I'm completely new to this area, but what I want to do is to start a process which listens for anyone trying to authenticate with my client credentials. I can't seem to find any good infromations about this matter so i would appriciate any help i can get.
Thanks!
Explain your usage of the Google auth scenario. for example, monitoring your client website traffic behaviour is possible in auth2.0 .
According to Google Documentation
" You can use information returned by the client object to help sync your site's user experience across multiple tabs and devices for your user." ... words from the google developer documentation "https://developers.google.com/identity/sign-in/web/session-state" ..
Related
There are several options while setting up a service account. And it is confusing. I'm a beginner as well.
How may i Set-up the service account so that the script will successfully keep posting on blogger as posts.
Or could someone please assist me in setting up the Oauth client. There are two kinds of uri and I'm not sure how to find or create or obtain them. Or if there any way to setup successful authentication with Google so that posts can be created infinitely without any error.
This script will be run in python termux.
Any help is very appreciated.
Yes, i tried setting up this oauth client Id and it didn't work. There are errors. Perhaps because i don't have uris.
I also tried setting up the service account, where after execution of script, it says in termux something like, we are sorry but... Global.... No access... Something like that ...
I'm a python beginner, and I want to make a basic google tasks client. It'll be a native app. The point I cant get is how to keep the 'client secret' actually secret, as it's to be included in the program code.
I've searched and found a post, quoting a google forums post, and basically suggesting to give the thing away.
I have spent hours trying to get the thing, but, I have no answer at the moment. So, I have two questions to ask:
What are the consequences of giving the client secret away?
If letting people see the secret is dangerous, is there a way to keep it secret, or, is there a way to do a classic login to support application specific passwords to log into the google account?
I assume you're talking about OAuth.
Yes, you embed the secret - but no, it's not really a secret; see another post here: OAuth - embedding client secret in your application?.
Google's docs actually say the same thing; from : https://developers.google.com/accounts/docs/OAuth2#installed
The client_id and client_secret obtained during registration are embedded in the source code of your application. In this context, the client_secret is obviously not treated as a secret.
And there's no point in trying to protect it - it has to make it's way over the wire to get to Google, and anyone with Fiddler, etc. could watch it in plain text.
As to impact: the idea behind the client secret, I believe, is to protect the client vendor (that's you). Theoretically, if I know your client key and secret, I could make a malicious website/client that lets users log in legitimately but then deletes all their tasks and it would look like you were responsible. That probably makes sense to defend against with web services, but for an installed client, the user presumably downloaded it from somewhere (app store, website, etc) that hopefully made sure it was legitimate.
I'd like to allow my Google App Engine application to connect to a clients Google Spreadsheet on their Google Drive. I've spent the last two and a half days trying, and I've gotten nowhere. Half of the GAE Python documentation seems to be out of date. For example some of the examples have webapp, and they don't work until I change them to webapp2, but that doesn't always work.
I created a OAuth2.0 thing (not really sure what to call it) at:
https://code.google.com/apis/console/
So now I have a Client ID and Client Secret, but one doc talked about a CONSUMER_KEY and CONSUMER_SECRET. So are they the same or?
I followed the following doc to use OAuth to read my tasks (I know it's a different API), but I couldn't figure out step/Task 3. I'm not sure if I have all of the files/librarys to connect using OAuth. I have the gdata-2.0.17 files, and I know how to connect to the drive and spreadsheets by hard coding the login credentials, but no user is going to give me their credentials.
I don't normally ask for code, or even help, but I'm completely lost with this whole OAuth API/Service.
If someone could post some sample code that uses OAuth 2.0 and webapp2, and that you have tested, that would be awesome.
If someone could link me to a sample GAE Python project that can authenticate with Google's servers and allow it to connect to the users spreadsheets using OAuth 2.0 and webapp2, I'd be over the moon.
A complete example application using Google Drive from GAE is explained in this article.
See Retrieving Authenticated Google Data Feeds with Google App Engine (Python) if you need to access the spreadsheet content.
The samples in this article is using Google Document List API but it could be easily adapted to use spreadsheets scope and spreadsheet client or service.
If you only need to list the files, I would recommend using Drive like #SebastionKreft suggested
I'm trying to make a video upload to youtube using the gdata api.
I also had a look at the hello-youtube example.
Does anyone knows if I can use youtube browser upload without requiring the user to loggin to youtube? I want the user to select a video from their computer, and upload it to my developer account (not the users account). Is this possible?
In case it its, can someone help me with an example?
Many thanks!
EDIT
I found that it's possible to log from server side using any normal youtube account (not sharing my password, although my account still subjected of being suspended in case someone submits bad content). The code can be found on the "ClientLogin authentication for installed applications" of the python developers guide
This is a very bad idea because you are responsible for the content of your channel and the usage of your account.
It also means you will share your Google password with the entire world. Bad idea, bad idea, bad idea, ...
I just want to import my facebook status and photos to my personal django website but all the examples and documentation i can find are for developing facebook applications.
A simple rss feed would be enough but it doesnt seem to exist in facebook.
Do i really have to create a full facebook app to do this?
A simple facebook application isn't that hard ... excluding trying to decipher the soup on developers.facebook.com.
The "problem" is that you need to get an application key, application secret, and sometimes a session key in order to access the web services. Unless someone is sharing a service to do just that (I haven't looked, and you'd need to trust them) then the only way to fulfill the requirements are to create an application. However, the application key/application secret don't actually require that you write anything. They will show up in the Facebook Developer Application (the application that allows you to edit your applications...)
Now, all you need is a session key (however, a session key is not always required, see the Understanding Sessions link below) -- and hopefully a permanent one. To do this, ask for the extended offline_access permission**. If you grant that to an application then it can get a session for you whenever it feels like it (or rather, the session does not follow the one-hour expiration policies for that application). Extended permissions. Understanding Sessions. Oh, but ignore that 'auth.renewOfflineSession(UID)' example -- the method doesn't exist. I told you the "developer" documentation was soup :-)
You can use the URL in format:
http://www.facebook.com/tos.php?api_key=YOURAPIKEY&req_perms=offline_access to request the permission of yourself. Now see the links below :-)
Extra information in:
**I'm not entirely sure if new changes to the FB policy affect forever-sessions, but this link seems more than relevant to the task at hand:
http://blog.jylin.com/2009/10/01/loading-wall-posts-using-facebookstream_get/
Getting offline_access to work with Facebook
Facebook offline access step-by-step
(You need never post/share your facebook application -- you can keep it in sandbox mode forever.)
Probably. Anything that bypassed authentication would be a fairly large privacy issue.
With the release of the new graph api, this is pretty simple once you get your oauth token. Unfortunately you will need to create an app, but it can be a rather small one to get your oauth token so facebook can authorize your requests. You can use the python sdk here: http://github.com/facebook/python-sdk/
Once you have your token, you make a call to: https://graph.facebook.com/[your profile]/statuses?token=[your token]
And you will get json back.
If you first login to facebook and then go to the documentation page you can see the working example by clicking on the statuses link in the connections table.
http://developers.facebook.com/docs/reference/api/user