I am relatively new to programming, and have been learning about OAuth2 with Python. Specifically, I have been learning how to use Flask-Dance, beginning with its implementation for Google authentication. I am wondering:
1) Which Google API does Flask-Dance make use of? I see that the default scope in F-D is 'profile', but I can't seem to figure out what other scopes are available
2) What is the difference between the Google API Explorer and the Google OAuth2 Playground? When/why would I use one over the other?
Any help would be appreciated.
Thanks!
1.) Flask dance makes use of OAuth. Oauth is used specifically for allowing users to give authorization to your app or for authenticating users with the OpenID standard. What this means is, say, you want to get data from a user's google account, e.g. you want a list of their google contacts, you'll use OAuth to get authorization from that user. Another use case is if you want to let users login to your application using google. You'd use Oauth for that. In this case you'll be dealing mostly with access tokens and authorization codes, this is what Flask Dance is for.
For more information on OAuth, here's a video that explains it and its various use cases in plain English: https://www.youtube.com/watch?v=0VWkQMr7r_c
2.) The Google API is for a completely different use case. You're not trying to get data from a user's google account and you're not trying to let users login to your application with google. You want to simply use a Google service on your application. For instance you want to use Google Maps in your app so that you can let users of your app get directions to a place. In this case, you'll be working with API keys that identify your application.
Related
All I know about API authentication is just password and bearer token. (and NO AUTH too ;)) And I got this OAuth problem when I was trying to use audiomack API.
https://www.audiomack.com/data-api/docs
This is their API documentation. They say
Rather than manually creating code for OAuth, we recommend instead using one of the pre-built libraries available for your programming language.
And I got piles of python libraries here: https://oauth.net/1/#:~:text=Max%20Countryman%20maintains,Tornado%20Auth%20package
Because I am new to OAuth, and also do not know how to get this consumer key and secret from my audiomack account (newly created for test use), these repos give no meaning to me.
Is there anyone who can help me out? I want to know how to make a proper OAuth step to use this API.
A step-by-step guidance or relevant link will be appreciated. Thanks in advance.
I've found two different APIs to interact with google spreadsheets, but don't know which is the one I should use.
I found these two:
1. google-api-python-client: http://github.com/google/google-api-python-client
2. gdata-python-client: https://code.google.com/p/gdata-python-client/
I thought the first one was the correct one but I can't find the way to get a spreadsheet's content.
By 'correct' I mean 'able to upload a new spreadsheet and modify or delete an existing one'.
Thanks for your help.
The Google API Python Client and the Google Data Python Client can access different APIs. As far as I understand, Google is migrating older APIs of their services to provide developers a clean and unified access to all services.
Google API Python Client is newer and meant for the newer Google API, including Google Drive API, which allows you to create/delete spreadsheets for example or access meta-data of spreadsheets. You cannot modify the content of these files. This library supports oAuth 2 for authentication, including service-accounts.
Google Data Python Client is much older and a little bit outdated and cumbersome. It provides you with access to the (older) Google Data API, including Google Spreadsheets API 3.0, which allows you to add/remove worksheets to/from a spreadsheet, querying or adding rows or cells, or modifying cells/rows. However, the Google Data API and so the Spreadsheets API feel very different from the other APIs, especially the newer ones.
Some tips: For spreadsheets, you will find many examples using the older SpreadsheetService, but I think the Service class restricts you to oAuth 1. For oAuth 2 you would need to use the newer SpreadsheetClient class. They also have different method names and some concepts are different too. If you don't want to use a normal Google user account, but need to use a service account (with a p12 file created in the developer console), you can find a working code pattern here.
UPDATE: You may also want to have a look into the gspread library. It's supposed to be much easier than gdata, but I haven't figured out yet oAuth2 service account authorizations with that one.
I'm developing a Google App Engine-app where one can fill out an online-form and based on how you fill it out a calendar post in a specific Google Calendar is created. What I'm wondering about is authorization in this type of situation where I want this form to be 100% publicly available and require no login whatsover to create the calendar post.
Using OAuth2 I have gotten the actual form and post-creation to work as I want but only when I'm signed in.
This is what I'm doing now, I have:
One registered app, let's call it form-app(.appspot.com)
One Google account, let's call it form-app-admin(#gmail.com) This account owns the Google Calendar that the posts are going in.
One API Project owned by form-app-admin
I have used these and the google-api-python-client library (with its oauth2decorator) as in the Google App Engine-example so when I'm logged in as form-app-admin and surf onto form-app.appspot.com everything works exactly as I want it to but if I am not logged in as form-app-admin, naturally, it doesn't.
So what I would like to do is to kind of grant this permission to write to form-app-admin's primary calendar to the actual app rather than the user currently using the app. Or is there a better way?
The only premises is that anyone (logged into gmail or not) should be able to fill out the form and thus creating a post in some google calendar.
Naturally I would be very thankful if anyone happened to have the appropriate python code to achieve this but primarily I want help figuring out how to go about this since I have very little experience with auth-related stuff.
Thank you for your time!
/Tottish
What you want is the App Identity API. That page shows examples of how to use the API to assert identity to Google APIs.
I want to let users use their google account to login to my website. Exactly the way SO lets me. Can anyone please point in the right direction? I'm assuming the oAuth library is to be used but what I'd really like is a snippet of code I can directly copy paste and get this to work.
It's not OAuth particularly that you need (OAuth is for authorising access for one website to specific private content held on another), but OpenID - which is meant for authentication rather than authorisation. (Some sites, like Twitter, do provide authentication services via OAuth, but that's not what it's primarily for.) I have used python-openid which is fairly straightforward to use, or you can look at django-openid - though it admits to being incomplete, you could get some idea of how to implement OpenID support.
The problem's a little too involved to admit a copy-and-paste solution, but it's not especially hard to do this.
Update: piquadrat's link (in he comment) is definitely worth following.
You may want to check out django-piston which is a mini-framework with oAuth built in. Here's a tutorial on how to set it up.
You might consider using Django-Socialauth, as it supports
Twitter
Gmail
Facebook
Yahoo (essentially openid)
OpenId
I'd like to be able to use the Google Data API from an AppEngine application to update a calendar while not logged in as the calendar's owner or the a user that the calendar is shared with. This is in contrast to the examples here:
http://code.google.com/appengine/articles/more_google_data.html
The login and password for the calendar's owner could be embedded in the application. Is there any way to accomplish the necessary authentication?
It should be possible using OAuth, i havent used it myself but my understanding is the user logs in and then gives your app permission to access their private data (e.g. Calendar records). Once they have authorised your app you will be able to access their data without them logging in.
Here is an article explaining oauth and the google data api.
http://code.google.com/apis/gdata/articles/oauth.html
It's possible to use ClientLogin as described here:
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html#Response
Note the section at the bottom of the document that mentions handling a CAPTCHA challenge.
There's example code included in the gdata python client in
samples/calendar/calendarExample.py
You need to call run_on_app_engine with the right arguments to make this work as described in the Appendix here:
http://code.google.com/appengine/articles/gdata.html
Note that the same document recommends against using ClientLogin for web apps. Using OAuth or AuthSub is the correct solution, but this is simpler and good enough for testing.