Overall goal is trying to access (my own) Google Sheets with a server-side PHP application (not for sheets owned by individual app visitors). For this I'm hoping to use https://github.com/asimlqt/php-google-spreadsheet-client, which mentions that it doesn't handle the OAuth2 stuff, for which I can use https://github.com/google/google-api-php-client.
So in trying to follow https://developers.google.com/api-client-library/php/auth/service-accounts , it says (step 5):
The Console shows your private key's password only at this initial moment of service account creation--the password will not be shown again
However when I do those steps, it sends me a .json (with private_key_id, private_key, client_email, client_id, type), but at no point does it show me any kind of password. I have tried this with both Firefox and Chromium, tried deleting my old Service Account, making a new Service Account. Is there something else I need to enable on my Developers Console? or something else that I'm missing?
When you create a service account on the Google Api Console, usually, the file randomname.p12 will get downloaded automatically, and the password for this file will be notasecret but, if you are authenticating using the service account i beleive you dont need the password, even tho i am using it, see here check out bram answer he is authenticating using a service account, which might be what you are looking for
Related
My aim is it to write a php script that query all events from an existing google calendar of one specific google account.
The default scripts to do this works fine.
At the moment it works so: Request my php script --> it recognizes that is has no $_GET['code'] parameter --> redirect the browser to google for login --> after login google redirects back to my php script --> and the query on the calendar can be done
But what i want to do now: is that my php script performs the login into this specific google account with the username and password. I have and my script shell retrieve the $_GET['code'] parameter without any user interaction.
I have already spent lots of hours researching and testing but i have not found any solution yet.
Is that even possible? If it is there a way to pass these login datails (username and password) within the request to google authendication to the two-step login form?
In this thread is an hint to use service-accounts: Fatal error: Class 'Google_Auth_AssertionCredentials' not found
but i have not figured out how to do this.
Thanks in advance.
Logging in to a google account using username and password i was called client login. Google shut this down in 2015.
This is no longer an option. If you want to access private user data you need to use Oauth2 and request authorization as you are doing currently.
service accounts
Note: to clarify #CBroe statement in comments.
Service accounts only work with google calendar if you are using a google workspace domain accounts. You would need to configure domain wide delegation and set up the service account to impersonate a user on the domain.
For standard Gmail user accounts service accounts are not possible with google calendar api.
Finally i made it with a payd google workspace subscription.
At the moment i am not able to reconstruct all the steps but i can give a few hints and ressources that helped me.
Here is an official example for the usage of a service account:
https://github.com/googleapis/google-api-php-client/blob/main/examples/service-account.php
The templates/base.php file was not part of my composer installation so i had to deploy it myself. It also was necessary to adjust the path to my service-account-credentials-json-file.
Here is another thread about the same topic with some really good explanations:
Inserting Google Calendar Entries with Service Account
And then only thing that was missing in my configuration:
In the calendar settings i had to add the service accound id (with the # in it) to grant access to this service account.
For better understanding of the backgrounds i also refer to the comments in this thread.
Another hint: In the google workspace account i had to validate my domain and recreate the project with its credentials and service account.
I have created a server side application in PHP that's supposed to work with Google Spreadsheets.
I'm able to authenticate successfully with OAuth 2.0 authentication, but when requesting the list of the spreadsheets from Google, I only get the spreadsheets shared with the service account by the spreadsheet owner.
Is there a way that service account could retrieve all the spreadsheets owned by my main account not the service one, including those not explicitly shared with the service account?
Also I still want to keep the spreadsheets private so noone can access them without my permission, but I need the service account to have full access to both existing and new spreadsheets.
Any advice is appreciated.
Here is a sample script that uses a service account to read the contents of a Google Spreadsheet's sheet. Have a look at the README for instructions to set it up:
https://github.com/juampynr/google-spreadsheet-reader
You have to change approach:
Create a service account in Drive. You can manage and use this account only with the API (not with the web interface as usually)
With the Drive API you can list, create, update, delete and change the permissions of the files. When you create a new file, you can share it - always with API - to the users you want, make the new file public or change the ownership.
Please take a look: https://developers.google.com/drive/v2/reference/permissions
I am assuming you use Google Apps and not a personal GMail account. You can use your service account to impersonate your main account.
Note that here I am talking of a service account in the way Google means it : a private key (in p12 format) and an identifier. This is not a Google Apps account used for technical purposes. More information here.
This is done by :
Authorizing your service account on your Google Apps domain
Modify the code you use to generate the API credentials
The steps are exactly the same for the Spreadsheet API and for the Drive API.
To first authorize your service account to impersonate the domain users, you can follow this documentation. Here are the basic steps. You must be a domain super administrator to perform this task.
Go to your Google Apps domain’s Admin console : https://admin.google.com
Select Security from the list of controls. If you don't see Security listed, select More
controls from the gray bar at the bottom of the page, then select
Security from the list of controls.
Select Advanced settings from
the list of options.
Select Manage third party OAuth Client access
in the Authentication section.
In the Client name field enter the
service account's Client ID. In the One or More API Scopes field
enter the list of scopes that your application should be granted
access to. In your case that would be at least the Spreadsheet API scope : https://spreadsheets.google.com/feeds
When this is done, you need to update your code so that it impersonates your main account :
$key = file_get_contents($SERVICE_ACCOUNT_PKCS12_FILE_PATH);
$auth = new Google_AssertionCredentials(
'YOUR_SERVICE_ACCOUNT_EMAIL',
array('https://spreadsheets.google.com/feeds'),
$key);
$auth->sub = 'yourmainaccount#domain.com';
You can then use the $authvariable to generate the OAuth tokens you need to access the spreadsheet API. I am not sure which client you use for this so the way you inject the access token will depend on which client you use.
Also, note that this token will expire after 1 hour, and then the API will start returning Session Expired errors. If your client does not handle this automatically, you will need to catch the error and regenerate the token.
I am implemented In App Billing for android.I wanted to implement subscription validity checking through my backend server. As Google Play Documentation, for making call for Google Play API,need authentication using oauth 2.0.
I followed instructions for registering project and creating credentials. But from there I have no idea how to use those credentials, I tried authentication via CURL request, but it asking permission as shown in follwing image
This permissions works fine I can exchange code and get access token, but all this done by manually, how should I implement this on backend.
I even try to use google api php library provided by Google, but It adds confusion. Also they didn't provide any example, how to use library.
Can anybody elaborate how exactly use library or pure php?
Thanks in advance.
To perform LVL and/or IAB validation on a server, do not access Google servers directly from the server. Even if all information were available, you would face integrity problems, because your app and your server will see different information due to synchronization latencies.
Instead, use your app as a proxy and validate the Google Play information on your server as described here.
I have set a setup of Google Drive sample DriEdit code in my wesite. It is authenticating user file but once authentication done it take back user to the redirect url, but when i am using default FULL_AUTH_URL url it working file, but in my case it is not working here is my URl.
const FULL_AUTH_URL='https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/drive.file&client_id=MY_CLIENT_ID&response_type=code&access_type=offline&approval_prompt=force&redirect_uri=http://www.example.com';
You need to replace:
MY_CLIENT_ID by the Client ID of your application which you can find in the Google APIs Console for the project that you have created. See https://developers.google.com/drive/register
redirect_uri bu the URL where the user gets redirect to after he approves the OAuth flow. Usually the main page of your website or a different OAuth handler. This is usually all described in the Dr Edit sample documentation. Make sure you read this: https://developers.google.com/drive/examples/python
You may need to create a "Client ID for web applications" - maybe a service account works, too (web services might be easier to connect, because for service accounts one need to install a certificate file and send it on auth).
Once oAuth is setup properly, you should at least get any error message from Google.
Just don't use the Drive API credentials, they have no function yet.
Hope this get's you started.
I am using Adwords API from last 3 months and all of a sudden today it is coming up with error message as follows:
Uncaught exception 'AuthTokenException' with message 'Failed to get authToken. Reason: BadAuthentication'
I am using google adwords V201101 php library with auth.ini containing all user details and settings.ini with https://adwords.google.com not sandbox environment. Can anyone help me with this please???
Thanks,
Murali.
you may requesting authToken from ClientLogin service too many times, that is way you get 'CaptchaRequired'.
Request authToken just for the first time, and then cache it for subsequent requests.
Check this out http://goo.gl/TOX6N
I recently had this problem trying to connect to Google DFP. I copied perfectly working code from my localhost after development and ran it on my remote cloud server. I then received the
Failed to get authToken
message. The reason was that google was blocking the attempted login as a security measure because it was a new location. I had to log into the google account (from the web) with those credentials in order to see the message and confirm the added login location. Everything worked fine after that authorization.
I've stumbled across this question and thought that this info may help someone else.
BadAuthentication means your username/password is incorrect. May be someone changed the account password, may be auth.ini got modified by mistake.
See detailed error codes here: http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html#Errors
Cheers,
Anash
I started getting this error after somebody in my organization updated the password for the account my app was using to log in. The best way to avoid this happening again is to use OAuth2.
It's as easy as going to the Google API console and creating a Client ID for Installed Applications (under API access) for your project. You then use the Client ID and Client Secret in your Adwords API auth.ini file.
Next you run the examples/AdWords/Auth/GetRefreshToken.php script which will have you grant your app access to your Adwords account. You'll end up with a Refresh Token which you need to add to your auth.ini.
The ClientLogin (username and password) method of authentication is being deprecated in favour of the above so best to migrate ASAP.