OK.
So I am building a simple app for a friend. The biggest requirement for this app is that he wants a user to be able to go to his site and create an event on his google calendar. I have let him know that this calendar will have to be made public and he is fine with that. I created an API Key with google and the first call against the API with the API Key to get calendar events for a given day works fine. The second request, a post, returns :
err(401)"API keys are not supported by this API. Expected OAuth2 access token or other authentication credentials that assert a principal."
It doesn't make sense that his website would be an OAuth app because that would require the user have a gmail account.
There has got to be some kind of way to make this work ...
Thanks Everyone
I just want to make a post request to Google Calendar API using an API Key.
API keys only give read access. If you want write access you need the permission of the owner of the calendar
options
Create a google workspace account and use a service account with domain wide deligation
use Oauth2 have your friend auth it once store the refresh token and use the refresh token to request a new access token when ever you want to write to the calendar
neither option will work with client side JavaScript switch to a server side programming language
Related
I am trying to get google reviews for my business but struggling with implementing it. Can someone share how to get the latest/top 5 reviews using google business API using JavaScript/Postman? I was trying to do so:
GET:
https://accounts.google.com/o/oauth2/auth?client_id=MY_CLIENT_ID.apps.googleusercontent.com&client_secret=MY_CLIENT_SECRET&scope=https://www.googleapis.com/auth/business.manage&response_type=token&redirect_uri=https://developers.google.com/oauthplayground
but it doesn't work.
Was trying also testing it on Google oauth playground
filling:OAuth flow: Client-side
Use your own OAuth credentials: my Client ID here
Step 1:
Authorize API: https://www.googleapis.com/auth/plus.business.manage
but here I am getting:
Error 400: redirect_uri_mismatch
The redirect URI in the request, https://developers.google.com/oauthplayground, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/938304287177-nkvm5mqk3f5uq9lt9j2srqlgd0bjihip.apps.googleusercontent.com?project=938304287177
The redirect uri in your project on Google cloud console must exactly match the redirect uri you are sending from The easiest solution is to go to your project and add it.
https://developers.google.com/oauthplayground
Which is not the same as as you have an extra slash on the end
https://developers.google.com/oauthplayground/
This video will walk you though it. Google OAuth2: How the fix redirect_uri_mismatch error.
Question from Comments
how can I get the reviews using just API key without a need to authorize it using gmail account?
If you check the documentation Method: accounts.locations.reviews.list you will find that it says the following
API keys only allow you to access public data, the data you are trying to access is private user data and therefore requires authorization in order to access it. You can not use an API key to access this data you must be authorized using one of the above scopes. A video which explains api keys. Everything you need to know about Google API Key's, and where to get one.
Apps Script keeps asking for offline permission with Youtube's API
In Google Apps Script, access to YouTube Reporting API is Forbidden
These are very similar questions however, I am logged in as the owner. The script is in the owner's drive.
My problem
I have been trying to access YouTube Analytics Reports from the Content Owner using GAS(Google Apps Script). There are two accounts a Brand account (holds the data i.e. the video content) and a User account. They both use the same credentials(email & pwd). When authorizing as the user, I get a 403(forbidden). When authorizing as the brand, I am asked to authorize offline access again and again, stopping me from ever being able to make a request.
What I've tried...
Running from Node, using OAUTH Playground tokens, and it works. But I need to stick with GAS.
Using google-script-oauth2: to hard code credentials (similarly to the Node solution) but I couldn't set the refresh token. I got a 401(invalid credentials) - I believe the bearer token was expired
Setting up credentials for and enabling both youtube and youtube analytics APIs
scrapping old credentials and attaching a new project to GAS
removing auth in privacy settings and re-authenticating
toggling a use unsafe scripts option and repeating step 3
switching between contentOwner and channel parameters for the ids param
NOTE: I have two OAUTH2 credentials app script and the web client both are set as Web Applications.
GAS Code
function test(){
YouTubeAnalytics.Reports.query("contentOwner==id", "2017-03-01", "2017-03-31", "likes");
}
Final Thoughts
I believe there is a disconnect between the Brand and the user such that the brand is not given the same access to the OAUTH 2 token. Therefore, it never generates a refresh token. So, the request sees that I am the authorized channel owner but it can't finish the OAUTH flow.
If this is true, why, and how do I fix it? If not, what do you think could be the error?
I just realized the script is in the user account and not the brand account. Would that affect the validation?
Also on the actual channel, the user is listed as the Primary Owner.
I think the problem has to do with Apps Script's limited OAuth scopes. Open the Script Editor and navigate to Resources->Advanced Google Services and you'll see that YouTube's Reporting API is not supported. However, you can get around this by using Service Accounts. They are a pain to set up but once you get them up and running you can explicitly request the scopes required to make authorized calls on the API from GAS.
Here are a few links to get you started:
Using OAuth 2.0 for Server to Server Applications
OAuth 2.0 Scopes for Google APIs
For Using OAuth 2.0 for Server to Server Applications you'll want to scroll down to the section titled Preparing to make an authorized API call. Select the HTTP/REST tab and it should walk you thru the steps you'll need to setup a service account (you'll need to create a JWT - JSON Web Token from your Google console for use in your API calls). You'll also need to retrieve the needed OAuth scope urls for YouTube's Reporting API from the second link provided. Once you're all set up you'll be able to make requests to the API directly from Apps Script using URLFetchApp. Best of luck with your project.
One more thing. Check out Google's API Explorer listing for the YouTube Reporting API. You can get the URL endpoints (and request methods) you'll need to use in your UrlFetchApp calls by playing with the Explorer.
UPDATE 4/28/2017
Also be sure to enable the YouTube Reporting API from your Google API Console.
I'm trying to use Trello API to create cards on our boards. But i cannot really bypass authentication programmatically, because a user prompt always appears asking for authentication in trello.
The idea is i create a system user on trello, add it to the boards, then use its API key to create the cards. I'm following this approach because I used Zapier to generate cards from Freshdesk, and wondering how Zapier bypass OAuth to do this.
You simply cannot bypass the authentication of the API, however what you can do is to generate the valid oAuth tokens for your "System User" and use them for authentication.
I'm not aware of the complete Auth process of trello, but most oAuth providers give you the possiblity to create tokens which last quite long (refresh tokens). You could use these in your code to call the api without any additional auth process.
You could also store the normal auth tokens and re-validate them from time to time using the prompt.
Best solution depends on what you are trying to achieve...
My application using JavaScript to connect to get access the Google drive API.(see https://developers.google.com/drive/quickstart-js). First time it ask the user permission. At the time Google may give *access_token* to my application. I want to use the token to access the Google drive data in future(That time the user may not be sign-in in Google account). Is it possible? if possible how to do?
Is it possible to the application to ask Google "please I want to get permission of the user user#example.com"? It will be useful at the time of multiple-signing
EDIT: Exactly my question is "Offline access is possible in JavaScript-API?" See It is possible in PHP-API: https://developers.google.com/accounts/docs/OAuth2WebServer#offline
The JavaScript API uses the OAuth 2.0 Client flow which only returns an access token. If you set approval_prompt=auto in your request URL, the consent page for a given set of scopes will only be shown the first time the user goes through the sequence, so he will not have to grant access to your app again:
https://developers.google.com/accounts/docs/OAuth2UserAgent
I'm new to Google Calendar APIs and what I'm trying to do is to display today's events from a public Google Calendar using JavaScript.
I've found this resource(dead link), but I can't figure it out how to modify it so that it will output only today's events.
Any help will be appreciated.
Take a look at the API: https://developers.google.com/calendar/quickstart/apps-script
You can set the start-min and start-max parameters.
AuthSub proxy authentication is used by web applications which need to authenticate their users to Google accounts. The website operator does not need access to the username and password for the calendar user - only special AuthSub tokens are required. Please see the AuthSub documentation for more detailed information.
When a user first visits your application, they have not yet been authenticated. In this case, you need to print some text and a link directing the user to Google to authenticate your request for access to their calendar. The Python Google Data API client library provides a function to generate this URL from the CalendarService class. The code below sets up a link to the AuthSubRequest page.