Hello I need to get access to a spreadsheet from google spreadsheet API. I have enabled Google Sheets API and added API key, but this doesn't work!!!
https://sheets.googleapis.com/v4/spreadsheets/[my_spreadsheet_id]/values/A1?key=[my_api_key]
The result is:
403 - The caller does not have permission
But if I provide public access for this spreadsheet ---> it works!!!
The result is:
200 - [correct requested data .....]
The my question is:
How to get access to a private spreadsheet from the API?
I need to read and write orders data there from my website using php's functions like file_get_contents()
Basically, you need to get authorization as mentioned in the documentation.
Whenever your application requests private user data, it must send an OAuth 2.0 token along with the request. Your application first sends a client ID and, possibly, a client secret to obtain a token. You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.
Further information from OAuth 2.0 documentation, when accessing a Google API using OAuth 2.0, all applications follow these steps:
Obtain OAuth 2.0 credentials from the Google API Console.
Obtain an access token from the Google Authorization Server.
Before your application can access private data using a Google API, it must obtain an access token that grants access to that API.
Send the access token to an API.
Refresh the access token, if necessary.
Lastly, to help you with the implementation using PHP, you may also add Authentication and authorization to your list of references. Hope that helps!
Related
We have an app that uses the OAuth2 Google sign-in system and we want to store data from the users that sign in into our app on our back-end during the initial registration.
This is the way we got it set up:
Users signs in with the app using Google sign-in
We get an ID Token and send this to the server
On the server we verify this token is valid using Google library and save the info we get back from the verification
We also need the user to be able to update/insert data into the back-end when he's authenticated.
After the initial registration, how do we do this?
Do we send the ID Token from client to server each time they call the API on our back-end? In this case how to handle expired tokens?
If you want to make your API a first-class citizen in your system and have it require access tokens that are specifically issued to it instead of accepting Google authentication related tokens that were issued to your client application then you need to have an authorization server that specifically issues tokens for your API.
This authorization server can still delegate user authentication to Google, but then after verifying the user identity it will issue API specific access tokens that better satisfy your requirements, like for example, including specific scopes then used by your API to perform authorization decisions.
For a more complete description of this scenario you can check Auth0 Mobile + API architecture scenario.
In this scenario you have a mobile application ("Client") which talks to an API ("Resource Server"). The application will use OpenID Connect with the Authorization Code Grant using Proof Key for Code Exchange (PKCE) to authenticate users.
The information is Auth0 specific and you can indeed use Auth0 as an authorization server for your own API while still maintaining Google authentication support, however, most of the theory would also apply to any OAuth 2.0 compliant provider.
Disclosure: I'm an Auth0 engineer.
I have developed REST web service api in PHP and now I would like to secure it using OAuth 2.0. Basically I would like to provide token based access to the user who is accessing the web service api.
My application will be signed using Open Ids (Facebook, Twitter & Google+), I will get basic details like consumer_secret and ids from the open ids.
I have few queries :-
1) Do I need to create tables in my MySQL database and create token and store it with timestamp? And then whenever any user calls the api, we first check the token is valid or not and after that grant access to api.
Yes you will need to do that, but implement a OAuth server is a lot of work, better choose an existing package like https://github.com/bshaffer/oauth2-server-php or http://oauth2.thephpleague.com/
I'm currently trying to wrap my head around a rather complex OAuth2 use case. I have two servers, one is a client side web server, which serves a website, the other is an API server, which is used to interface with all our backend data.
Currently users use a basic UserCredentials flow which creates an access token on our API server, which is then used to sign all requests from the webserver to the API
Is there a way I can allow users to log in using Google or Facebook, and either use the access token generated to sign API requests in the same way as above, or alternatively create an access token on our API which is then used the same way as above?
In a word: NO.
Let me try and explain why. Lets start by looking at Google, to access google you need to register your application in Google Apis console. When you ask a user to give you access to there google data you do it using the client id and secret you got from apis console. Then google goes about createing your application an access token for there api this info is all stored on there servers. When you then try and use that access token they know which user gave you access to there data via the api.
Now the same holds true for Facebook, and your service as well. They are all diffrent APIs offered by diffrent companys. They create the Access tokens Google cant create you an access token to access data on Facebook any more then Facebook could to Google. Things just dont work that way.
I would like to grant an application permissions to post video to my youtube channel using HybridAuth (http://hybridauth.sourceforge.net/) and PHP.
First question is that possible?
I can already authenticate and grant permissions facebook, linkedin, and twitter. I can post status to these networks. Have not tried connecting to Google yet, but should be easy to add, and I am assuming that I only need Google authentication to access Youtube?
What part of HybridAuth can be used to upload the video? Are there any sample apps out there that I can use to learn from? Has anyone done this?
No, you can't use it with Youtube, however can use it with Vimeo.
You can use HybridAuth to connect to Google API and Register your Application / Projet in Google ( HybridAuth already enables Connection to Google , see Documentation for reference ) and When you register your projet with Google , you can start to add / Enable the right Google API by browsing API List Items available. You will find an API Called YouTube Data API v3 , Click on it and Enable to Change Status to ON.
Once done , then your registered projet with Google enables YouTube API , and you have to go to Credentials to generate your keys.
Hopes it helps ...
Here is a usefull link for you to get Started with YouTube through Google :
Source : https://developers.google.com/youtube/registering_an_application
Title : Register your Application with YouTube via Google
Go to the Google Developers Console.
Select a project.
In the sidebar on the left, select APIs & auth. In the list of APIs, make sure the status is ON for the YouTube Data API v3.
In the sidebar on the left, select Credentials.
The API supports two types of credentials. Create whichever credentials are appropriate for your project:
OAuth 2.0: Your application must send an OAuth 2.0 token with any request that accesses private user data. Your application sends a client ID and, possibly, a client secret to obtain a token. You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.
Learn more
API keys: A request that does not provide an OAuth 2.0 token must send an API key. The key identifies your project and provides API access, quota, and reports.
If the key type you need does not already exist, create an API key by selecting Create New Key and then selecting the appropriate key type. Then enter the additional data required for that key type.
I want to use oAuth in PHP to access Gmail's atom feed. I am not sure where or how to start coding this... on Google's page it says this:
To obtain access, you can use AuthSub or OAuth by requesting a token with scope=https://mail.google.com/mail/feed/atom
How to do that in PHP? Thanks for helping a programming newbie :D
See below URL it is very very use full for you with demo and source code. Read carefully
You can start with this example.
Get Unread Emails From Gmail Using Gmail Feed API, OAuth and PHP With Atom
http://lookmywebpage.com/api/google/get-unread-emails-from-gmail-using-gmail-feed-api-oauth-and-php/
At a basic level, the process is as follows:
Your application requests access and gets an unauthorized request token from Google’s authorization server.
Google asks the user to grant you access to the required data. If the user is not already logged in, Google prompts the user to log in. Google then displays an authorization page that allows the user to see what Google service data your application is requesting access to.
Your application gets an authorized request token from the authorization server. Each request token is valid for only one hour.
You exchange the authorized request token for an access token.
You use the access token to request data from Google’s service access servers. By default, access tokens are long-lived. Each access token is specific to the user account specified in the original request for authorization, and grants access only to the services specified in that request. Your application should store the access token securely, because it’s required for all access to a user’s data.
How to start?
How to start - see below url
http://lookmywebpage.com/api/google/get-unread-emails-from-gmail-using-gmail-feed-api-oauth-and-php/