I was writing a simple logic to list pictures using the Google Photos REST API. I'd like to print the connected user profile once they are logged into my app. But I cannot find any endpoint in the REST API to get the user profile as in Gmail or Drive REST APIs.
https://developers.google.com/photos/library/guides/get-started#request-id
Meanwhile, I have tried to get the user details from the oAuth2 access token, but it does not give any user details like mail id or name.
GET https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN
Response:
{
"issued_to": "xxxxx.apps.googleusercontent.com",
"audience": "xxxxxx.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/photoslibrary",
"expires_in": 3522,
"access_type": "offline"
}
Is there any way to retrieve user profile from the above oAuth2 access_token (independent to the scope)?
I'm afraid that at the moment this is not possible. The oAuth2 token does not contain the user's e-mail. The only way of getting the user's email through the Google APIs would be to allow the https://www.googleapis.com/auth/userinfo.email scope, and use the oAuth2 API or the People API. The calls you could use may be any of the following:
GET https://www.googleapis.com/oauth2/v2/userinfo
GET https://www.googleapis.com/userinfo/v2/me
GET https://www.googleapis.com/plus/v1/people/me
Related
I am using Google Drive API to get the list of files on my google drive. I've got it working by getting an access token, client id and client secret in google cloud platform. My issue is, the token expires in 3600. I've tried this endpoint, https://www.googleapis.com/oauth2/v4/token
and put this in the request body,
{
"client_id": "client_id",
"client_secret": "client_secret",
"refresh_token": "access_token",
"grant_type": "refresh_token"
}
but is only returning
{
"access_token": "new_access_token",
"expires_in": 3552,
"scope": "https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive",
"token_type": "Bearer"
}
which doesn't refresh the token life.
is there anything I'm missing?
I am using it on postman first so that I can know it's working properly.
any help is appreciated.
Access tokens expire after a set time, and you need to make a call to request a new access token, using the refresh token you received.
Generally, refresh tokens last longer and don't expire in a while, while access tokens are short lived.
This link is to the Google API doc: https://developers.google.com/identity/protocols/oauth2/web-server#offline
This is an SO similar question with useful information, and a useful answer: How to generate access token using refresh token through google drive API?
Basically, you can make an API call from postman to request for a new access token every time you need one (and use it in Postman for the call you need to make)
Turns out, you need to get refresh token from https://developers.google.com/oauthplayground/. You also need to authorize the redirect uri from Google Cloud Platform. Thanks for the guides. really helped a lot.
I was able to create a project to connect an app to google data, for a specific account (followed Google People API)
But now I would like that each customer log in hisself to his account and manage his data.
I can' t create project in the Google API Console for each customer, my app needs to read auth from each user who will use my app and "auto" create auth to read google contact data of the logged user.
Is possible?
Could you suggest me articles about how to do?
It sounds like you are trying to do exactly what OAuth 2.0 (see the page you linked to) gives you: authenticating users. This differs from using an API key, which is only authorizing your project and has nothing to do with a user's credentials.
OAuth 2.0 combines a Client ID (associated with your Google Developers Console project) and a user's login (specific to the user who is accessing your app/site) to give you an authorization token. This token will let your app act on behalf of that user when calling that API. Just make sure to request the necessary scopes as part of the OAuth 2.0 authorization prompt given to the user.
How to give this prompt varies by environment, but many common options are listed on that link.
Note that you always use the same Client ID, so you only need one Google Developers Console project, but you are given a unique token specific to that user's login when they authorize your app, so this lets you act as any user which grants your app access to their account.
I have a list of 500 Instagram usernames in a spreadsheet. I want to extract the bio of all 500 accounts and put those in a spreadsheet. I am using Google Apps Scripting. I don't know how to get access to instagram's api where I can access the bio. I've look at other websites where I can pull up the Instagram accounts bio (like http://www.pikore.com/humordailyy) but those still don't have API. Is there a way I can get API? If not, is there a way I can crawl through the HTML or something to get the bio? Thank you.
As discussed in documentation, Instagram API requires authentication - specifically requests made on behalf of a user. Authenticated requests require an access_token which you could receive by doing the following:
Direct the user to our authorization url.
If the user is not logged in, they will be asked to log in.
The user will be asked if they would like to grant your application access to her Instagram data.
The server will redirect the user in one of two ways that you choose:
Server-side flow
Implicit flow: This method is less secure, but allows applications without any server component to receive an access_token.
For Implicit Authentication Flow which is for applications without any server component, simply follow these steps:
Step One: Direct your user to our authorization URL
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token
At this point, Instagram present the user with a login screen and then a confirmation screen where they grant your app’s access to their Instagram data. Please note that you may provide an optional scope parameter to request additional permissions outside of the “basic” permissions scope.
Step Two: Receive the access_token via the URL fragment
Once the user has authenticated and then authorized your application, Instagram redirects them to your redirect_uri with the access_token in the url fragment. It will look like this:
http://your-redirect-uri#access_token=ACCESS-TOKEN
Simply grab the access_token off the URL fragment and you’re good to go. If the user chooses not to authorize your application, you’ll receive the same error response as in the explicit flow.
error: access_denied
error_reason: user_denied
error_description: The user denied your request
I want to use Google CAL API v3 to watch multiple calendars and thus to update all those events from those calendars to a Master Calendar, so I need to use WATCH/PUSH notification in order that whenever there is a new event in those cal’s, those events shd be automatically be pushed/created in my master calendar.
But, I am facing the following issue :Under APIs Explorer. Most of the services return 200 OK, except the Watch request not working.
Services > Calendar API v3 > calendar.events.watch
i got the below request and response
Request
POST https://www.googleapis.com/calendar/v3/calendars/mailid%40domain.com/events/watch?key={YOUR_API_KEY}
{
}
Response
400 OK
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "entity.resource"
}
],
"code": 400,
"message": "entity.resource"
}
}
And then i followed as per the below google documentation
https://developers.google.com/google-apps/calendar/v3/push
Registering Your domain:
Step 1: Verify that you own the domain
Step 2: Register your domain
I verified my domain/notifications in google webmaster tools.
My verified domain look like this:
http://my-domain.com/notifications
And have added my domain name in the webhooks under the PUSH in Google Developer Console, as explained in the doc.
Is there anything i am missing here, plz is there an issue in SSL certificate fr my domain, how can i atleast test in the API explorer, so that i get a return code 200 OK. After that, I need to implement this push/WATCH via Google Apps Script.
Is there any documentation for apps script to use push notification.
Any hint, tip will help me, I am tired with this for the past 1 week in trial and error method.
In the request that you posted the body is empty. In the documentation there is an example where you need to provide the calendar ID, the web_hook and other information:
{
"id": "01234567-89ab-cdef-0123456789ab", // Your channel ID.
"type": "web_hook",
"address": "https://example.com/notifications", // Your receiving URL.
...
"token": "target=myApp-myCalendarChannelDest", // (Optional) Your channel token.
"expiration": 1426325213000 // (Optional) Your requested channel expiration time.
}
Add this information when creating the push notification.
For using apps script you can use URLfetch service with the method "fetch()" then you would need to provide the parameters mentions and make the call as a POST.
Hope this helps.
UPDATE: I will write here to have more space.
Push notifications work in this way.
-You create a push notification with the id, the resource you want to watch, the address where you want to receive the notification and the optional parameters.
-if successful, the server will watch that resource and will send a notification to the address mentioned in the request describing the changes when a change is made to the resource.
-The server needs to know that you received the notification, so from the address mentioned in #1, you need to tell the server that you received the notification returning a HTTP 200 response. (for this you need an app that is listening to the notifications and sending the responses)
for your questions
1.- As the server will make a HTTP request to a url (your web_hook address) Google requires it to be secure, that's why it is required to be HTTPS.
2.- Yes, without that url you won't be able to receive the notification.
3.- Google also needs to verify that the url you provided is actually yours, so you will need to provide the url, then Google will provide you a file, you have to make this file available in that url, then Google will call the url an will retrieve that file. Then you can prove that the URL is yours. I'm not sure if this step can be done with apps script. You can actually deploy a script as web app but i'm not sure if you can use it for this purpose.(here you can find more info and different ways to verify the url)
4.- That's created by yourself. In the documentation is pointed out the recommendations for it.
I hope this clarifies your questions.
You can check here how push notifications work, this example is for Drive but the concept is the same.
I have users registered to my website that connected their Google+ account, and I'd like to auto login them from a packaged Chrome app.
I'm following [1] and the related example [2].
I can successfully perform a Google account authentication and obtain a token and user info.
Next, I'd like to "exchange" Google token for a "my website" token.
I was thinking to:
app sends to server the token and user_id
server requests https://www.googleapis.com/plus/v1/people/me and verifies that user_id and token match
server searches for the user corresponding to (google) user_id and logs he in
The alternative would be to implement an oauth login form and follow Non-Google account authentication in [1], but it seems too much extra work to me.
Any suggestion / alternative way?
[1] http://developer.chrome.com/apps/app_identity.html
[2] https://github.com/GoogleChrome/chrome-app-samples/tree/master/identity
[edit: as pointed out in comments, not a secure method.]
Use the identity api to make a request from the app to get the google+ id:
GET https://www.googleapis.com/plus/v1/people/me?key={YOUR_API_KEY}
(with the https://www.googleapis.com/auth/plus.me oath scope)
In the response you will find
{
"kind": "plus#person",
...
"id": "117022097663427079142",
Send that ID to your server to look up the associated ID that your system uses.
You do not need to (and should not) send the bearer token.