I have a GWT application that would like to read a Google Drive spreadsheet given a public read only url such as https://docs.google.com/spreadsheet/ccc?key=0Aj9YCks8-__hdGU5RHFSRzk4WFNHT3RjRWlsVGdGT2c&usp=sharing.
I can read this from a browser in csv format using this url: https://docs.google.com/feeds/download/spreadsheets/Export?key=0Aj9YCks8-__hdGU5RHFSRzk4WFNHT3RjRWlsVGdGT2c&exportFormat=csv&gid=0
However, this does not work unless the user is logged in as a google user.
Given a public spreadsheet key as shown above, how would one query the spreadsheet using server side queries or apis from GWT? I've seen references to a GWT Drive API but nothing other than coming soon for the last year or so.
It's a browser security, you can access to url in other domain than your server.
You must pass by your server to call your URL with a script proxy.
Related
I need to send user-specific values to an external system from Moodle. How can I force Moodle to send the session ID (or user ID, activity ID, etc.) to this third-party system? All of the articles out there seem to be written for calling into Moodle but this is not what I need to do.
Important:
I cannot alter the Moodle installation. The solution must only involve editing content. This means I cannot author a new plugin or alter any of the Moodle source code.
Edit:
I do have direct access to the Moodle database from a separate external API. The goal was to use this connection to validate the incoming parameters. However, I still need to be able to construct a parameterized URL to call out the external app. That app would then be able to validate the supplied values against the database. If the session ID is not available then I would need the values regarding the page, user, module, etc. to be sent via the parameterized URL.
For the session id do you mean the current user session? There is a session key stored in $_SESSION['USER']->sesskey but its not really useful data. It expires when a user logs out.
$_SESSION is server side, so you would need to use PHP code which isn't allowed in content for security reasons.
Have you got access to the database? You could pull user id and activity id from there. Otherwise you will need to use an API or a plugin.
EDIT: There is a URL activity that you could use to send data externally. But that would require the user to click the link.
Data includes user and course ids.
https://docs.moodle.org/311/en/URL_resource_settings
I can't think of any solution to send data externally without writing some PHP code or adding a plugin.
You can add javascript to every page via Site administration > Appearance > Additional HTML but the session variables aren't available without PHP.
https://docs.moodle.org/311/en/Header_and_footer
This is the error Unity is spitting out in the logs, over and over:
Status(StatusCode=Unauthenticated, Detail="Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.")
More context is:
I use cloud speech for work and it's working fine everywhere except for one customer's computer. The app is built with Unity and uses the gRPC plugin to do the streaming variant of cloud speech. The customer is in another country but my first guess is that wouldn't matter, as we have other customers in the same country that don't have this issue.
I tried looking through the documentation Google provides for error codes and this one isn't in there. I looked through the troubleshooting section and saw something about authentication. I supply the credentials at runtime from a JSON file stored in the app. The code when using the credentials looks something like this:
googleCredential = GoogleCredential.FromJson(Utils.DecodeBase64(encodedCredentials));
var channel = new Grpc.Core.Channel(SpeechClient.DefaultEndpoint.Host, googleCredential.ToChannelCredentials());
var speech = SpeechClient.Create(channel);
I'm trying to gather more information here so we can narrow down our troubleshooting to help the customer get the app running. Like does this point towards a specific router/firewall setting kind of thing, etc?
Thank you.
I'm creating a dashboard-style calendar to go up on a screen in my living room, connected to a Raspberry PI. The calendar will basically be a HTML page generated locally on the Raspberry PI (probably by a Python script or similar, I haven't figured that bit out yet). I want it to show a merge of the calendars in my family, that is of selected users in our family Google Apps domain.
As the Google Apps admin I can see all of them already, so ideally I want to create a single API Key that gives read-only access to all of the calendars. However, the developer dashboard doesn't seem to be set up that way, it looks as if I would have to create an "App" and then using OAuth 2.0 the individual members would have to grant the "App" access to their calendar.
So how should I structure this? Would my Raspberry PI script be a client, connecting to my "App" in the Google cloud, and the "App" somehow has access to the required calendars by having to grant access from each user? Or is it possible to just create an access token that my client can use to directly query all the calendars, and keep all my code running locally instead of in the cloud?
Update: I found that there is a private calendar feed URL documented here, this gives an XML feed of recent changes, or an iCal dump of your entire calendar. The private URL contains a key-like string private-<128-bit-hex-value> - is there any way to use this as a key or calendar id with the v3 calendar API? I already tried using it as the calendarId:
https://www.googleapis.com/calendar/v3/calendars/private-<128-bit-key>
But that gives a 401 Unauthorized response. I don't even know if the private URL key is a calendar ID or what.
Of course, I could download the entire iCal dump for all five calendars upon every refresh and process it locally each time to filter for upcoming events, but I'd much prefer to use the calendar API to ask for events with the timeMin and timeMax query parameters and process the JSON response to keep things snappy.
Edit:
Initially, the question was how to get an Office365 calendar in JSON without authentication; but, what I meant was how to get an Office365 calendar in JSON without requiring the OAuth2 step (so, for example on the server-side other authentication methods are acceptable to retrieve the calendar data).
Problem:
I would like to use the Office 365 REST API to access this published calendar (i.e. the "read" operation only since the calendar is published), so that I can "style" the calendar the way I prefer. So, I am looking for a public API approach to using one of my calendars. The code examples for the Office 365 REST API that I found use OAuth to authenticate the client. This seems like overkill.
I have come up with some possible solutions, so any suggestions on the best approach is welcome.
Background:
I have a published calendar in Office365, which gives me a feed:
http://outlook.office365.com/owa/calendar/USER#DOMAIN/CALENDAR_NAME/calendar.ics
and the URL:
http://outlook.office365.com/owa/calendar/USER#DOMAIN/CALENDAR_NAME/calendar.html
How can I do what "calendar.html" is doing, so that I can display a calendar the way I would like it to be displayed (instead of IFraming what Office365 provides)?
Example:
Here is an example URL using the REST API:
https://outlook.office365.com/api/v1.0/users/USER#DOMAIN/calendars
The browser will bring up a basic authentication dialog, so it looks like OAuth is not the only method required (one possible solution, the request could be proxied from a local server that is calling the REST API using basic authentication).
Issues:
One issue might be that the calendar "publishing" feature is meant for a limited amount of data (e.g. 1 year prior or in the future at the most) which is what I assume is what the iCalendar (*.ics) file would contain for any request.
Using the REST API with authentication assumes that there isn't a date range restriction (since one can query the calendar using the REST API, I assume you could query further back than a year).
Possible solutions:
Proxy the request from another server by making the REST API calls using basic authentication. Caching might also be needed since it appears the response times could be slow. The calendar could be either JavaScript that consumes a local endpoint, or HTML content generated at the server.
It looks like the Office365 AuthenticationContext.AcquireTokenAsync() will accept a ClientCredential (client id and secret) or also a UserCredential (simple username and password). So, I think I can run a local proxy service that uses the Office365 library by manually passing in credentials to the function that acquires a token. (I still need to test this to make sure that the function will indeed work this way.)
Simply iFrame the "calendar.html" page provide by Office 365. (Cross domain is prevented, unless it's on one of the Microsoft hosted solutions "Something Webs".)
If using the iCalendar (*.ics) feed, then one would need a transformation function for the iCalendar format to JSON (https://github.com/kewisch/ical.js), then JavaScript or a calendar library could be used to design a custom calendar. (This wouldn't be very convenient for viewing a year's worth of calendar events without cashing and providing a querying mechanism, except for displaying one month back and forward. So, some sort of ics2json to use on FullCalendar might work for only a couple months of calendar history.)
Any suggestions on the best approach (or another approach not listed here) is welcome.
The Office 365 APIs require Oauth2 in order to function. If you are using Visual Studio to develop your app, the O365 tools for Visual Studio + OWIN middleware will handle a lot of the oauth work for you.
If oauth is absolutely not an option, I'd consider using the EWS APIs instead, which can use basic authentication (more info on that here on MSDN).
I recently succeeded in building a page that loads data via an ajax get call to a REST interface (that runs on my server) and then uses the data to construct a map overlay for Google maps via JS.
I managed to do this but now I have concerns about the security of my data. Obviously everybody could just use curl to load the overlay data from my REST interface. However, I do not want to make my data so easily available, since they are kind of the business value of my page...
Is saw many solutions on the web that all require a login of the user.
However, this should not be required on my page.
Is there an easy solution to this problem, without the user having to use a log in or something? Basically I only want to allow my web application to query data from my REST interface, but not anyone else.
One solution that came to my head is to pass the data directly from php into JS, when the page is loaded. However this looks like a real ugly solution to me...
On a RESTful interface, I suppose you want to avoid login into a session. You have basically 2 more ways :
use IP address filtering if the web application run on a private network with known IP addresses
pass an identification token in the request headers or as a request parameter. The token has to be passed along in all the requests.