We are creating a Gmail add-on that integrates with a CRM product. The product is single-tenant and every client has their own site path under our domain. Each client also has their own path to authorize with, e.g. https://example.com/siteA/oauth/authorize.
When setting up the custom auth screens, it looks like we are expected to know the url to assign to a click event on the auth button.
authButton2 = CardService.newTextButton().setText('Begin Authorization!')
.setAuthorizationAction(CardService.newAuthorizationAction()
.setAuthorizationUrl(authurl));
I would like to have some user input before this point. I was playing with an input field where the user could type their site name an then click the authorize button although I was not able to overwrite the original authurl supplied to the setAuthorizationUrl method.
Ideally it would be nice if the add-ons had a way to store some one-time input (like "site name" in this example) so we would not have to ask again, but I have not found anything like this.
This seems like we need a central auth endpoint but am trying to avoid this.
Anyone have any experience with this or any ideas?
Just build the authorization button using the proper url after you get it from the user input.
You can't modify that button once you create it. Rather than modify it, just create the button after you receive the url and reload that card. Or put the authorization button a new card that you push to the top once you receive user input on the auth url.
Related
We have service where all user interaction is done via texting (iMessage) using Sendblue. We want users to be able to refer their friends to get free credits. The easiest way we can think of would be giving that user a link to send to their friends, which, when opened, would auto-populate a message to our number, the content of that message being the referring user's number. Example:
I (phone number +1234) want to refer my friends. I send them a link, which when they click, opens a text message to +4321 (the service) with the text prepopulated with my phone number, "+1234".
Right now the entire service is run through Zapier, so ideally would be able to work through that. You can also enter Javascript blocks into Zapier to manipulate data if that would help.
The only solution I have been able to come up with so far is create a different webpage for every person's phone number, which would just be a custom html link with the above that would be clicked automatically on page open.
Is there an existing service that does this (and ideally works with Zapier)? Or would I have to do what is described above? If so, what is the easiest way to integrate that data? Is there a way to automate webpage creation?
Any and all help is appreciated!
When I log in with an account which does not belong to the expected domain, this message is shown (which is correct).
I think this message is kind of ugly and not understandable for a non-developer person. Is there a way to modify this message in the Google Cloud Console or inside the OAuth code? I would like to display for example:
The email you used does not belong to the happy.com domain.
I fount this Feature Request In the Public Issue Tracker, and there they suggest to follow the steps of Customize the rejected-app message. Basically it mentions:
Your current account, user#domain.com, doesn't have permission to do these steps. To continue, switch to an administrator account. This will open the Google Admin console.
Switch to administrator account now or Learn more
From the Admin console Home page, go to "" and then Security and then API controls.
Under App access control, go to the Settings section.
Type your custom text in the box under the following message: Show this message if a user tries to use an app that can’t access restricted Google services.
Click SAVE.
If this doesn't make it, I would recommend you to comment on that FR in which they mentioned:
I have filed this feature request internally.
You might also want to ‘star’ the FR to ensure that you receive updates about it. You can also adjust notification settings by clicking the gear icon in the top right corner and selecting settings.
I am using the Google Drive API to import user images. It’s all working fine. But I have one question: what should be done if user does not authorize the app?
By default, Google’ API redirects the page to the redirect location. But I want to do something else. For example, I want to call a function in this particular situation.
Explanation:
Steps for authorization (using OAuth 2):
Click on login button.
Go to Google to enter username and password.
Enter the correct username and password.
Click the accept button to grant permission to the app.
Google redirects to your server app, with or without a token.
But if the user clicks on the “cancel” button, Google redirects to the URI I passed in as the redirect URL without authorizing the app (as expected). However I want to call a javascript function in this situation.
How can I do this?
In step 5, the page you return (or redirect to) can have ondocumentready() code which reads the URL and does whatever you want.
I solved this.
I just needed to look at the redirection url I was getting. It was clearly mentioning that user has denied to authorize my app. I just needed to fetch that using $_REQUEST and it was all done.
Thank you all so much by the way to look into this.
I am integrating Box.com with my application. My flow is when the employee login for the very first time, he will be presented with Box Page in an frame (Please note I am not using Box Embed Widgt as such).
After entering the valid username and password in box page, then user wil be taken to another page, where he can select "access to box" or "Deny Access".
Now my issue is when I click on Deny Access nothing happens, I get a blank screen. When debug it reaches my application back and but nothing happens.
Could you please guide me.
Thanks
If the user clicks deny, then Box will call your redirect URI (on your server) with
You will receive a GET request at
https://www.yourServer.com/someendpoint?error=access_denied&error_description=The+user+denied+access+to+your+application
You will need to handle that response, and know that the user decided they did not want to use your application.
You do get a notification of the denial via the page registered with Box.
When you register your application with Box you provide a page (your page) that will be called when the oAuth completes.
This is explained in this tutorial: http://developers.box.com/oauth/
Look particularly at this section:
Authorization Code: The authorization code is only valid for 30 seconds.
However, if the user clicked Deny, you will receive a request with an error and error_description parameter, such as:
GET https://www.sean.com/rose?error=access_denied&error_description=The+user+denied+access+to+your+application
Suppose I am going to create a web page with two box, for entering the user id and user password respectively. And then once i click the submit button, it will check with the database in background whether this user exist. If it matches anyone in the database, the user id and user password will be forwarded to the other page, at the same time it will redirect to that user's main page.
Can I just use servlet to complete this task?
I found there is request.Dispatcher API but is it enough for the task?
String name = "Tom"
request.setAttribute("name",name);
RequestDispatcher dis = request.getRequestDispatcher
("Servlet2");
request.Forward(request,response);
in second servlet file
request.getAttribute("name");
//this line will display "Tom"
One more question to ask, how about clicking a link (INSTEAD OF BUTTON) to pass some data and redirect to other servlet pages? Any idea? Many thanks for your reply.
Yes, you can use a servlet for this. Whether the dispatcher is enough or not depends on the concrete functional requirements which are not fully clear from your question. The canonical approach, however, is to store the logged-in user in the session scope instead of in the request scope. Otherwise the user has to login everytime the user want to visit a restricted page.
Also, you normally would like to send a redirect after the login succeeds. This way the new URL get reflected in browser's address bar. Also this way pressing F5 afterwards won't cause any possible surprises. Forwarding from one to another servlet is at its own also somewhat a design smell. Including would have been reasonable, but forwarding not. As said, send a redirect instead.
As to using a link to submit a form, just execute JS form.submit() during the click event.
<form id="login">
...
login
</form>
An alternative is to style the button to look like a link with a little help of CSS. This way it'll also work on clients who have JS disabled (for example, the handheld users).