I am using the Google API Playground to auth my PWA and get tokens to upload files to google drive from the PWA.
I'm using the Google Drive API, but the refresh token that I got from the Playground is expiring after one week. This causes us to go through the whole process from playground again.
I don't have this problem with other APIs, such as Dropbox, where the app refresh tokens aren't expiring and can be used to generate a new access token.
I am looking for help in:
Authorizing my PWA and get code in php using curl
Get a refresh token through my PWA without a consent screen
Lets take this step by step
I'm using the Google Drive API, but the refresh token that I got from the Playground is expiring after one week.
I am going to assume that you are using your own client id and client secret within Playground.
If this is the case then the reason it is expiring after a week is that your app is still in the testing phase. To fix that you can go to google cloud console under the oauth2 consent screen and switch your app to prodctuion.
Request a new refresh token and it should not expire.
If you are not using your own client id then the reason its expiring is that developer console is not intended for production use its just for testing. Stop using it in that manner.
Get a refresh token through my PWA without a consent screen
If you only connecting to a single google drive account then you should consider using a service account. A service account is intended for server to server authorization its pre authorized. You can share a folder with a service account and the service account will have access to that folder without requesting a user grant consent. It will just work.
Related
I am creating an application which aims at automatically creating Spotify Playlists in a central Spotify account (not the account of the end users).
I have set up this account and created the developer app for the secret and the client_id.
On the backend side, I am using PHP to authorize this central user, and it is working as long as I am logged in myself with that account.
Users that visit my website should be able to create playlists via that interface through the Spotify Web API without the need to authorize their account nor being logged in at all.
If I'm trying to open the same page on a separate device (without having any account logged in), it just gives me the following error:
User not registered in the Developer Dashboard
Is it somehow possible to perform this authorization process only on the backend side without the need for the user to authorize it?
Eventually, I want to send the playlist URL created in the central Spotify Account to the user who can open it in their own app or share with others, if they want to.
I try to avoid that multiple users must authorize for my app, since I don't need to access personal information from their account, anyways.
I used the 3-step process for authorization as described in this Stackoverflow Post: Spotify oauth2 with PHP curl. How to get authorization code?
If necessary, I will provide more information.
Do you have any idea, how I can implement this authorization process for the single account on the backend side, without the user even showing any authorization process of the Spotify Web API at all?
EDIT1: I am not trying to login on the behalf of my users, just automatically for my own account without the interactive login with Spotify. Is that even possible?
I received valuable feedback from the Spotify Developer Community that helped me finding a solution to the problem.
When you let the central Spotify account login to your app, you'll [get] an access_token (that will expire in 1 hour) and a refresh_token.
When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the access_token.
A new access_token will be returned.
A new refresh_token might be returned too. (I don't think that's even needed)
You can read more about it here.
I am working on the GMB API, facing some issues. I have implemented Google Oauth at frond-end and saving user listing in my DB. Now I want to run cron job in which I want to get those user`s listing insights. So issues are here
1: I can't find GMB API samples or doc regarding GMB stuff(I have read all google-api-php-client doc).
Here are GMB samples but it doest have PHP samples.
https://github.com/google/google-my-business-samples
2: Second thing is that I don't want to open consent(Google Account Selector Popup) to get the user's permission because its a backend process. So what type of process should I follow a) Oauth OR b)Service Account.
If I use the Oauth process then I have to save access_token in the database when the user first time gives permission at the front end of the website and uses that token as refresh token to get the new access token in PHP and call GMB APIs.
But the issue is that we have already registered 500+ users, so how I will get their access token because they are already done with google permissions.
I didn`t try yet with a service account.
I am using Laravel 5.7 version.
Current Working Flow
I have a web app (developed in wordpress)
I am using google-drive-sdk to upload dynamically generated pdf file to a GMail account.
The GMail account has been configured in the web app giving the
secret key ....
The web app first makes the authentication ===>i.e The GDrive Account is authenticated for the first time by the GMail owner (In Google Permission window the button Allow Access is clicked)
It works fine thereafter when called from the web app - the pdf file dynamically generated gets into the configured GDrive
The Problem
PDF files gets uploaded to the GDrive only for some time.
After sometime it doesn't upload the files to GDrive.
I then tried creating a new token - It again starts uploading files but stops after some time.
This happens only in Staging server.
In my local development system it keeps working fine - uploading the file to GDrive whenever the app is executed.
The difference between both the environment is the GMail Account is different.
If you have any idea on the cause of issue or any pointers would really be helpful for me.
Your application must use OAuth 2.0 to authorize requests. All requests to the Drive API must be authorized by an authenticated user.
The details of the authorization process, or "flow," for OAuth 2.0 vary somewhat depending on what kind of application you're writing. The following general process applies to all application types:
When you create your application, you register it using the Google API Console. Google then provides information you'll need later, such as a client ID and a client secret.
Activate the Drive API in the Google API Console. (If the API isn't listed in the API Console, then skip this step.)
When your application needs access to user data, it asks Google for a particular scope of access.
Google displays a consent screen to the user, asking them to authorize your application to request some of their data.
If the user approves, then Google gives your application a short-lived access token.
Your application requests user data, attaching the access token to the request.
If Google determines that your request and the token are valid, it returns the requested data.
Some flows include additional steps, such as using refresh tokens to acquire new access tokens. For detailed information about flows for various types of applications, see Google's OAuth 2.0 documentation.
Previously I had a working php script that uses the Zend_Gdata_ClientLogin Object to authenticate and make requests on my behalf to delete videos from my YouTube channel. Apparently, this has been deprecated because I get an error and read this: zend gdata and google spreadsheet not connecting
And I get an error which says no longer available. So I've been researching how to use YouTube API v3. Initially I created a service account via the Google developer console.
However I found this
YouTube API v3 with OAuth2: update and delete fail with "Insufficient Permission" error
Which states:
For the uninitiated, the YouTube Data API (v3) does not support
"service accounts,"
And I need to manually obtain a refresh token, to make requests?
Is this still the case? Surely, there must be an easier way to make authenticated requests to the YouTube API where the only client is my server?
If this is still true, how long will the refresh token work? Is this the best practice?
You can check out the documentation to see the most up to date way to request the access token. When the access token expires, your application can refresh it by sending a POST request to Google's authorization server using the refresh token. You only need to get this refresh token once in order to refresh your access token, not every time you want to make authenticated requests, if that's what you were thinking.
The refresh token should be valid unless:
The user has revoked access.
The token has not been used for six months.
The user account has exceeded a certain number of token requests.
There is currently a 25-token limit per Google user account, so if your application requests too many refresh tokens, it may run into this limit and older refresh tokens will stop working.
I can't speak as to whether this is the best way of doing it, but I assume the developers chose this way for a reason.
I'm using OAuth 2.0 Google API for google calendar service authentication. Each time when a users logs in the application, it prompts for Allow access even if the user has already allowed access on previous visits to the application.
How can I code it so that it remember the application and user for allowed access by users in past and so do not prompt for "Allow access" again for that same application.
I assume you are using Google PHP API. Setting client object to use auto for approval promt does the trick for me.
$client = new apiClient();
$client->setApprovalPrompt('auto');
When making the OAuth request make sure your "access_type" request:
"access_type" : "offline"
This means the user gives you offline access, and you can continue to make requests with their account.
Using offline also means you'll receive a "refresh_token". Once your access has expired, your application can automatically trade in the "refresh_token" for continued access, without the client having to "allow" again.
$client->revokeToken($accessToken);
If you are using this line somewhere then removing it might help.
Basically what I've figured out is that if the access token is revoked prior to it's expiration, google takes it as an act to reset the permissions as well.
I might be wrong, but I've have not come across a better conclusion yet.