I need to create an external php web application (PHP) to connect to Google Drive using the API. Problem is that the quick start example illustrates that the user has to visit a url to obtain an authorization code to complete the authorization. Is there a way to achieve the authorization automatically without any user interaction. I need to basically copy an existing doc template automatically via the web application.
This is not possible without authorization, but is possible without user interaction. Please see the Drive SDK documentation sections on domain delegation and service accounts. Service accounts is likely what you need.
Related
I have a small site/web application where registered users can see some files that I periodically prepare for them; I store these files in separate directories and every user can only see and download their own files.
Now, I'm moving these directories to Google Drive and I would keep functionalities like file listing and downloading.
Reading the official docs I found some interesting examples about file download/upload, but all of them talk about authorization that user must give in order to access to their Drive and this is not what I'm looking for, I don't want access to their Drive!
As I can see, the doc is not contempling the case that someone may want to give (read-only) access to own Drive. But maybe I'm missing something...
Basically, I need the list of files on my Drive account and, if requested, a way to download one (or more). The only one that has the auth to Drive account is my server, users will send request from it.
Is it possible? I think yes, but I can't find any docs about that. How can I authorize my server?
I think you're looking for the Using OAuth 2.0 for Web Server Applications where you'll be using service accounts to achieve your goal.
"This document explains how web server applications use the Google API
Client Library for PHP to implement OAuth 2.0 authorization to access
Google APIs. OAuth 2.0 allows users to share specific data with an
application while keeping their usernames, passwords, and other
information private. For example, an application can use OAuth 2.0 to
obtain permission from users to store files in their Google Drives."
The snippets are in PHP too, so it works in your favor.
I have recently implemented the SSO functionality for a Google Apps Marketplace app we are developing. In simple words: it provides a way to retrieve the Google Apps' user's email and log him in in your website, without the need of authorization on his end. You just need the consumer key and consumer secret, provided by Google to the app during installation on your domain (the installing user also authorizes (a one time action) any other permissions you request in the Manifest file).
Now I have somehow managed to get the SSO user login working using JanRain's OpenID PHP library and adding Google Apps as provider using the PHP Extensions for Google Apps OpenID Discovery.
However, after logging in, I need to implement a functionality that will retrieve all users in a given Google Apps domain. I've already did that using oAuth2 authentication and the following Directory API. However, this requires the existense of a consumer key, consumer secret and a redirect URL (that must be registered in the Google API console).
Is there a way to remove this convenience and instead allow our users to directly be able to get their Google Apps domain's users, using the existing SSO authentication we made in the background while logging him in? Otherwise, it will be too much hassle for the user to register the app at the Google API console, enter the correct redirect URL and set it up in our website and then he will be able to get his domain's users.
Regular users cannot use the Directory API, you'll need to authenticate as an admin user to make Directory API calls.
Depending on your needs though for accessing all users, you may be able to get by with requesting access to the user's Contacts scope and grabbing a copy of the full Global Address List which contains information on all non-hidden domain users as well as non-hidden groups and shared contacts.
I'm trying to implement Google Drive API. They have quick start example here which is using Google OAuth 2.0. Using for a web application where user will use drive api for creating folder and save files, edit files etc.
Now the problem is OAuth 2.0 is redirecting the page and for authCode and then back to callbackUrl again ie. the usual way. Is there any way so that I can get the authCode without redirecting the url, by using cURL or some library that can do that without redirecting.
I'm using PHP for this app.
We currently offer an alternative flow for installed apps that doesn't redirect back to an app but outputs the exchange code. In order to be sure that user is explicitly giving permissions to your application, we need to intercept the flow for a user action.
If there are no end users involved in your use case, you may like to take a look at the service accounts: https://developers.google.com/accounts/docs/OAuth2ServiceAccount Service accounts also provide impersonation for Google Apps domains.
I am new to OpenID and have been requested to build a login system to work with the company's Google account. They want to restrict logins to users of their domain. They login into Gmail using their domain and they want this feature to allow access to their systems.
Let's say the domain is example.com. They would log into Gmail as user#example.com or go to their domain login page to access their accounts.
I have been doing some research and it seems that the Google Federated Login is what I should be working with. I downloaded the Google APIs Client Library for PHP and have been playing with the examples but I still cannot get it to restrict access to whom logs in. Currently anyone with a google account seems to be able to login. Also, the API wants to access certain information... I only want to authenticate the user to ensure they are a valid user of the domain and eventually allow SpreadSheet Access in Google Docs so that another script (in the same system) can create SpreadSheets while the user is updating the system.
So my questions are:
1) Which service do I need to enable in the Google API console? Enterprise License Manager API is the only service that is enabled.... I'm starting to think maybe I should disable it.. Do any services have to be enabled? I'm not really sure about this.
2) Is there anything special about the PHP Google APIs that would require me to use Google's API or is this functionality available with any OpenID library? If the latter, which libraries are good for what I am trying to accomplish? (PHP)
3) I have found a few examples for allowing login with a Google account but I haven't found a single one for restricting it to a single domain. I am sure this is possible but am starting to feel that it's very difficult to implement... Any information on this would be very beneficial.
Thanks for any information you can toss my way.
I have set a setup of Google Drive sample DriEdit code in my wesite. It is authenticating user file but once authentication done it take back user to the redirect url, but when i am using default FULL_AUTH_URL url it working file, but in my case it is not working here is my URl.
const FULL_AUTH_URL='https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/drive.file&client_id=MY_CLIENT_ID&response_type=code&access_type=offline&approval_prompt=force&redirect_uri=http://www.example.com';
You need to replace:
MY_CLIENT_ID by the Client ID of your application which you can find in the Google APIs Console for the project that you have created. See https://developers.google.com/drive/register
redirect_uri bu the URL where the user gets redirect to after he approves the OAuth flow. Usually the main page of your website or a different OAuth handler. This is usually all described in the Dr Edit sample documentation. Make sure you read this: https://developers.google.com/drive/examples/python
You may need to create a "Client ID for web applications" - maybe a service account works, too (web services might be easier to connect, because for service accounts one need to install a certificate file and send it on auth).
Once oAuth is setup properly, you should at least get any error message from Google.
Just don't use the Drive API credentials, they have no function yet.
Hope this get's you started.