I receive confirmation from users in my gmail account. I want to read them with a server side php script to display confirmation on my website. I got OAuth 2.0 client IDs and a service key from Google APis. How do I use these keys with the specific gmail account to get the emails? I cannot find any simple documentation.
You can not use a service account to access a normal users Gmail account. This is because there is no way to preauthorize it.
What you need to do is have the users authenticate your application using Oauth2 and get a refresh token for each user. Then you will be able to use the refresh token in your server sided script to request a new access token which you can use to read there gmails. The Google PHP client library team has created some examples for using their library which might help you. Google-api-php-client
Side note: If the users you are speaking of are part of a Google domains account then you can do it by giving service account permissions to access the users emails.
Related
I have to use my google account for gmail and drive services.
For drive services now i am using an service account but i cant find any possibility for send emails by service account.
Can i login to my account by google api php only using code?
I have registered in db my token && refresh_token, in any moment i could use it.
Gmail api does support service accounts, the only issue is that it only works with google workspace gmail accounts, you need to set up domain wide delegation on a workspace account to allow the service account to delignate as a user on the domain.
If you are only accessing your own account you can use Oauth2 and just store the refresh token, your app can just continue to use that to request a new access token whenever it needs.
Another option would be to go though the Gmail smtp server instead, using an apps password.
Can not access the AdSense API no matter what I try. I have tried both service account and OAuth authentications.
What I am trying to accomplish:
Creating a bot that will grab the Adsense revenue earned and store it in an in-house database for tracking revenue over time. I do not want to have authentication issues, I want a server-to-server configuration.
What I do know is you can have access tokens and refresh tokens under OAuth. I've yet to be able to make them work under any available APIs with Adsense. Note: I have built an API to work with AdWords no problem.
Errors: (Between the types of authentication, I can not pass these)
"Account Not Found"
"Client is unauthorized to retrieve access tokens using this method."
What I have done so far:
The Adsense Management API is enabled.
Credentials Created: Service Account
Credentials Created: oAuth 2.0 Client ID
The GSuite account has access to APIs (includes "enabled api access" and "managed API client access")
Libraries (trying) to use:
https://developers.google.com/api-client-library/php/
https://github.com/google/google-api-php-client
https://github.com/google/google-api-php-client-services
(outdated) https://github.com/googleads/googleads-adsense-examples
Example code: (using the service account)
$client = new \Google_Client();
$client->setAuthConfig(WRITEPATH . 'auth/adsense-client.json');
$client->setIncludeGrantedScopes(true);
$client->addScope('https://www.googleapis.com/auth/adsense');
$client->setSubject('email#example.com');
// trying to fire the services
$service = new \Google_Service_AdSense($client);
$report = $service->accounts_reports->generate('clientId', $startDate, $endDate, $optParams);
This script fires the "Client is unauthorized to retrieve access tokens using this method." error message. However, the email address being used is able to access the adsense account, the APIs are enabled and configured on the admin domain level.
Is there an easier way? is there anyone who can lead me in the right direction?
Service account
I am not all that sure that Service accounts work with adsence. You can try by going to the adsence website and under manageUsers add the service account email address. The issue here is its going to sit there at pending i think because the service account needs to confirm that it has been added. There is no way to do that.
Admin domain level
If you are trying to add domain wide delegation to this i wouldn't bother with that either as far as i can see its not supported either.
Client is unauthorized to retrieve access tokens using this method.
As for that error i may be able to help. It means that you have taken the credentials file you downloaded for a service account and are trying to use it with the code for Oauth2. or visa versa. Download the credentials file again and try again.
I have some sample code that may help here
I want to read emails of a #gmail.com email account. I've gone through the guides and code samples and I keep getting the Client is unauthorized to retrieve access tokens using this method error message. I can access the data using the OAuth2 3 legged method.
I also have a G-Suite admin and G-Suite organisation domain and emails. With these emails, the code works and I can retrieve the emails.
So, why can't I make it run for my personal gmail account (Non G-Suite)? Do I have to somehow authorize this service account in my gmail account? I haven't seen anything about it.
Please advise!
Thanks.
The short answer : No, you can not use service account with a classic gmail account. Use OauthID instead.
The fact that you were talking about service account made me think about a misunderstanding of the differences between managed account and gmail account, concerning the APIs.
Indeed, with a domain managed google account, you have the possibility to use a service account. You will create a project, an ID, and you will allow a Domain wide Delegation (DwD) for this service account, to your domain, with no restrictions except the Apis it will be able to use.
In the case of a gmail account, this is far different, as you can not have a DwD on gmail.com (or maybe you are CIA ..)
The best option here, is to use an Oauth ID. It's an authentication that depends on the consent of the concerned user.
You can read about this here
The approach is lightly different but the result will be the same, as the user can give a consent ad vitam aeternam.
Do I have to somehow authorize this service account in my gmail account?
Yes. Based from this documentation, if your application runs in a Google Apps domain and accesses user data, the service account that you created needs to be granted access to the user data that you want to access. Please follow through the given documentation for the steps that must be performed by an administrator of the Google Apps domain.
You have encountered Client is unauthorized to retrieve access tokens using this method error because the service account needs to be authorized or it can't access the emails for the domain. See this link.
I need to download Gmail emails using php api. there APIs for google. i do not exactly which api to use. i have web application. i have registered my application on google, oauth2.0. at this url Google Api console. i have downloaded this php API
I which there are many services. but not gmail. I do not want to use accessing emails using username and password API. i want to access using the token. which is permanent access token.
Google support OAuth authentication for IMAP. Use that.
I'm writing an iPhone app which works against my own server.
Basically, it's a forum where users can post. I don't want users to sign-in for an account on my server but I rather prefer them to login using any existing account they have: Facebook, Linkedin, Foursquare, etc.
So from the app itself, I want them to be able to login using their existing account which will then allow them to post on the forum.
My question is that: when a user is posting a message, how can I verify whether or not he is logged in with any service? I need to validate it both on the client and server side. I plan on writing the server side using PHP.
Thanks
See this question for a similar discussion (just limited to Facebook sign on). Here's a high-level overview of what should happen (taken from that discussion I linked to):
User opens the app on the phone. Chooses a service with which to authenticate.
Authenticates via one the available services (Facebook, Twitter, foursquare, etc.) and gets some special access token.
Your app takes the token and sends it to your server.
Your server receives the token and validates it. It checks it against the service's API and (at least for Facebook and Twitter) get the corresponding user ID.
Assuming a valid ID, your server checks if user ID has already been used by some user. If so, it logs them in. If the user ID hasn't been created, your server creates its own user record associated with that user ID and logs the user in. In either case, the user ends up logged in and your server issues a session key to your app.
The session key is used for all further communication between your app and your server until the user logs out.
On the phone, you're going to want some OAuth library to allow users to authenticate with another service. You'll probably want to use the Facebook iOS SDK to allow them to use Facebook and use one of the suggested OAuth libraries here for your other authentication services. I have only used the Facebook SDK, so I can't speak as to the general OAuth libraries.
Once logged in, the phone should not store the access token, only the session key.
Assuming that users can use more than one service to access their account, you will also want some way of connecting two services to the same user (probably by email address).
It's up to you to decide how your app and your server communicate. I'd go for a JSON+REST API for communications with the server.
Another option to get your users to login using multiple services is Socialize (www.getsocialize.com). It's an open source SDK that manages your users and authentication so you don't have to implement all the steps that cbrauchli has outlined above.
I was exploring if better/easy to use/implement options exist in 2020 using third party libraries to allow login with social accounts. And found two options:
AuthorizeMe - https://github.com/rubygarage/authorize-me & https://rubygarage.org/blog/authorizeme-ios-libary
Auth0 - https://auth0.com/learn/social-login/ & https://auth0.com/blog/using-centralized-login-to-add-authentication-to-your-ios-apps/
AuthorizeMe supports:
Facebook
Twitter
Google
Instagram
LinkedIn
plus custom providers
Auth0 supports:
Facebook
Twitter
Google
Microsoft (Windows Live)
Yahoo
Instagram
Amazon
LinkedIn
Github
PayPal
vKontakte
Yandex
Box
Baidu
Ren Ren (Xiaonei)
Weibo
Shopify
Wordpress
Yammer
SoundCloud
and custom providers as well
Disclaimer: I am not affiliated with Auth0 or AuthorizeMe.