Trying to create a function that manages Google Calendar items via PHP for a Google Apps account. Cannot use web client OAuth, all authentication must be server to server.
I did the following in the Google Apps admin panel:
Enabled API access for the domain.
Created the OAuth key and secret for the domain.
Searched through many tutorials and cannot find anything related to Google Apps, and using the domain oauth key to retrieve user data. All of the examples either require a Service Account or Client OAuth (which is not an option).
Any ideas where to start?
Related
I am using XAMPP for Linux 5.6.30
I want to integrate 'Google Adwords API' in my project for display campaigns details.
I create new project in developer console with help of this guide
for 'Web client' and define Authorized JavaScript origins:http://localhost AND Authorized redirect URIs:https://localhost/googleads/
Also try Authorized JavaScript origins:http://report.myproject.com AND Authorized redirect URIs:http://report.myproject.com/googleads
I also refer some solutions on StackOverflow which discuss previously but I can't get a solution .
When i run `PHP GetRefreshToken.php' in the terminal, it generates one URL but when i open that URL is displayed error 'Error: redirect_uri_mismatch' with this message 'The redirect URI in the request,xxx.xxx.xxx can only be used by a Client ID for a native application. It is not allowed for the WEB client type.'
I also have developerToken and clientCustomerId of Google Adwords account.
Is am i doing right way or not?
is google adwords integration works in localhost server or i have to put it on my live server?
My project is already on live server i just integrate adwords api in local server
You can refer to below documentation.
Using OAuth 2.0 for Web Server Applications
Example for end-to-end OAuth2 using php is Given here.
Create authorization credentials
Any application that uses OAuth 2.0 to access Google APIs must have authorization credentials that identify the application to Google's OAuth 2.0 server. The following steps explain how to create credentials for your project. Your applications can then use the credentials to access APIs that you have enabled for that project.
Open the Credentials page in the API Console.
Click Create credentials > OAuth client ID.
Complete the form. Set the application type to Web application. Applications that use languages and frameworks like PHP, Java, Python, Ruby, and .NET must specify authorized redirect URIs. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses. For testing, you can specify URIs that refer to the local machine, such as http://localhost:8080.
Google recommends that you design your app's auth endpoints so that your application does not expose authorization codes to other resources on the page.
I am building an app for the Google Marketplace and just made the switch to OAuth 2.0 from 1.0 before final deployment.
Before the switch, I was able to use the provisioning API to fetch users in a domain that has installed the app given, appropriate permissions have been granted.
My experience with the Directory API (the OAuth 2 counterpart) requires that i perform a 2-legged OAuth to get an access token which I then uses to perform the Admin action. This only works if the access token belongs to an Administrator user of the subject domain.
There's a section in the app that pulls all users from the domain and I need this to be accessible to all logged in users including non-administrative users of the domain.
Didn't have such problems when I was using the provisioning API using the Zend library
Not sure. But the following post might be helpful
Until recently this technique was mostly performed using 2-Legged
OAuth 1.0a (2-LO). However, with the deprecation of the OAuth 1.0
protocol and the resulting programmed shutdown of 2-LO, the
recommended authorization mechanism is now to use OAuth 2.0 and
service accounts.
source -
http://googleappsdeveloper.blogspot.com/2012/11/domain-wide-delegation-of-authority-and.html
I have recently implemented the SSO functionality for a Google Apps Marketplace app we are developing. In simple words: it provides a way to retrieve the Google Apps' user's email and log him in in your website, without the need of authorization on his end. You just need the consumer key and consumer secret, provided by Google to the app during installation on your domain (the installing user also authorizes (a one time action) any other permissions you request in the Manifest file).
Now I have somehow managed to get the SSO user login working using JanRain's OpenID PHP library and adding Google Apps as provider using the PHP Extensions for Google Apps OpenID Discovery.
However, after logging in, I need to implement a functionality that will retrieve all users in a given Google Apps domain. I've already did that using oAuth2 authentication and the following Directory API. However, this requires the existense of a consumer key, consumer secret and a redirect URL (that must be registered in the Google API console).
Is there a way to remove this convenience and instead allow our users to directly be able to get their Google Apps domain's users, using the existing SSO authentication we made in the background while logging him in? Otherwise, it will be too much hassle for the user to register the app at the Google API console, enter the correct redirect URL and set it up in our website and then he will be able to get his domain's users.
Regular users cannot use the Directory API, you'll need to authenticate as an admin user to make Directory API calls.
Depending on your needs though for accessing all users, you may be able to get by with requesting access to the user's Contacts scope and grabbing a copy of the full Global Address List which contains information on all non-hidden domain users as well as non-hidden groups and shared contacts.
I would like to grant an application permissions to post video to my youtube channel using HybridAuth (http://hybridauth.sourceforge.net/) and PHP.
First question is that possible?
I can already authenticate and grant permissions facebook, linkedin, and twitter. I can post status to these networks. Have not tried connecting to Google yet, but should be easy to add, and I am assuming that I only need Google authentication to access Youtube?
What part of HybridAuth can be used to upload the video? Are there any sample apps out there that I can use to learn from? Has anyone done this?
No, you can't use it with Youtube, however can use it with Vimeo.
You can use HybridAuth to connect to Google API and Register your Application / Projet in Google ( HybridAuth already enables Connection to Google , see Documentation for reference ) and When you register your projet with Google , you can start to add / Enable the right Google API by browsing API List Items available. You will find an API Called YouTube Data API v3 , Click on it and Enable to Change Status to ON.
Once done , then your registered projet with Google enables YouTube API , and you have to go to Credentials to generate your keys.
Hopes it helps ...
Here is a usefull link for you to get Started with YouTube through Google :
Source : https://developers.google.com/youtube/registering_an_application
Title : Register your Application with YouTube via Google
Go to the Google Developers Console.
Select a project.
In the sidebar on the left, select APIs & auth. In the list of APIs, make sure the status is ON for the YouTube Data API v3.
In the sidebar on the left, select Credentials.
The API supports two types of credentials. Create whichever credentials are appropriate for your project:
OAuth 2.0: Your application must send an OAuth 2.0 token with any request that accesses private user data. Your application sends a client ID and, possibly, a client secret to obtain a token. You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.
Learn more
API keys: A request that does not provide an OAuth 2.0 token must send an API key. The key identifies your project and provides API access, quota, and reports.
If the key type you need does not already exist, create an API key by selecting Create New Key and then selecting the appropriate key type. Then enter the additional data required for that key type.
Hi guys I'm working on my google apps application - currently I've build the authentication upon the example available at google namely this url
The problem is that the session seems to time out and that everytime I am logged into my google apps account and go to my application I need to authenticate again and go through the screen where google asks me if I should allow the application to access the services like GMAIL, Docs etc listed in the manifest xml file. I don't think I'm doing it right as other applications allow instant access.
Any ideas
you should store and reuse the oauth access & secret key. this should avoid the re-authentication with google (or other oauth based services) - unless your access key has been revoked of course.
Cheers!