So, I made an application using python and google calendar API, where I have to give a reference of credentials.json (I downloaded it from google calendar API website). Now, If someone else uses my application, they get an message of "Google hasn’t verified this app", which is cool but I want to know, can someone misuse that credentials.json against me or that credentials.json is a reference to user and google that "This author is accessing some environment"?
Actually, I'm new in this field so I don't know much more about details.
You should NOT be giving anyone access to your credentials.json file from google developer console. This is part of your application.
It is against Googles TOS to share this file with anyone. This file is only for your application.
If you share it with someone they can then create an application and to all apparent purposes they appear to be you. IF they start to spam google or if they leak user data, it will be your application that will be seen as at fault.
Your application also needs to be verified as your only going to have about 100 users before its going to get locked down until you do verify it.
Related
I want to upload and retrieve file (that includes image and csv) for my django application.
My project is currently hosted on Google App Engine Flexible. From my understanding, I need to use Google Cloud Buckets for the process. But I could not find relevant material online for the process.
GoogleAppEngineCloudStorageClient API also provides the feature of writing a file and reading it:
cloudstorage.open(filename, mode='r', content_type=None, options=None, read_buffer_size=storage_api.ReadBuffer.DEFAULT_BUFFER_SIZE, retry_params=None)
Please point me to the relevant resources for the same. Since I am new to Django and Google Cloud, I would really appreciate if you could share code snippets with me.
Thanks in advance.
Check the Google storage section of Django Storages. It may help to read generally about the storage system used in Django before going to Google storage in detail.
As per the official documentation of Google App Engine Flexible, you can configure upload and retrieve files in different runtimes environments. I went through the documentation and I found that you need to create a Cloud Storage bucket in order to stock your files.Keep in mind that it's only for static content. I recommend to take a look at this documentation where you may find valuable information.
Please let me know how it goes.
I've searched on google and have taken a look at the facebook site for the apis, but facebook does not have an official SDK for python. I looked at the third party api for python listed on their site that could be used to communicate with facebook. After having visited their official site and github repository there is a small readme file that shows basic usage, it seems to assume that you are already connected to facebook, and the example at the end of that page shows a cookie example.
The short examples seem easy enough but there is no explaination of anything and i dont find any more documentation about anything else.. there does not seem to be any information about all available methods you can use with the api..where do the people who are using this api get the documentation to find the methods available so they are able to do work with this ?
Since i guess people are pretty tired of signing up for yet another service i would like to offer to sign in with their facebook and twitter accounts (although thats a no no for the ad people who would like to have access to the user profile in order to have targeted words/links that generate revenue). Im using django and have taken a look at the django-facebook api as well but the documentation seems to just point to the github repository which doesnt have any documenation, almost just like the other api pointed out above. Basically i dont find any documenation about how to use the apis except from the small examples.
And like always, i appericiate your time answering this, always nice to add an explaination to any code so the answer is a little more usefull, thanks.
My info might be a little bit out of date as I was working at a startup implementing a Python backend on Google AppEngine that interfaced with Facebook, used FQL, AppEngine datastore etc, about a year and half ago.
There are several third party APIs you can use, for instance, https://github.com/jgorset/facepy or https://github.com/pythonforfacebook/facebook-sdk. The reason there is no 'documentation' on the github site is because it implements access to the API that IS documented on Facebook's developer pages https://developers.facebook.com/docs/graph-api/.
But that is in a perfect world. My experience with the Facebook APIs is that they don't always do what is said on the dev pages. You don't get consistent return data, FB Realtime API not/inconsistently notifying for certain connections (music, movies, books, tv). Unfortunately, I think they have many non-documented APIs that are only available to the big app players.
Where I got my real world working info and learned how to access Facebook using Python was right here on stack overflow.
I have more of a general question about how I would go about achieving something. I would like to run a daemon process that updates my own Google Calendar (as a background process). I have consulted the sites regarding Google API procedure (authentication, access tokens, etc.) and it seems that the authentication code I've seen requires manual authentication on my part (i.e. me pressing the 'yes, i'm okay with this application accessing my calendar' button). Given that I am writing a program to access my own google calendar (so security shouldn't be an issue), is there any way I can authenticate from within my own source code (perhaps a way of including my login info within the Python script I am writing for this program)?
I hope that makes sense. Thanks for the help!
You should have a look to Service Account with OAuth2.0. (See here : https://developers.google.com/accounts/docs/OAuth2#serviceaccount) It will provide a service account for your application, from which you will be able to handle calendars for your app.
I know it's possible to do it using java and here you will find a sample showing how to do it with Java. (https://code.google.com/p/google-api-java-client/wiki/OAuth2#Service_Accounts)
And I am almost sure it's also possible with Python. (see https://developers.google.com/accounts/docs/OAuth2ServiceAccount)
I'm developing a Google App Engine-app where one can fill out an online-form and based on how you fill it out a calendar post in a specific Google Calendar is created. What I'm wondering about is authorization in this type of situation where I want this form to be 100% publicly available and require no login whatsover to create the calendar post.
Using OAuth2 I have gotten the actual form and post-creation to work as I want but only when I'm signed in.
This is what I'm doing now, I have:
One registered app, let's call it form-app(.appspot.com)
One Google account, let's call it form-app-admin(#gmail.com) This account owns the Google Calendar that the posts are going in.
One API Project owned by form-app-admin
I have used these and the google-api-python-client library (with its oauth2decorator) as in the Google App Engine-example so when I'm logged in as form-app-admin and surf onto form-app.appspot.com everything works exactly as I want it to but if I am not logged in as form-app-admin, naturally, it doesn't.
So what I would like to do is to kind of grant this permission to write to form-app-admin's primary calendar to the actual app rather than the user currently using the app. Or is there a better way?
The only premises is that anyone (logged into gmail or not) should be able to fill out the form and thus creating a post in some google calendar.
Naturally I would be very thankful if anyone happened to have the appropriate python code to achieve this but primarily I want help figuring out how to go about this since I have very little experience with auth-related stuff.
Thank you for your time!
/Tottish
What you want is the App Identity API. That page shows examples of how to use the API to assert identity to Google APIs.
I'd like to be able to use the Google Data API from an AppEngine application to update a calendar while not logged in as the calendar's owner or the a user that the calendar is shared with. This is in contrast to the examples here:
http://code.google.com/appengine/articles/more_google_data.html
The login and password for the calendar's owner could be embedded in the application. Is there any way to accomplish the necessary authentication?
It should be possible using OAuth, i havent used it myself but my understanding is the user logs in and then gives your app permission to access their private data (e.g. Calendar records). Once they have authorised your app you will be able to access their data without them logging in.
Here is an article explaining oauth and the google data api.
http://code.google.com/apis/gdata/articles/oauth.html
It's possible to use ClientLogin as described here:
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html#Response
Note the section at the bottom of the document that mentions handling a CAPTCHA challenge.
There's example code included in the gdata python client in
samples/calendar/calendarExample.py
You need to call run_on_app_engine with the right arguments to make this work as described in the Appendix here:
http://code.google.com/appengine/articles/gdata.html
Note that the same document recommends against using ClientLogin for web apps. Using OAuth or AuthSub is the correct solution, but this is simpler and good enough for testing.