My users store some data on my website that they might like to backup on another site, for example dropbox or google docs.
Is there a way for me to save their data into their accounts but (here it comes...) without knowing their password? Like Paypal, where only Paypal sees your password, except more complicated because the user needs to ok that data be copied into their account?
Or does anyone have any clever ideas about this? They could, of course, just copy it to their desktop and drag it in from there. But maybe a nice way to do this??
Or just use the Saver: https://www.dropbox.com/developers/dropins/saver
No auth required. The user just logs in (if not already) and chooses a location, and the file gets saved into their Dropbox.
That is basically what OAuth2 does.
User accesses Google Drive/Dropbox website and log in to grant you access.
Then, you will get special access code which you can use to save data without you knowing user's password.
Here are some links you might find useful:
https://developers.google.com/accounts/docs/OAuth2
https://www.dropbox.com/developers/blog/45/using-oauth-20-with-the-core-api
Related
There's an interesting problem I'm facing as an educator. I want to collect user names in a form, but when I do that, it automatically enables students to email themselves a copy of their response.
I believe there's a way to somehow poll who's responded. When you enable the "one response per user" option, it doesn't require a stored user name. I know the information is out there somewhere - I just don't know how to get to it.
Any help would be greatly appreciated!
EDIT: I neglected to be specific about the coding aspect - apologies. I'm generating the form programmatically, and wanted to know if the information is stored somewhere in the response when the one-response-per-person option is enabled. After more digging, it appears that the easiest way to deal with this is to use an extension to handle disabling the email option.
Thanks for all your help!
you cant get the user email unless you enable that option like you mentioned. yes google might internally know who you are if you were already logged-in but its not perfect because using chrome incognito mode for example would not detect the email.
one way I can think is to:
1) with apps script generate an array of all student emails and a random password. dump to a private spreadsheet and use as your database for the next script.
2) in your forms, ask first as a form question the custom username and password.
3) on another script you can generate form urls with prefilled usernames and passwords and email each student their own custom form url.
when the student opens the form to respond, the username and password would be prefilled already.
not perfect but a malicious user would need to hack the email and if they can hack their email then they could also impersonate the user logged-in.
I'm working on a an application where my back-end server will push and pull data over the google drive sdk. So, the back-end will only ever need a authorization via a single admin user's set of credentials.
Is the best way to do the authorization for this use-case to do what's described here?
https://developers.google.com/drive/web/auth/web-server
It looks like I would manually authorize my back-end's user once and store the refresh token for later offline access, thereby not needing manual/human interaction ever again.
But is that actually the best way for this use case? Is there another authorization workflow that I've overlooked?
The method described at the link you sent is appropriate when you are authing several end users. I find it's overkill if you only ever need to auth a single user. Too much code and faffing around for something that will only be used once.
Check out How do I authorise an app (web or installed) without user intervention? (canonical ?) which is a one-time procedure which gets you the same result, without writing any code.
Having worked on it some, I think the best way for my application is this:
https://developers.google.com/api-client-library/python/auth/service-accounts
You create a Service Account through the admin console. There's no messing around with a manual authorization step that could later break the app.
First I apologize if I'm a dolt and am missing something obvious, but I've spent a few hours scouring documentation and am lost.
I'm trying to write a python script that will upload a bunch of images to a single user's Google Drive. The user already exists and will never change. I am not writing a web app and don't plan to use any user interface whatsoever. Everything will be done through code.
As best I can understand from the Google documentation, I have two choices:
1) Write a web app and register it to use the Drive DSK. This of course requires having urls and such for the web app.
2) Create a service account, which ties my "app" to a new service account email.
Neither of these options works for me. Is there any way to simply log in to a single user account and access their drive through python scripting?
There is a deprecated API called ClientLogin that would enable you to use the username and password for a login to access that Drive data.
But the basic idea is that you should be using something more secure -- from your users' point of view -- that allows them to authorize you without giving you their password.
For your use case it is possible that the user is you or someone you know and that you are accessing their account through a more personal kind of authorization. In that case, ClientLogin may be your best choice. If this is an application designed to be used by arbitrary users, the deprecation of ClientLogin is for a good reason and I would urge you to bite the bullet and choose one of the supported options.
The correct solution is to separate the authorization phase from the access phase. The authorization process needs to be run one time only, and can be done from a simple web site. The result of this is a refresh token which is analogous to a username/password. You will need to be aware of the security implications. Make sure you only grant drive.file scope to minimise the impact of a security breach.
Since you are uploading images, you might also want to look at the picassa api.
If I specify access_type=offline in the auth url and a user attempts to auth a second time I get a box that says it is asking for offline access.
I would have expected it to be already authorised and so not require additional permissions
Any ideas?
Edit:
A bit more info. The first time around it makes no mention to the user of needing offline access. I would have thought the offline permission to be mentioned in the original auth anyway.
Edit 2:
Some more info on my use case. It is possible in our system for a person to have two accounts but then use the same google drive account. This means that we have no way of knowing that user has already authorized with google and so have to present the authorization again for the second user.
The first time around (for user 1) you are told that the app is asking for :
View and manage Google Drive files that you have opened or created
with this app
View and manage the files and documents in your Google
Drive
The second time around (for user 2) you are told the app is asking to:
Have offline access
This seems wrong to me.
As an aside:
The whole "have offline access" statement is very confusing for a user and also quite misleading. Most people assume this means the app can read the contents of your pc. In fact it means that the app can authenticate with your account with out you being there (i.e. using a refresh token).
I have a web app in php mysql, I want to use one google drive account for my app.
Can I use my app's accounts instead of google users for privilages.
I read in SDK I can use service account to login without promting user, but I don't know how to share or give permissions files for custom users.
In api reference I found this:
"The user is not necessarily yet a Google user (e.g. if a file or folder is shared with an email address that does not yet have an associated Google account). Example: 1111459233037698895607".
How a custom user in my app should get a token for own privilages.
I am not exactly sure what you want to achieve here, but if you want to use your own permission system, you can't. You can, however, apply read/write/owner permissions to files to mirror your own permissions.
If I have totally got the wrong idea, please explain.