I'm working on a GMail gagdget and am trying to access the current users ComanyName / Apps-Account-DomainName / ID. It has to be some ID thats unique for all users belonging to the same Google Apps Domain, for I like to display different content to different users beeing in the same Domain / Company.
Do you know if and how this is possible?
As far as I understand it, GMail sidebar gadgets are not able to access any of the current users data. They are just displayed within gmail, but don't interagate with it.
Unless you use OAuth to authenticate the user.
This for example shows how to get the users contacts:
http://gadget-doc-examples.googlecode.com/svn/trunk/opensocial-gadgets/oauth-contacts.xml
Observing the code you will see, that it uses a feed to access this data:
http://www.google.com/m8/feeds/contacts/default/base?alt=json
So maybe my question is: "Which feed do I have to access to get the Google Apps domain of the user?" Otherwise: Is it possible at all?
This piece of code solved my problem:
var domain = gadgets.util.getUrlParameters()['parent'].match(/.+\/a\/(.+)\/html/)[1];
Got the answer over here:
http://www.google.com/support/forum/p/apps-apis/thread?tid=3d0d1c7033431d79&hl=en
Related
Is it easy for people to find "public" google sheets/docs?
Context: Storing some semi-sensitive data (individual user info, of non-sensitive nature) for an app beta-test in google sheets. Planning to migrate to some DB in the future, but for now, just using JavaScript to pull the data directly from the google sheets (since there are visualizations being dynamically updated by the sheets).
Yes, it's easy to get information. Search engines may index and cache the information. Then, there are bots, crawlers and scrapers. Do NOT put (semi)sensitive information in public. Implement google-oauth properly with google-sheets-api to get information. You can also use service-accounts
Yes, it can be easily accessed.
According to the official Google article Share files from Google Drive: when you set your file's General Access setting to public:
Anyone can search on Google and get access to your file, without signing in to their Google account.
What you can do:
In the case of your app beta-test in google sheets data, you may want to reconsider to change your file's General Access setting to one of the following (in descending order of security):
Restricted - Only people that you manually give access to can view or edit your files. When you click the share button, a prompt will show and you may manually add the users who can view or edit your files:
Afterwards, you may select a role for those users and then they can be notified afterwards through email.
On the other hand, you can share the link to others. A prompt will show like the one below if you send the url through Google Chat:
You may opt to select Don't give access which will result in the following view on the other user's end:
This would mean that if unauthorized users get hold of the file URL, they will still need to send an access request. If other users submit the request, an email notification will be sent to your mail inbox. Other users who also own the file will also be notified by mail.
Your Organization - If you use a Google Account through work or school, anyone signed in to an account in your organization can open the file. If you are an administrator in a work or school workspace, you may set how members can share content within the organization. The administrator can prevent the sharing of content with group members outside your organization. If external sharing is prohibited, only group members who are in your organization can access the group's shared content.
Anyone with the link - Anyone who has the link can use your file, without signing in to their Google Account. This option is least recommended because if the URL is leaked to unauthorized users, they can easily access the file.
References:
Share files from Google Drive
Share content with a group
Don’t make it public unless you want the public to see it. Use oauth to access.
i am building a website where you can get services for your Instagram account, i want to create a Search box that when you put your user name (e.g. "#John") it returns your profile picture and asks you if that is the correct profile (without logging in to your Instagram account),
I've found a website that made that possible already, does any one know how?!
the website - https://app.get-notch.com/acquisition/instagram-username
thank you in advance!
You should check out this resource that allows you to do that. See an implementation of it here and test it here.
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
My team and I are currently exploring different methods of collecting email addresses from our website visitors.
We want to do something cooler than a contact forms, and we really like the way quicksprout.com handles this and would like to do the same.
Where would I start to implement collecting email addresses through a couple clicks of a mouse via connecting our visitors through google plus api from our homepage? Is this possible to implement through a regular http static html site?
NO A server is needed in order to collect email addresses. At least in order to add them to a database. This can not be done using just a static html site.
Now, since a server will be needed, you can just access the emails like link (This also avoids a hassle with Same Origin Policy)
For example: Let the user login via google oauth, save the user related email in your database. fine
(if the user has saved its login data in its browser or is already logged into its google account in the used browser, this would be a mouse click only solution.)
I'm using Google Apps for Business.
Currently I have two separate domains.
abc.com and xyz.com
Customer enquiries flow into each website separately. However, the staff who respond to enquiries are responsible for both websites.
For convenience,I have embedded each enquiry group inside my intranet.
I have two tabs, one for support#abc.com and another for support #xyz.com
However, only one group is viewable at a time, depending on whether my staff are logged in as staff#abc.com or staff#xyz.com
Ideally, I would like to change the current login session depending on which tab is clicked.
Basically, I want to be able to login to Google Apps without entering user/pass.
Is this possible?
Its not possible unless you save the password in the browser.
Really easy if you create two separate chrome users and log into chrome in both.
Voila.
So yes, this is not possible. I have solved the issue by creating a third domain and routing all enquiries through there. This way our staff members only need to be logged into a single account. Not what I was hoping for, but it certainly does the job.