I need my application to be able to log on to Gmail and send email on behalf of the user. The user supplies credentials. However, when I do so I get this message from Gmail:
Subject: Google Account: sign-in attempt blocked
Hi Jessica,
We recently blocked a sign-in attempt to your Google Account [...].
...
If this was you you can switch to an app made by Google such as Gmail
to access your account (recommended) or change your settings at
https://www.google.com/settings/security/lesssecureapps so that your
account is no longer protected by modern security standards.
I would like my app to "protect users by modern security standards" but nowhere do I find any data on what "modern security standards" means in this context. The app uses SSL, user name and password.
The app works if you do click the link, but I really don't want my users to have to click the "lesssecureapps" link, though if that is the only option, so be it. But I'd rather modify my app to be compliant with what Gmail needs. However, nowhere does it say what I am missing.
Any help please? I want to do the right thing.
Related
I have signed up for Gsuite Essentials and attempted up upgrade to Gsuite Enterprise. I only have a single email address eg a#abc.com. I had already been using this account as a normal google account. (no gmail though).
I couldn't get the admin console to show the upgrade option, but found I needed to verify my domain. So I added the TXT record to my domain abc.com, which would then let me verify.
I could then log in to the admin console as a#abc.com and clicked on the upgrade option and completed the process. This then let my a#abc.com user have access to Gmail. I have not transferred any domain settings over to google, that is all still externally hosted.
I can now no longer log in to the admin console, it says that my a#abc.com account doesn't have the rights and I need to log in as the administrator. There is no other account linked to the Gsuite settings, so there is no other administrator. I can still log in to the normal google account and do the same functions as previous.
I have now removed the TXT record hoping that would cancel it out again.
How do I get access to the admin side again?
Side note: What I am mostly worried about is that I put my credit card details into the signup, but can't get into the admin page and can't contact any form of support. It is literally impossible to get support to use the serve I paid for.
First thing first, the txt records are a string for the only purpose to verify the ownership of the domain therefore deleting them won't change anything you only need this record for the verification process and once is done you can delete them.
As an example is like a text message sent to your mobile phone, if you delete the message nothing will happen right?
I tell you this so you won't more time on the domain DNS zone settings because the issue is not there and you won't solve the problem.
There may be few things that may have happened.
The first thing you should do is to navigate in an Incognito page, make sure that is the only incognito page that you have opened and log in with a#abc.com.
Try to run different test in incognito, the issue really looks like that you are logged in with multiple Google Accounts and when you go do admin.google.com it picks up the wrong one. That's why you should go in incognito.
EDIT
Use as reference this link Here.
Follow the steps in Paragraph 'I'm taking control from another admin' here the steps:
Go to the G Suite Essentials sign-up page.
2, Sign up using your email address at the domain you're verifying.
Use an address where you can get mail.
Follow instructions in the Setup Wizard to become the admin who manages G Suite Essentials for all users at your organization.
If this didn't solve the issue then you should contact the Google Support and they will tell you what happened.
The thing is that if you can't access the Google Admin you won't be able to contact the Google Support, hence you should follow this:
.1 Can't sign in to the Admin console: https://support.google.com/a/answer/6335621?hl=en
I'm currently working on an IOS app and I'm using Firebase to deal with all the logging in and authentication.
I would like to set up email verification but every tutorial online says that my Dynamic Link needs to be registered in Xcode as an "Associated Domain". It doesn't seem I can do that without a developer account which I don't want to buy just yet
Is there any way that I can set up email verification without paying for a developer account?
Thank you,
Ethan
You can use Firebase Authentication's email verification without setting up an associated domain The only difference is that in that case you can't automatically re-open the app when the user clicks the link, as that requires the domain association. So the user will have to (re) open the app themselves, but aside from that email verification itself will work fine.
I am trying to add a new member on my google-cloud project but i can't make it work.
The link inside the auto-generated email from google is well linking to the page where the user can confirm/decline the invitation inside a modal.
But when this user click "confirm" an error message appear inside the modal but disappear immediately - so quickly i can't read it. As a result i can never grant access to my project to this user.
In my browser debugger here is the error i can trace (some values are forged) :
"NetworkError: 400 Bad Request - https://console.developers.google.com/m/teams/acceptinvitation?xsrf=AFE_nuNg_V8394FDKjdfkjkjwKDFXDVg%3488T6J5783&authuser=1&action=accept&pid=apps~myproject-hosting&receive_updates=false"
This user has a custom domain which is a google-apps managed domain. I specify this because its the only kind of users we cannot invite to the project.
No problem for adding users with #gmail account.
From the google-cloud documentation i can read this :
If you are using a Premier or Google Apps domain, the administrator for your domain should first create the Google account from within the Users panel of your Admin Console.
I don't understand this sentence as my user is off-course already listed in my domain.
This might be expected behavior from the App Engine. I know that once you link you application to a specific domain via Google Apps, it becomes very hard to add people from outside that domain to your application.
I know that you can create a google group, enable "out-of-domain" members to that group. Then you can add that group to your project. Then you can add his email to the group, which should give him access to the project.
Only caveat here is that, if your domain is google.com, you will not be able to use this workaround, and this may require help from support.
Well i finally did it.
Google seems to have fixed the flashing error message making it impossible to read.
Now it display something like this : "Contact your administrator to enable AppHosting admin on your account".
This is done has follow :
Login to your main google-app account on http://admin.google.com
Go to "App"
Go to "Additional Google services"
Enable "Google Developers Console" for everyone
Now my user can be invite to the google-cloud project.
For my own gmail account, I have multiple email addresses associated with it. For example, I have an email address from my university that is associated with my gmail, and I can send emails from my gmail as if they are coming from my university email address.
I'm reading up on the Google APIs, and I see that I can get a user's gmail address, but can I also get any other email address that is associated with their gmail account?
When a user logs in to my site, I'd like to present them with a list of the gmail-associated email addresses and let them select the one they would like to use.
EDIT: Thanks everyone for the answers, but I don't think any of them answers the question. I've been playing with Google's OAuth playground. It is strange that I can get lots of very personal information (a list of a user's contacts and even received emails) but I can't get the user's alternative email addresses.
Your description is a little vague. Are you talking about send-as alias accounts or alternate email accounts?
Send-as Alias
Either way, you can interact with the send-as accounts here: Manage Send-as Alias
Alternate Emails via Admin SDK
As for alternate email accounts, they can be accessed via:
Admin SDK: https://developers.google.com/admin-sdk/directory/v1/guides/manage-user-aliases?hl=en
Google Apps Script: https://developers.google.com/apps-script/reference/gmail/gmail-app#getAliases()
Additional info here on how the accounts work.
Email addresses associated with your account
Alternate email addresses and other Google products
Connect other email accounts to your Google Account
Federated Login
Also, I'm not exactly sure how you are trying to incorporate this functionality into your site but another area I recommend checking out is Federated Login for Google Account Users. This might also provide you with the functionality you seek.
Using federated login (also known as federated identity), your website
or application can allow visitors to sign in using their Google user
accounts. Federated login frees users from having to set up separate
login accounts for different websites, and frees you from the task of
implementing login authentication measures.
It has been a while since the question was asked. You can use the Google People API to get a user's primary email address and aliases. Here's the documentation. The scope you need to use is: https://www.googleapis.com/auth/user.addresses.read
This will return all the email addresses for the user and also tell you which is the primary one.
If you use OAuth to have your users sign-in with their Google accounts (with or without G+) the user will be prompted (by Google) to select which of their accounts they wish to authorize your application to use:
https://developers.google.com/accounts/docs/OAuth2Login
So to directly answer your question, I'm not aware of an API to return that list of users - however you shouldn't need to, Google will take care of this before returning to your application.
If your user is already logged in, and you wish to give them the ability to change the Google account they are using, I believe it is possible to prompt them again to select the account they are interested in (search for select_account on the link above).
This is possible. However, this has changed since Google announced the deprecation of their Google+ People API, which a lot of folks used to get all the email addresses for a user. The current most voted answer now goes to a 404.
Google Plus People API Replacement
Google has replaced the Google Plus People API /plus/v1/people/me with https://developers.google.com/people/ and you’ll want to use the https://www.googleapis.com/auth/user.emails.read profile scope as discussed here as a replacement. The schema is different, so you'll need to change your mapping as well.
If your app already used the following scopes from the old /plus/v1/people/me your user will not have to re-consent when you switch to the new API:
email
profile
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.profile.agerange.read
https://www.googleapis.com/auth/plus.profile.emails.read
https://www.googleapis.com/auth/plus.profile.language.read
I have a project where I am using Selenium to test the Facebook auth. I created a Facebook app, created a test user inside this app and created some tests using Facebook login. Until now, it was working. But during the last two weeks something changed in Facebook and my tests are failing. It is due to interface changes in permissions dialog (I am targeting the button by his id). The second problem is that I don't get the email address from Facebook test user but a proxy email which is longer than 75 characters (my db field length is hardcoded in framework I am using).
If I log in as a regular user, it is working correctly and I get this permission box:
But when I log in as the test user I created (via 'switch to' in app's developer roles), I get this box:
I tested it ~2 weeks ago and this was yet working. Today it is changed. So my questions:
How to get back the old permissions box for test users?
How can I get the real email address and not the proxy?
Thanks!
I experienced the same problem with the Auth Dialog. I tried it with some old and new apps with various settings including March/Apr. 2013 Breaking Changes enabled/disabled, but it didn't help.
However, I guess I can help you with the email problem. When you login as a test user and go to account settings page, you will see the test user's primary email addres. By default this should be a really long one like the image I attached.
Facebook Platform returns this primary email address. If you pass the Auth Dialog with your test user account and see the privacy setting page, you will find the default primary email address is shared with the app. You have to provide a new email address for the test user and set the new one as primary email address via account setting page.
Why is the Login Dialog different with a test user?
With your test user, you can see the future of login dialogs. In fact, this isn't "not working" but this is an update which was unveiled on December 2012. Let me quote:
Our Login dialogs have undergone a redesign to make it easier to
understand permissions that apps request. We've simplified
presentation and have also updated our language for greater clarity.
“Basic info” has been renamed to “public profile and friend list,” to
reflect what what is being shared. Apps accessing your public profile
get your name, profile picture, age range, gender, language, country
and other public information.
Source: Providing People Greater Clarity and Control, developers.facebook.com/blog
The reason why you don't meet this update with a regular user, is that Facebook doesn't use to update everyone at the same time. They partially launch updates depending on the country, the type of account or some other parameters I ignore.
Example of a partial update (unified_message FQL table) dedicated to developer accounts:
We are providing early access to this API for registered developer
accounts only until the new messaging system is broadly available. You
should use the message table for production applications at the
current time.
In our case, we now know that test users can access to the update, but it is also said:
We have already launched many of these improvements as part of our
iOS6 integration and are now rolling them out more broadly.
About proxy emails
In fact, proxy emails are a way for any users to keep their real email anonymous. You have to consider proxy emails.
When joining an app, the user can choose between a real email and a proxy email:
Other thing you need to expect are users who didn't validate their account when connecting to your app, a case which is possible as described here and here.
Then, why do test users give back a proxy email? Because test users (being bots and having fake emails) didn't validate their emails.
You see that in at least 3 cases (and finally, test users are a good example), you need to handle these proxy emails. They are incidentally or accidentally met by developers and they can't be neglected. For your case, you can still try to disallow tests users who have a proxy email from accessing your app. But you should accept them and shouldn't force them to share their original e-mail addresses. A better solution is that you validate the test users emails:
Connect to the test user account that gives a proxy email
Add an email address (password needed here),
Go to the email mailbox and click on the validation link,
Set the new email address as primary,
The test user should now give his original email and not a proxy anymore!