Google Apps API : List all apps for a user - google-chrome-extension

We are using Google Apps for Business in my company and we would like to get a complete list of apps installed and accessible to an user.
I've found 4 differents types of Apps :
Marketplace Apps installed on the Domain by an Admin
Marketplace Apps granted by the user
Chrome Extensions globally deployed by an Admin
Chrome Extensions installed by the user
Am I missing something ?
From now, I've only found how to retrieve the point 2 with the https://developers.google.com/admin-sdk/directory/v1/reference/tokens/list API.
I can't found any other API to retrieve the others Apps.
Thanks for your help.

That's correct, the Admin SDK currently only provides the ability to list OAuth tokens that users in the domain have authorized on their own. Domain-wide installed applications and applications that don't require authorization (like Chrome extensions) aren't discoverable programmatically.

Related

How can I access only my files via the Google Drive API?

I would like to create an application where I can access ONLY my own Google Drive files for programmatic operations that I perform on my own managed spreadsheets. However, on 2020 January 1st, restricted scopes are going to require verification from Google in order to use the Google Drive API fully.
How can I use restricted scopes for accessing ONLY my personal Gmail account after January 1st?
According to the OAuth API:
When can I skip submitting my app for a review?
You do not need to submit your app for review if it's going to be used in any of the following scenarios:
• The app is not shared with anyone else.
• The app is used to send emails through WordPress, or similar single account SMTP plug-ins.
• The owner and users of your apps belong to the same G Suite domain or customer. Learn more about public and internal applications. If you aren't an Apps Script developer, learn how to mark your app as internal in the FAQ How can I mark my app as internal-only?
• The app is domain installed or whitelisted by a G Suite domain administrator. If your app is intended for G Suite users, access might depend on domain administrator permission. Obtaining a verification will likely make it easier for administrators to grant access.
• The app is in development mode and not ready to be public. Note that the app will be subject to the OAuth user quota.
• The app is trying to access data from users' Google Cloud Platform project. For instructions on using a service account, see Using OAuth 2.0 for Server to Server Applications.
How can I mark my app as not being sharable with anyone else?
Google updated their FAQ, and it much more clearly delineates what is required in order to keep using Google Drive with restricted scopes:
You do not need to submit your app for review if it's going to be used in any of the following scenarios:
Personal Use: The app is not shared with anyone else or will be used by fewer than 100 users. Hence, you can continue using the app by bypassing the unverified app warning during sign-in.
SMTP/IMAP/WP: The app is used to send emails through WordPress, or similar single account SMTP plug-ins.
Internal Use: An app is internal when the people in your domains only use it internally. Learn more about public and internal applications. Learn how to mark your app as internal in the FAQ How can I mark my app as internal-only?
Domain-Wide Install: If your app is intended for only G Suite enterprise users, access will depend on permission being granted by the domain administrator. G Suite domain administrators are the only ones that can whitelist the app for use within their domains. To learn how to make your app Domain-Wide Install, see My application has users with enterprise accounts from another G Suite Domain. How does this apply to my G Suite or Cloud Identity enterprise accounts?
Development/Testing/Staging: If your app is in development/testing/staging mode and not ready to be publicly accessible, then you do not need to submit your app for verification. Note that your app will be subject to the unverified app screen and the 100-user cap will be in effect when an app is in development/testing/staging.
Service Accounts: When your app is trying to access data from users' Google Cloud Platform project and can run API requests on its behalf. To understand what service accounts are, see Service accounts.
For instructions on using a service account, see Using OAuth 2.0 for Server to Server Applications.

Support ADFS on desktop and mobile app

We need to build a desktop (using angular4) and a mobile application (using react-native) that supports single sign on for our clients who are using ADFS in their organisations. We are looking forward to implement outh2 authentication on desktop and mobile app.
Can someone please guide how can we implement it. Should the app(s) be registered at azure-portal or apps.dev.microsoft.com? Do we need a backend API, what would this backend api do?
Thanks.
You need to register your app on azure.portal if you want to support sign in with Active Directory organizational or work accounts, which I believe is your case.
The apps.dev.microsoft.com portal is for registering apps that want to support sign in with both AD work accounts and Microsoft personal accounts.
You can read this article to get an idea of the different application types and platforms that are supported.

Build Xamarin Forms PCL app with Azure Mobile App Service .NET backend integrating to SharePoint

I am trying to build a cross platform (Android, iOS, Windows) mobile application using Xamarin Forms PCL project library. My requirements are simple yet involves a lot of services which I find to tie together.
Here is the mix of services that I want to use
Xamarin Forms
Azure AD to Authenticate against (Office 365 tenant)
Mobile Services Client with offline sync capablity
Azure Mobile AppService .NET backend
SharePoint Online to perform CRUD operations on List on behalf of the user
I want to look at some samples or reference implementation with this combination.
I have been struggling with this combination, in fact I got AD Auth to work with Xamarin forms PCL using some pre-release version of ADAL NuGet package, the latest stable version does not work. Similarly I also for the App directly communicate with SharePoint REST APIs but now that the Auth is broken I am not able to proceed.
Then I thought of using Azure Mobile App .NET Backend, now I got Auth working there but when a call is made to the mobile backend I am not able to access SharePoint list (CSOM) since the Auth is only to access the backend service, unable to impersonate as the user to access SP. I guess I need to use AppAuth but that too not working.
I realise that instead of focusing on my actual problem of building the App I am not exploring different ways to get the AD Auth and SharePoint Access working. Can anyone point to any reference to help me out here.
I suspect you have a problem in your AAD setup. I assume you're using ADAL to do client-directed login on your Xamarin forms client. If so, then what you need to do is set up 2 Active Directory apps, one for the native client, and one for the web backend.
Here's a sample that's for mobile services that shows a similar setup, but for Dynamics CRM: Mobile Services Dynamics Connector Setup
The main point is that you need to set up your client app registration with the following permissions. Assuming your backend registration is MobileBackend:
Client app permissions:
Azure Active Directory: Enable sign-on and read users' profiles
MobileBackend: Access MobileBackend
MobileBackend will have the following permissions:
Azure Active Directory: Enable sign-on and read users' profiles
Sharepoint: The sharepoint permissions you need
Once you've done all this, use this article for Xamarin authentication: Authenticate users with the Active Directory Authentication Library.

UWP Azure Web Apps Auth

I am excited about the latest global (Google, Microsoft, Facebook, etc...) Authentication options in Azure Web Apps. I am posting a Web API app. However does anyone know how to program the login and get a token from a Windows 10 UWP app? I am first interested in using Microsoft Account Authentication.
Glad to see the excitement! Some documentation links below.
How to configure Microsoft Account authentication (using the management portal).
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-microsoft-authentication/
Here is some documentation showing how to set up a Windows Store application on Azure App Service. This example uses Facebook, but you should be able to make some very simple changes to enable Microsoft Account authentication.
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-windows-store-dotnet-get-started-users/
Does this help you get started?

Domain-wide installation of a Chrome Extension with OAuth2 authorizations for Google APIs

I'm developing a Chrome extension, addressed to GMail users only, which needs access to some Google APIs. I use OAuth2 for authentication and authorization.
Wanting to help Google Apps domain administrators deliver the product to all users in their domain with minimal work, I have registered a project in the Google Developers Console and published it (privately, as yet) to the Google Apps Marketplace.
The extension itself is already published in the Chrome Web Store.
With this, domain administrators can, from their Admin Console:
(a) Go to "Apps > Marketplace apps" and add our app for all users in the domain.
or
(b) Go to "Apps > Device Management > Chrome Management > User Settings" and add our extension to the "Forced-installed Apps and Extensions".
If they do (a), users who install the Chrome Extension get "one-click single-sign-on": once they authenticate to our app, they won't need to approve any permissions.
If they do (b), users get our Chrome Extension automagically installed in their Chrome browser, but they still need to approve permissions after their first authentication.
If administrators do both (a) and (b), users get the same result as if they did only (b) -- that is: users still need to approve permissions.
Is it possible to get both? That is: have the extension force-installed and the authorizations granted by the administrator?
How?
Unfortunately the Google Apps Marketplace only supports hosted applications, not extensions or packaged apps. I don't think it would be possible to accomplish what you want, at least not without two different installations.

Resources