I'm trying to create a small tool to get data from google fit. This tool should use a service account, as it will run headless. My problem is, that by default the rest api for google fit seems to query the service account, which of course does have no data.
I read, that I have to active Domain-wide Delegation for the service account, but I can't.
(account is removed, no worries about the client ID).
When I try to log into the admin console to activate this, I'm in a loop of this screen:
I can add my account, but then it leads me back to this page (with empty list).
My guess is, that I need to have a payed account in order to use the google fit api with a service worker. Does anyone of you know more about this?
Thanks
Eagle
Related
I’ve built a google action that talks to my bespoke web Api.
The actions code currently has personal details hard coded into it. I need to make it so that when someone uses it for the first time it asks them for a username password and URL.
Is there a way to do this? Or maybe there is a way for a user to add those details to there google account in some way that the action can read them.
Alternatively is there a way to publish an action so only specific users can access it?
In general, asking for a username and password is a bad approach for Actions, for several reasons, and asking for a URL can be quite a mess. Particularly if you're expecting the user to access the Action via voice or a device that doesn't support a keyboard.
The better approach is to use Account Linking to connect their Google Account to an account they have created on your system. If you need additional one-time configuration information, you can have them provide this information for their account via a webapp, store it in a datastore of some sort, and then access it when they contact your webhook via the Action.
There is no way to have the Assistant enforce access to a production Action. You can publish an Alpha release to up to 20 accounts, but this is still treated as a "test" version.
I am trying use Google Drive Rest API. My use case is, I have a google domain with some users and one admin. And I need to access and manipulate all users data from admin account.
Is it possible?
If possible can any one say how?
You have to use a Service Account to authorize your requests. Here you can find a guide that explains how. I'd recommend reading the documentation carefully as using service accounts may be quite dangerous.
I'm quite new to Cloud Storage solutions, and I'm currently researching options to upgrade our current solution (we currently just upload on a SVN server).
What I have is a native application running on client computers, which will upload data to the Cloud Storage. Afterwards, client should be able to download and browse their data (source is not set in stone, could be a website or from other applications). They should not be able to access other user's data.
I'm not sure how I'm supposed to proceed. As far as I understand, the native application will upload using a Native Application Credential, using JSON.
Do I need multiple credentials to track multiple users? That seems wrong to me. Besides when they come back as 'users' through the web interface, they wouldn't be using that authentification, would they?
Do I need to change the ACL of the uploaded files afterwards?
Should I just not give write/read access to any particular users and handle read requests through Signed URLs, dealing with permission details by myself using something else on the side? (not forcing a Google Account is probably a requirement)
Sorry if this is too many questions, and thanks!
Benjamin
The "individual credentials per instance of an app" question has come up before, and unfortunately there's not a great answer. If you want every user to have different permissions, you need every user to be associated with a different account.
Like you point out, the best current answer, other than requiring users to have Google accounts, is to have a centralized service that vends signed URLs to the end applications. That service would be the only owner of all of the objects and would give out permission to read or upload as needed.
I seem to be having a weird problem with my personal account getting mixed up with my work account when using the GA API... I created a dev con project under my work account and downloaded the client secret json file, but, even though I have never used any Google API with my personal account, the GA API seems to be only picking up my personal site...
Oddly, when I use the Query Explorer, https://go-dev-tools.appspot.com/explorer, with the very same work account, I see the correct work GA sites...
I have used the "linked" account before however but I'm quite sure that I was not on my personal account when I created my dev con client secret json Oauth2 stuff...
Has anyone run into this before? How can I unlink my personal account as I need to pull using only my work account?
Thanks for any help you can give...
Frank
First of all check that your home email does not have user access to the work accounts. It would show up even with only Read access.
Second I'm thinking perhaps you are confusing the Google API console user with the GA authenticated user.
You can create a Google API project with the GA API with your home account, with the OAuth2 and client secret etc.
It is then possible for any user to autheticate with your app (including your work email), it just uses your Google API project to get there.
If you want to keep it all seperate, then try creating the Google API project with your work email instead.
The Google API project was set up correctly, but the authenticated user, which I cached awhile ago, must have been my personal one. I nuked the cache and created a new one with the correct account and seems to be fine.
I would like to enable logging in from multiple services on my site, but would not like users to login with, say, facebook and then logout and then back in with, say, Google+.
I am not sure if there is a practical way to detect that someone has done this?
I saw Janrain mentions account linking, is this provide this kind of service?
Security doesn't have to be watertight, but would like to make it hard to login multiple times and post from different accounts. At the same time, having multiple providers would be desirable to as not everyone uses Facebook.
Thanks for any help/info/suggestions.
Unfortunately there is no one point where you can check if a give account on one service is the same person as an account on another service.
One way is to drop a cookie on their browser when they log in with Service A, this cookie would indicate te service the user used to log in the last time. Then the next time they arrive on your site you can check for your cookie and then only show the login service they previously used.
Another option to make it more difficult to log in from multiple services is to request the email address of the user from the service and see if it already exists in your Database under a different account?