can use to keep your script going indefinitely!
To fully understand the use of Gmail API, going through Gmail API Overview really will make a difference.
And you can also use these documentations to start building a Gmail app:
The client libraries are available for download in several languages and simplify making API requests.
The developer guide topics help you better understand how to implement particular use cases.
The API reference gives you details on every resource and method in the Gmail API.
I hope these help.
I want to retrieve a list of recent photos with a given tag to display on a website in a very simple gallery.
For that, the doc says I need an access token. However, it seems that the only way to authenticate against Instagram is through OAuth; which involves sending the user to instagram and allowing my application access to their basic data. However, I don't want my users to do anything; I'd like my application to authenticate against Instagram for me and then retrieve the data I want.
Sounds simple, but all online documentation seems to end up in "Redirect your user to...". And I find no sensible ways to do this programatically; it's all about sending users away, letting them authenticate, and then receiving the access token afterwards. I could of course scrape the HTML, parse the forms (for example, the unique-per-session csrfmiddlewaretoken field which needs to be posted along with login requests etc) and let my server side application pretend to be my own user and login/authorize the app, but that doesn't seem like the way to go.
I could also just authenticate manually in the browser, pick up the auth token and paste into my application; but as the doc says: "do not assume your access_token is valid forever." - so I'd like this to be fully automated.
If I try to create a WebClient and POST to https://www.instagram.com/oauth/authorize/?client_id={clientId}&redirect_uri={redirectUri}&response_type=code&scope=basic it just returns a 403 Forbidden which is of no use. (For what it's worth, I'm using C# and have found instasharp, but this problem is not tied to any given platform...)
Am I completely overlooking something, or am I right that server side authentication against Instagram has become really complicated? Most other social media platform API's I've touched lets me get some form of authentication token just by posting a combination of the application id and secret.
I am making my research for an upcoming project:
It is going to be a website you can login via your Instagram account - I need access to the user's name, profile picture and to the people he/she is following.
Is Instagram allowing a website/project to access this information?
Just in case this is a super easy question: I am not a developer and it is very hard for me to work through the Instagram developer website - I highly appreciate any help!!
Thank you very much!
Mathew
You will first need to implement the authentication part, and receive an access_token for the user. In fact you will receive user's id, username, and profile photo along with the access_token.
That was the hardest part. Then you may use the access_token to make some API calls to get information such as follows and followed-by.
You can access Name, profile photo and followers using Instagram APIs.
Here are the 2 APIs you will need:
http://instagram.com/developer/endpoints/users/#get_users
https://api.instagram.com/v1/users/1574083/?access_token=ACCESS-TOKEN
http://instagram.com/developer/endpoints/relationships/#get_users_follows
https://api.instagram.com/v1/users/3/follows?access_token=ACCESS-TOKEN
I want to know how stackoverflow.com enables login via my Gmail Account.
Is there any arrangment between the two companies? Or its just an api ?
Does Gmail send information to Stack Overflow?
Where can I find the API?
This is called Open ID based authentication this is a very nice presentation which explain Why and How it works
When you go to some site like stackoverflow it gives you option to login via Yahoo or Gmail or any other Open ID provider.
Let's say you choose Yahoo. StackOverflow will then ask Yahoo to authenticate you using your ID + password and give stackoverflow result whether you were successful or not. If you are successful, stackoverflow now know you are authentic user and it will log you in. In this way stackoverflow can avoid storing user ids and password for every member and you can avoid need of creating another ID just for stackoverflow
Its called OpenID, google just implements the protocol.
As you can see via the login page, SO have used G apis with several other vendor API's along with OpenID as TJ mentioned. So upon logging in, the G API redirects back to the SO with the login information stuffs.
Even making use of the same API's, you could have your website do the same.