I am developing an application using the YouTube API that allows users to browse their account (Uploads, favorites etc.) from an external site. The current site is setup as a WordPress multi-site network (which is only important here for the URL structure).
Each site is installed into a sub-directory, so for example the main site would be
http://www.mainsite.com
and each site URL structure would be:
http://www.mainsite.com/site-1/
http://www.mainsite.com/site-2/
I've setup a channel for each of the sites in the network so each site can view separate videos.
For each site I've installed I've setup a separate Google Project and am using a unique API key. I can authenticate on one site and store the refresh token in the database for later use.
That all works, but when I go to authenticate on a second site, the first site's refresh/access tokens get revoked and the second site works while the first does not.
I receive a response from the API on the first site "Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }'". I can then revoke the tokens, and re-authenticate and things work again until i try and authenticate on a different iste.
How come I can only have one site authenticated at a time if they are each using separate api keys and access tokens to hit the API? Is it because all of the JavaScript origins originate from the same URL?
If so, is there a work around where I can have all of the sites in the network connected without having to re-authenticate each time I want to view the channel? Is there some sort of limitation here that I'm overlooking?
It seems like only one site in the network can be communicating with the API at a time even tho the access tokens and api keys are unique to each site.
Use an api key:
client->setDeveloperKey('key goes here');
You can get the key from your api console, set it as a server key.
Related
Current Working Flow
I have a web app (developed in wordpress)
I am using google-drive-sdk to upload dynamically generated pdf file to a GMail account.
The GMail account has been configured in the web app giving the
secret key ....
The web app first makes the authentication ===>i.e The GDrive Account is authenticated for the first time by the GMail owner (In Google Permission window the button Allow Access is clicked)
It works fine thereafter when called from the web app - the pdf file dynamically generated gets into the configured GDrive
The Problem
PDF files gets uploaded to the GDrive only for some time.
After sometime it doesn't upload the files to GDrive.
I then tried creating a new token - It again starts uploading files but stops after some time.
This happens only in Staging server.
In my local development system it keeps working fine - uploading the file to GDrive whenever the app is executed.
The difference between both the environment is the GMail Account is different.
If you have any idea on the cause of issue or any pointers would really be helpful for me.
Your application must use OAuth 2.0 to authorize requests. All requests to the Drive API must be authorized by an authenticated user.
The details of the authorization process, or "flow," for OAuth 2.0 vary somewhat depending on what kind of application you're writing. The following general process applies to all application types:
When you create your application, you register it using the Google API Console. Google then provides information you'll need later, such as a client ID and a client secret.
Activate the Drive API in the Google API Console. (If the API isn't listed in the API Console, then skip this step.)
When your application needs access to user data, it asks Google for a particular scope of access.
Google displays a consent screen to the user, asking them to authorize your application to request some of their data.
If the user approves, then Google gives your application a short-lived access token.
Your application requests user data, attaching the access token to the request.
If Google determines that your request and the token are valid, it returns the requested data.
Some flows include additional steps, such as using refresh tokens to acquire new access tokens. For detailed information about flows for various types of applications, see Google's OAuth 2.0 documentation.
For my web application - I need to fetch all the data for a particular facebook page. What kind of permissions do I need. Do I really need to create a canvas app for it?
I dont intend to do anything on FB - but use some of the data available to arrive at some conclusions in my web based application which will be hosted on a server outside of FB.
Facebook's API documents should provide everything you need:
https://developers.facebook.com/docs/graph-api/reference/v2.1/page
According to the permissions section, you'll need either an App token or a User token. Since you're talking server-to-server (I'm assuming this is server-to-server on account of the PHP tag), you're going to want to use an App token:
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
You should be able to create a Facebook App from within your Facebook account, which will provide you with an App ID and App Secret. You can use those to make calls directly to the API.
I'm currently trying to wrap my head around a rather complex OAuth2 use case. I have two servers, one is a client side web server, which serves a website, the other is an API server, which is used to interface with all our backend data.
Currently users use a basic UserCredentials flow which creates an access token on our API server, which is then used to sign all requests from the webserver to the API
Is there a way I can allow users to log in using Google or Facebook, and either use the access token generated to sign API requests in the same way as above, or alternatively create an access token on our API which is then used the same way as above?
In a word: NO.
Let me try and explain why. Lets start by looking at Google, to access google you need to register your application in Google Apis console. When you ask a user to give you access to there google data you do it using the client id and secret you got from apis console. Then google goes about createing your application an access token for there api this info is all stored on there servers. When you then try and use that access token they know which user gave you access to there data via the api.
Now the same holds true for Facebook, and your service as well. They are all diffrent APIs offered by diffrent companys. They create the Access tokens Google cant create you an access token to access data on Facebook any more then Facebook could to Google. Things just dont work that way.
I have recently implemented the SSO functionality for a Google Apps Marketplace app we are developing. In simple words: it provides a way to retrieve the Google Apps' user's email and log him in in your website, without the need of authorization on his end. You just need the consumer key and consumer secret, provided by Google to the app during installation on your domain (the installing user also authorizes (a one time action) any other permissions you request in the Manifest file).
Now I have somehow managed to get the SSO user login working using JanRain's OpenID PHP library and adding Google Apps as provider using the PHP Extensions for Google Apps OpenID Discovery.
However, after logging in, I need to implement a functionality that will retrieve all users in a given Google Apps domain. I've already did that using oAuth2 authentication and the following Directory API. However, this requires the existense of a consumer key, consumer secret and a redirect URL (that must be registered in the Google API console).
Is there a way to remove this convenience and instead allow our users to directly be able to get their Google Apps domain's users, using the existing SSO authentication we made in the background while logging him in? Otherwise, it will be too much hassle for the user to register the app at the Google API console, enter the correct redirect URL and set it up in our website and then he will be able to get his domain's users.
Regular users cannot use the Directory API, you'll need to authenticate as an admin user to make Directory API calls.
Depending on your needs though for accessing all users, you may be able to get by with requesting access to the user's Contacts scope and grabbing a copy of the full Global Address List which contains information on all non-hidden domain users as well as non-hidden groups and shared contacts.
Hi guys I'm working on my google apps application - currently I've build the authentication upon the example available at google namely this url
The problem is that the session seems to time out and that everytime I am logged into my google apps account and go to my application I need to authenticate again and go through the screen where google asks me if I should allow the application to access the services like GMAIL, Docs etc listed in the manifest xml file. I don't think I'm doing it right as other applications allow instant access.
Any ideas
you should store and reuse the oauth access & secret key. this should avoid the re-authentication with google (or other oauth based services) - unless your access key has been revoked of course.
Cheers!