How to prevent suspended Google account to signup - google-drive-api

I am integrating ASP.NET application using Google Drive API. For this after authentication we re uploading Files to Google drive. I am using Google client library to Call the APIs.
Everything is working as expected I am able to authenticate user successfully and able to upload the file successfully.
In one scenario when the user Google account is suspended then I am getting refresh token from Google but my upload method is failing and it is not uploading the file to Google drive.
I want to restrict the user on Signup screen itself, when account is suspended.
What parameter do I have to pass to achieve this please suggest?

Unfortunately this info is not easily available. You have two options :
Use the Directory API to see if the user is suspended. This requires additional OAuth permissions to be provided by an admin of the domain.
At login, try and perform a Drive API call to see if you get an error or not. If you get an error (with a couple of retried) and the error message matches the one you had for suspended users, then you can deny access to the user.

Related

Project with Google APi with self user auth

I was able to create a project to connect an app to google data, for a specific account (followed Google People API)
But now I would like that each customer log in hisself to his account and manage his data.
I can' t create project in the Google API Console for each customer, my app needs to read auth from each user who will use my app and "auto" create auth to read google contact data of the logged user.
Is possible?
Could you suggest me articles about how to do?
It sounds like you are trying to do exactly what OAuth 2.0 (see the page you linked to) gives you: authenticating users. This differs from using an API key, which is only authorizing your project and has nothing to do with a user's credentials.
OAuth 2.0 combines a Client ID (associated with your Google Developers Console project) and a user's login (specific to the user who is accessing your app/site) to give you an authorization token. This token will let your app act on behalf of that user when calling that API. Just make sure to request the necessary scopes as part of the OAuth 2.0 authorization prompt given to the user.
How to give this prompt varies by environment, but many common options are listed on that link.
Note that you always use the same Client ID, so you only need one Google Developers Console project, but you are given a unique token specific to that user's login when they authorize your app, so this lets you act as any user which grants your app access to their account.

Google Drive API Share document for offline writing/updating

I have created a web app which is making use of Google Drive API/ REST v2 (https://developers.google.com/drive/v2/web/about-sdk) to perform actions such as create/update/rename/delete of documents etc.
I am authorizing requests with OAuth 2.0 (client side - that means every access token is valid for ~1h and then silently I am getting a new token) and then perform previous actions using that token.
I have a new requirement for the authorized user to share his/her documents for writing/updating them (I found out that API has option for inserting permissions (https://developers.google.com/drive/v2/reference/permissions/insert : role: writer, type: anyone).
Is it possible for a non-authenticated user to be able to write/update documents (programmatically - via Google Drive API v2 or another API?) that have been created from the authenticated user that shared these? (something that is similar to google docs/ sharing when a user is sharing his document and offline users are able to edit it?
Thanks.
Is it possible for a non-authenticated user to be able to write/update documents (programmatically - via Google Drive API v2 or another API?) that have been created from the authenticated user that shared these? (something that is similar to google docs/ sharing when a user is sharing his document and offline users are able to edit it?
What you are describing here is something called a service account. Service accounts are like dummy users. You can share a file on your Google drive account with the service accounts email address and the service account will then have access to that file. Assuming that you gave them edit permissions it will be able to read and write to it without authenticating.
Note: service accounts do not work client sided you will need to use a server sided language to use service accounts.

Google Calendar API - 403 error

I am attempting to set up an application using the Google Calendar API. I set up all the credentials and set the authorized JavaScript page equal to http://localhost:8000 as suggested within the quick start guide at https://developers.google.com/google-apps/calendar/quickstart/js. When I try to run the file on localhost:8000/quickstart.html it will show the basis page but no information. I can click the authenticate button and it will allow me to authenticate my account to use the Calendar application, however nothing will show up information-wise. Checking the console, the following errors are present:
Get https://content.googleapis.com/calendar/v3/calendars/primary/events?maxResults=10&orderBy=startTime&showDeleted=false&singleEvents=true&timeMin=2017-08-11T20%3A58%3A29.156Z 403 ()
and
Uncaught {"error":{"errors":[{"domain":"usageLimits","reason":"accessNotConfigured","message":"Access Not Configured. Calendar API has not been used in project 440480151645 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/calendar.googleapis.com/overview?project=44080151645 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.","extendedHelp":"https://console.developers.google.com/apis/api/calendar.googleapis.com/overview?project=44080151645"}],"code":403,"message":"Access Not Configured. Calendar API has not been used in project 44080151645 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/calendar.googleapis.com/overview?project=44080151645 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."}}
However, going to the supplied link only says that I do not have access to the calendar.googleapis.com api and will not let me enable my Google Calendar or use it.
Google calendar uses Oauth2.0 for authorization. There are three essential components of this. If any of these are missing, authorization will not happen properly and you'll get a 403.
Access token - the google calendar API saves an access token to your
/.credentials folder by default. Your application will need to be
able to read this file (wherever it may be), otherwise you will have
to manually authorize API calls with every request.
client_secret.json - this is a necessary file to authorize your
application itself as a client of google. When you created a clientID and such using the google developer portal, this file was
created, and must also be read by your application.
Scopes - The scope is what level of access you have. It is by
default in the quickstart set to "read-only", which could be why
you're getting 403. If you want to change the scope, you're going to
have to edit both the line of code in the quickstart and either
modify the access token or get a new one to reflect that change.
I have gotten this error before, but that was before I understood Oauth2. If the problem isn't in any of these, it's likely something that you selected in the developer console. Let me know if you are still stuck.
Based from this thread, try setting the Referrers to Any referrer allowed for your project (just leave the field empty) in the Google Developers Console if it is not already like that.
To do this, go to your Google Developers Console and open API & Auth / Credentials and click Edit allowed referrers empty the input field.
Additional reference:
Google Calendar API v3 Access Not Configured
403 error with message:Access Not Configured. Please use Google Developers Console to activate the API for your project
Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration

Drive API multi login iframe issue

I am using drive api in my app and it works well , but sometimes when multiple users are logged in and I try to open a file in the browser with the link fetched via drive api I see the error message "You need permission. Want in? Ask the owner for access, or switch to an account with permission. Learn more" .
Steps to reproduce :
login to google drive with one account.
login with a second account and use drive api.
when you try to open public files you get that error.
If you add access token in url it seems to resolve the issue but thats a security risk. If you add authuser param to url that also works, but I can't find a way to get current user's authuser param.
Any help is appreciated.

Store file on google drive from server

I 've the follow simple scenario:
a server of my boss
some costumers with google drive accounts
so I'd like to transfer daily some files to costumers google drive...
My question is: if a customer have pc disconnected or is not logged to my site is possible from my server upload a file into costumer google drive?
And if yes there's a limit of user or daily transfer?
p.s.
better if I can use A Google Drive spreadsheet and update data
thanks
Yes it is possible, but there are many steps in between.
1.- You would need an application, so you can perform this operations through your app. check the documentation.
2.- You would need to set the offline access, this way you will be able to upload files even if the user is not logged. Oauth Offline access.
3.- The users (customers with Google Drive account) will have to authorize your application to access their Drive accounts. After this you will be able to get an access token and a refresh token.
4.- With the refresh token you can refresh the access token (it expires after an hour) without having the user to login again and get a new access token. (you have to store this refresh token)
5.- Now you can call the function Drive.Files.Insert in order to upload a file into the customer's Drive. When calling this function you need to provide the access token related to the user.
6.- There are limits that apply to the API. These quotas are against the application. If you make too many calls to the API, you may reach these limits for your application. You can check these limits in the Developer Console of your application.
I hope this helps. I know it's a lot of information but is the procedure you need to follow.