I have set up Web Authentication for Google Drive API. I used the tutorial here, and I can successfully upload and download files. I cannot, though, find reference in the API about how to revoke the Authentication (I want to give my users the option).
I found this on SO : gapi.auth.signOut() but it does not remove auth, nor does it give an error in the console. Is there not a gapi.auth method to remove the token?
To revoke token, you can make a REST call to :
https://accounts.google.com/o/oauth2/revoke
and includes the token as a parameter:
curl https://accounts.google.com/o/oauth2/revoke?token={token}
Google reference
Related
I am trying to get google reviews for my business but struggling with implementing it. Can someone share how to get the latest/top 5 reviews using google business API using JavaScript/Postman? I was trying to do so:
GET:
https://accounts.google.com/o/oauth2/auth?client_id=MY_CLIENT_ID.apps.googleusercontent.com&client_secret=MY_CLIENT_SECRET&scope=https://www.googleapis.com/auth/business.manage&response_type=token&redirect_uri=https://developers.google.com/oauthplayground
but it doesn't work.
Was trying also testing it on Google oauth playground
filling:OAuth flow: Client-side
Use your own OAuth credentials: my Client ID here
Step 1:
Authorize API: https://www.googleapis.com/auth/plus.business.manage
but here I am getting:
Error 400: redirect_uri_mismatch
The redirect URI in the request, https://developers.google.com/oauthplayground, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/938304287177-nkvm5mqk3f5uq9lt9j2srqlgd0bjihip.apps.googleusercontent.com?project=938304287177
The redirect uri in your project on Google cloud console must exactly match the redirect uri you are sending from The easiest solution is to go to your project and add it.
https://developers.google.com/oauthplayground
Which is not the same as as you have an extra slash on the end
https://developers.google.com/oauthplayground/
This video will walk you though it. Google OAuth2: How the fix redirect_uri_mismatch error.
Question from Comments
how can I get the reviews using just API key without a need to authorize it using gmail account?
If you check the documentation Method: accounts.locations.reviews.list you will find that it says the following
API keys only allow you to access public data, the data you are trying to access is private user data and therefore requires authorization in order to access it. You can not use an API key to access this data you must be authorized using one of the above scopes. A video which explains api keys. Everything you need to know about Google API Key's, and where to get one.
I'm currently working on an application for myself in which I need access to my own photos/albums on Google Photos. I have gotten by using the oauth 2.0 token generated in the playground, but I'd like to get a more permanent solution that does not require me manually regenerating the token. Is this possible with Google Cloud? The app is meant to run in daemon, so this makes any option with consent pages unusable. The scopes I'm using are:
https://www.googleapis.com/auth/photoslibrary.sharing
https://www.googleapis.com/auth/photoslibrary.readonly.appcreateddata
https://www.googleapis.com/auth/photoslibrary.readonly
I have tried using the https://accounts.google.com/o/oauth2/token and https://accounts.google.com/o/oauth2/auth endpoints to generate one programatically, but the only minor success I had was /auth sending me to a consent screen. I've also looked at using the refresh token given by Google Oauth playground with no luck there either.
Just looking to see if there is anything that I am missing.. This is my first post on stackoverflow, so please let me know if you need any more information.
I was unable to make it an internal app as it was for personal use and not for an organization.
Solved this by first using the google api package to create my own access/refresh token for my oauth client, then calling the https://oauth2.googleapis.com/token endpoint each time to generate a valid access token. I hope this can be helpful to someone else!
According to the setup documentation, as long as your app is marked as internal, you should not need to verify the app and can use it without the consent screen.
I am currently pulling data from the API query URI from the query explorer from google. https://ga-dev-tools.appspot.com/query-explorer/ It's possible here to include a 60 minute access token.
Now I want a non expiring access token and gotten as far as the API Project website from google and I have generated a client id and secret.
I tried to add the client_id and client_secret as parameters to the url like so:
url&client_id=xxx&client_secret=yyy
This does not work.
How can I generate a working access token in Google (Sheets) scripts?
Thanks
I think you need to start at the beginning.
To get an Access token you need to use a client id and client secret to request access of a user. When the user grants your application access then you will be given an access token. A good place to start Using OAuth 2.0 to Access Google APIs
Usage:
RestRequesturl?access_token=[yourtoken]
When you request access of the user you send scopes with it scopes denote what access your application will need. There is a large list of scopes for Google here in your case you will need to request the scope for Google analytics and the scope for google sheets this will allow you to access both the user google analytics account and their Google Sheets.
As you know access tokens expire after an hour for that you need a refresh token a refresh token will allow you to request a new access token of the authentication sever without having to request access for the user again. I am not a JS developer but i know you can get a refresh token with node.js but i don't think you can with pure js.
I have a tutorial series that may help you get up to speed. Google development for beginners reading the one on Oauth2 would probably help you. Google Developer console oauth2
Apps Script keeps asking for offline permission with Youtube's API
In Google Apps Script, access to YouTube Reporting API is Forbidden
These are very similar questions however, I am logged in as the owner. The script is in the owner's drive.
My problem
I have been trying to access YouTube Analytics Reports from the Content Owner using GAS(Google Apps Script). There are two accounts a Brand account (holds the data i.e. the video content) and a User account. They both use the same credentials(email & pwd). When authorizing as the user, I get a 403(forbidden). When authorizing as the brand, I am asked to authorize offline access again and again, stopping me from ever being able to make a request.
What I've tried...
Running from Node, using OAUTH Playground tokens, and it works. But I need to stick with GAS.
Using google-script-oauth2: to hard code credentials (similarly to the Node solution) but I couldn't set the refresh token. I got a 401(invalid credentials) - I believe the bearer token was expired
Setting up credentials for and enabling both youtube and youtube analytics APIs
scrapping old credentials and attaching a new project to GAS
removing auth in privacy settings and re-authenticating
toggling a use unsafe scripts option and repeating step 3
switching between contentOwner and channel parameters for the ids param
NOTE: I have two OAUTH2 credentials app script and the web client both are set as Web Applications.
GAS Code
function test(){
YouTubeAnalytics.Reports.query("contentOwner==id", "2017-03-01", "2017-03-31", "likes");
}
Final Thoughts
I believe there is a disconnect between the Brand and the user such that the brand is not given the same access to the OAUTH 2 token. Therefore, it never generates a refresh token. So, the request sees that I am the authorized channel owner but it can't finish the OAUTH flow.
If this is true, why, and how do I fix it? If not, what do you think could be the error?
I just realized the script is in the user account and not the brand account. Would that affect the validation?
Also on the actual channel, the user is listed as the Primary Owner.
I think the problem has to do with Apps Script's limited OAuth scopes. Open the Script Editor and navigate to Resources->Advanced Google Services and you'll see that YouTube's Reporting API is not supported. However, you can get around this by using Service Accounts. They are a pain to set up but once you get them up and running you can explicitly request the scopes required to make authorized calls on the API from GAS.
Here are a few links to get you started:
Using OAuth 2.0 for Server to Server Applications
OAuth 2.0 Scopes for Google APIs
For Using OAuth 2.0 for Server to Server Applications you'll want to scroll down to the section titled Preparing to make an authorized API call. Select the HTTP/REST tab and it should walk you thru the steps you'll need to setup a service account (you'll need to create a JWT - JSON Web Token from your Google console for use in your API calls). You'll also need to retrieve the needed OAuth scope urls for YouTube's Reporting API from the second link provided. Once you're all set up you'll be able to make requests to the API directly from Apps Script using URLFetchApp. Best of luck with your project.
One more thing. Check out Google's API Explorer listing for the YouTube Reporting API. You can get the URL endpoints (and request methods) you'll need to use in your UrlFetchApp calls by playing with the Explorer.
UPDATE 4/28/2017
Also be sure to enable the YouTube Reporting API from your Google API Console.
I am trying to integrate google+ login with my website using javascript sdk, Though I am able to validate the user I need to obtain an access token on successful signin which I pass to the server to obtain further information. I went through the documentation in google developer console in this link: Google Sign-In for Websites
in that is could see a method GoogleUser.getAuthResponse() whose response object must contain an access_token.
However in my response object I couldn't find the access_token , but all the remaining key were present. I am not sure if the documentation is outdated.
Please help with me a solution this problem.