Is there an API to manage Google developers console projects and creating credentials, f. e. creating/managing an OAuth consent screen?
I only know that Google Cloud Resource Manager API allows to create projects.
Related
Context
I have a white label application with multiples partners and each partner can create multiples "web apps". Each web app has your own "auth database". Ex: A partner created a web app A and a web app B. If his user creates an account in web app A, he can't login into web app B, just in web app A.
How I will do that
I am using firebase authentication. And I will do that using multi-tenancy (https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart). Each partner will have a firebase project associated with his account and each web app will be associated with a a sub-project (tenant). Each tenant will need to setup many social login providers, like facebook and google.
The Problem
I can setup the social provider via console. But I can't find how can I do that programatically using API. I just found how can I setup social providers via api without using tenant (https://firebase.google.com/docs/projects/provisioning/configure-oauth)
It is possible to setup social providers with multi-tenancy programatically using API?
I believe one way would be using the Identity Platform API:
https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants.defaultSupportedIdpConfigs/create
You just find the parameters for the Supported IDP you're adding.
The list of supported IDPs you can find here:
https://cloud.google.com/identity-platform/docs/reference/rest/v2/defaultSupportedIdps/list
I would like to create an application where I can access ONLY my own Google Drive files for programmatic operations that I perform on my own managed spreadsheets. However, on 2020 January 1st, restricted scopes are going to require verification from Google in order to use the Google Drive API fully.
How can I use restricted scopes for accessing ONLY my personal Gmail account after January 1st?
According to the OAuth API:
When can I skip submitting my app for a review?
You do not need to submit your app for review if it's going to be used in any of the following scenarios:
• The app is not shared with anyone else.
• The app is used to send emails through WordPress, or similar single account SMTP plug-ins.
• The owner and users of your apps belong to the same G Suite domain or customer. Learn more about public and internal applications. If you aren't an Apps Script developer, learn how to mark your app as internal in the FAQ How can I mark my app as internal-only?
• The app is domain installed or whitelisted by a G Suite domain administrator. If your app is intended for G Suite users, access might depend on domain administrator permission. Obtaining a verification will likely make it easier for administrators to grant access.
• The app is in development mode and not ready to be public. Note that the app will be subject to the OAuth user quota.
• The app is trying to access data from users' Google Cloud Platform project. For instructions on using a service account, see Using OAuth 2.0 for Server to Server Applications.
How can I mark my app as not being sharable with anyone else?
Google updated their FAQ, and it much more clearly delineates what is required in order to keep using Google Drive with restricted scopes:
You do not need to submit your app for review if it's going to be used in any of the following scenarios:
Personal Use: The app is not shared with anyone else or will be used by fewer than 100 users. Hence, you can continue using the app by bypassing the unverified app warning during sign-in.
SMTP/IMAP/WP: The app is used to send emails through WordPress, or similar single account SMTP plug-ins.
Internal Use: An app is internal when the people in your domains only use it internally. Learn more about public and internal applications. Learn how to mark your app as internal in the FAQ How can I mark my app as internal-only?
Domain-Wide Install: If your app is intended for only G Suite enterprise users, access will depend on permission being granted by the domain administrator. G Suite domain administrators are the only ones that can whitelist the app for use within their domains. To learn how to make your app Domain-Wide Install, see My application has users with enterprise accounts from another G Suite Domain. How does this apply to my G Suite or Cloud Identity enterprise accounts?
Development/Testing/Staging: If your app is in development/testing/staging mode and not ready to be publicly accessible, then you do not need to submit your app for verification. Note that your app will be subject to the unverified app screen and the 100-user cap will be in effect when an app is in development/testing/staging.
Service Accounts: When your app is trying to access data from users' Google Cloud Platform project and can run API requests on its behalf. To understand what service accounts are, see Service accounts.
For instructions on using a service account, see Using OAuth 2.0 for Server to Server Applications.
I am excited about the latest global (Google, Microsoft, Facebook, etc...) Authentication options in Azure Web Apps. I am posting a Web API app. However does anyone know how to program the login and get a token from a Windows 10 UWP app? I am first interested in using Microsoft Account Authentication.
Glad to see the excitement! Some documentation links below.
How to configure Microsoft Account authentication (using the management portal).
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-microsoft-authentication/
Here is some documentation showing how to set up a Windows Store application on Azure App Service. This example uses Facebook, but you should be able to make some very simple changes to enable Microsoft Account authentication.
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-windows-store-dotnet-get-started-users/
Does this help you get started?
I'm creating a Node app that uses OAuth2 to login a user and use the Office365 API to send and receive email, and possibly contacts and calendar events.
I have no need for Azure Active Directory that I know of. However, I am unsure of whether or not I need to register the app with Azure for the OAuth flow.
At first I followed this tutorial, which involves registering the app in the "Application Registration Portal." The OAuth token I receive currently works with the REST API for Outlook. No Azure.
Then I saw this tutorial, which seems to suggest that any app using the Office365 APIs should register an app with Azure. I don't want to do this if I don't have to, mainly because of the cost.
It is not clear to me why I need to sign up for one or the other, and my main concern is that the first tutorial is dated to the point that my app's registration with the "Application Registration Portal" will become deprecated and I will need to switch over to registration with Azure at some point. I have seen plenty of outdated tutorials and information from MS that are not clearly marked as deprecated. Can anyone help clear this up?
Sorry for the confusion. The short answer is that both these methods are still relevant, so none of them are deprecated yet.
Firstly, you're right that you need to register your app to call the Office 365 APIs.
And, you're also right that there are currently two different places to register an app: the App Registration Portal and the Active Directory section under the Azure Management Portal.
Registering on either one of these is enough to get you to a comfortable state where you can call the Office 365 APIs.
However, the convergence of the Outlook.com stack with the Exchange stack means that you are now also able to use the Office 365 Mail, Calendar and Contacts API against consumer Outlook.com accounts in addition to Office 365 accounts. If you wish to take advantage of this, you should register your app in the Application Registration Portal and NOT the Azure Management Portal.
Another advantage of registering through the Application Registration Portal is the support of dynamic permissions scopes. You don't have to specify upfront when you register your app what permissions it requires; rather, you can request permissions at runtime using the scopes parameter.
This new v2 app model for apps registered in the Application Registration Portal is currently in preview. A reason not to register apps in the Application Registration Portal is if they will be using more than just the Mail, Calendar and Contacts APIs. e.g. if your app is also using the OneDrive for Business Files API, you wouldn't be able to request tokens using the v2 app model's endpoint. In that case, you should register your app in the Active Directory section under the Azure Management Portal.
I'm writing an in-house app and we're using some of the Google API's in Express/node.
Since I'm only going to use one google account (an email I made just for this purpose), what's the best authentication configuration to use?
It's a service account.
From the Google Developer Console create a service account for your app, the use the API key generated in your app.