I have an application that creates sites, including registering the domain and configuring the DNS. When a site is created, I'd like to add the domain to Google Webmaster Tools and add a sitemap to the domain.
I'm using the new Webmasters Service in the Google API PHP Client with a service account. Authentication is done with a Service Account and OAuth2 as described in the docs; this works to some extent in that I can add a site and access the list of sites to confirm that it has been added, but the permission level for the site is "siteUnverifiedUser" and, with that level of access, attempting to also add a site map triggers an HTTP 403 error "(403) User does not have sufficient permission for site".
Earlier versions of the API seemed to support verification, but that has been removed and the documentation no longer mentions it. How can I go about verifying that my service account has access to the domain so that I can add sitemaps to it?
The short answer to this is that Google's Site Verification API can be used to verify ownership of the site, then other operations like adding sitemaps will also be permitted.
Related
I have a system I use to publish my videos according to a schedule, as well as manage the video data (tags, descriptions etc).
This system uses the PHP client library to access my YouTube account via a service account. My YouTube account is an old account (pre google buying youtube) and is hung onto the side of my main google account, thus accessing it requires impersonating it, since my main account has no videos.
I managed to work out how to do this (See: Granting permanent access for youtube account through Youtube API) after a lot of reading and testing and stumbling around.
Now, this has stopped working. Attempting to authenticate with the impersonate address included yields an unauthorized_client error. Not including it works, but like I said, doesn't return any videos.
I've read things suggesting I now need to give access to this account.
In console.developers.google.com/permissions/serviceaccounts I've added it to the permissions as an owner and Service Account Actor, but this has done nothing. I have also enabled Google Apps Domain Wide Delegation for no result.
Other documentation suggests I need to enter the Admin Console at admin.google.com to authorize the account, but I cannot access this page since it apparently requires a Google For Work account which I don't have and don't know how to get.
I'm at a loss for what I need to do to grant my account access to my own account.
Here is a paste of my auth code (with sensitive data removed of course): http://pastebin.com/RCdY8mX6
I am using Google Web master tools API v3 for Search Analytics. I am using Service Account to retrieve the analytics. I received following message.
(403) User does not have sufficient permission for site 'http://www.1800medexpress.com/'. See also: https://support.google.com/webmasters/answer/2451999.'
I added Service Account Email address also to the Web Master tools as owner. But still received same error.
I used PHP API Library.
I haven't tried but this should work.
In Webmaster tools for the website in question. upper right hand corner there is a cogwheel click on it go to Users and Property Owners click add a new user button add your service account email address.
Then try and run your code.
Service accounts need to be granted access to the data just like you would any other user by default they don't have access to your data.
Update:
By checking the documentation we can see that it is in fact possible to use a Service account with webmaster tools api it just needs to be set up properly. It may be an issue with your code or how you have set it up. Clod should probably be simlar to this. Service account with Google Calendar
A service account is used in an application that calls APIs on behalf
of an application that does not access user information. This type of
application needs to prove its own identity, but it does not need a
user to authorize requests. The Google Accounts documentation contains
more details about service accounts.
I have recently implemented the SSO functionality for a Google Apps Marketplace app we are developing. In simple words: it provides a way to retrieve the Google Apps' user's email and log him in in your website, without the need of authorization on his end. You just need the consumer key and consumer secret, provided by Google to the app during installation on your domain (the installing user also authorizes (a one time action) any other permissions you request in the Manifest file).
Now I have somehow managed to get the SSO user login working using JanRain's OpenID PHP library and adding Google Apps as provider using the PHP Extensions for Google Apps OpenID Discovery.
However, after logging in, I need to implement a functionality that will retrieve all users in a given Google Apps domain. I've already did that using oAuth2 authentication and the following Directory API. However, this requires the existense of a consumer key, consumer secret and a redirect URL (that must be registered in the Google API console).
Is there a way to remove this convenience and instead allow our users to directly be able to get their Google Apps domain's users, using the existing SSO authentication we made in the background while logging him in? Otherwise, it will be too much hassle for the user to register the app at the Google API console, enter the correct redirect URL and set it up in our website and then he will be able to get his domain's users.
Regular users cannot use the Directory API, you'll need to authenticate as an admin user to make Directory API calls.
Depending on your needs though for accessing all users, you may be able to get by with requesting access to the user's Contacts scope and grabbing a copy of the full Global Address List which contains information on all non-hidden domain users as well as non-hidden groups and shared contacts.
I'm trying to implement Google Drive API. They have quick start example here which is using Google OAuth 2.0. Using for a web application where user will use drive api for creating folder and save files, edit files etc.
Now the problem is OAuth 2.0 is redirecting the page and for authCode and then back to callbackUrl again ie. the usual way. Is there any way so that I can get the authCode without redirecting the url, by using cURL or some library that can do that without redirecting.
I'm using PHP for this app.
We currently offer an alternative flow for installed apps that doesn't redirect back to an app but outputs the exchange code. In order to be sure that user is explicitly giving permissions to your application, we need to intercept the flow for a user action.
If there are no end users involved in your use case, you may like to take a look at the service accounts: https://developers.google.com/accounts/docs/OAuth2ServiceAccount Service accounts also provide impersonation for Google Apps domains.
I am new to OpenID and have been requested to build a login system to work with the company's Google account. They want to restrict logins to users of their domain. They login into Gmail using their domain and they want this feature to allow access to their systems.
Let's say the domain is example.com. They would log into Gmail as user#example.com or go to their domain login page to access their accounts.
I have been doing some research and it seems that the Google Federated Login is what I should be working with. I downloaded the Google APIs Client Library for PHP and have been playing with the examples but I still cannot get it to restrict access to whom logs in. Currently anyone with a google account seems to be able to login. Also, the API wants to access certain information... I only want to authenticate the user to ensure they are a valid user of the domain and eventually allow SpreadSheet Access in Google Docs so that another script (in the same system) can create SpreadSheets while the user is updating the system.
So my questions are:
1) Which service do I need to enable in the Google API console? Enterprise License Manager API is the only service that is enabled.... I'm starting to think maybe I should disable it.. Do any services have to be enabled? I'm not really sure about this.
2) Is there anything special about the PHP Google APIs that would require me to use Google's API or is this functionality available with any OpenID library? If the latter, which libraries are good for what I am trying to accomplish? (PHP)
3) I have found a few examples for allowing login with a Google account but I haven't found a single one for restricting it to a single domain. I am sure this is possible but am starting to feel that it's very difficult to implement... Any information on this would be very beneficial.
Thanks for any information you can toss my way.