Is it possible to embed the whole Gmail UI into a web application and control it out of my web application (e.g. select a message by its sender) as well as the other way around that the web application can register, e.g. by callbacks, the activities going on in the Gmail UI (e.g. get all data from the selected/opened message)?
I reviewed the options available like maybe you could add an iFrame with the Gmail web interface to accomplish this. However, I found that Gmail, like most of Google's other web services, sets the HTTP header:
X-Frame-Options: SAMEORIGIN
Because of this, it disables the option of using an iFrame to access Gmail.
The only options available will be the Gmail API with this Google Cloud service
Or you can build your setup using the Gmail API, and link it to buttons in your web application that will call the methods to send email, searching for Messages, work with Drafts, etc. You can read more information about the Gmail API here.
Lastly, you can submit a missing feature request by following the information in this Google Documentation, so they can add the feature later on.
Related
Our application uses AngularJS and consumed Web API in the backend. This is only internal application and authentication used is 'Windows' mode only. We are using custom authorization(role-base) to limit the access/execution of the application web api methods.
My question is do we need to add ValidateAntiForgeryToken attribute for those web api action with HttpPost and HttpPut attribute? I never use this ValidateAntiForgeryToken before as I was only involved in internal web application (local intranet only). Please guide me when/how to use ValidateAntiForgeryToken.
ValidateAntiForgeryToken protects your users from malicious web apps that send a POST request to your web app unbeknownst to your user, known as CSRF. Still the request would succeed since it's coming from your user who actually has permission to do so.
This is irrespective of the actual authentication mechanism, and is in fact a higher risk for automatic single-sing on that you have with Windows authentication.
If your internal web app is worth the effort, a targeted attack could trick your users to visit the attacker's web site that in turn sends the POST request to your web app.
My take is that you should use ValidateAntiForgeryToken even in this situation as a defense-in-depth measure.
I am successfully able to read my inbox content using Gmail API with desktop application.
But when I am trying to read other person gmail inbox, I am getting Delegation denied exception?
So my question here, will Gmail Api allow the applications to access other persons inbox or only the person who credentials are being used in generating Client_secret file??
Yes, it is possible to access others Gmail inbox. To access Gmail mailboxes, use Gmail API. Gmail API gives you flexible, RESTful acess to the user's inbox with a natural interface to Threads, Messages and History.
All you need to use the Gmail API is the client library for your choice of language and an app that can authenticate as a Gmail user. All requests to the Gmail API must be authorized by an authenticated user. You should use server-side flow when your application needs to access Google APIs on behalf of the user.
Here's a documentation how to implement Server-Side Authorization: https://developers.google.com/gmail/api/auth/web-server
This may be due to regulatory restrictions, I'm not sure why but it turns out that Google has not yet built any back-end support options for tracing Gmail messages within the Google Workspace administrator console
If your organization needs access to another user's Gmail account or tracks Gmail messages, I Highly Recommend using the Gmail Reader, it's a verified Google Workspace plugin, with a very user-friendly interface and a quick safe installation process directly from your Google Workspace Marketplace administrator console.
see the EZ Gmail Reader at Google Workspace Marketplace
In mirror api glassware we identify users by the unique user id generated and sent to the glassware by Google-oauth... But my glassware contains a gdk counterpart which needs to send information to the mirror api service. My question is that how do we send such information (e.g. an url request to the glassware mirror-api service) automatically in the background, without using "google notification by sharing with a specific contact", so that we can uniquely identify the user from mirror api glassware side as well as extract the information for the rest of the purpose.
Is there any glass Id that I can send along with the request from gdk and on the mirror-api side get the user's google account from this glass Id and using some other api generate the user Id from the google account just like google-oauth. Once we have the user Id, we can send static timeline cards to that user using simple mirror-api.
Please guide me with whatever solutions available other than "notification subscription".
I've already asked a question like this here: How to call the Mirror API from GDK?
It's seeming like the answer right now is that we can't communicate between the two APIs and everything in Mirror is separate from GDK. I've been doing some digging, trying to get things like the device's contact list since the Mirror documentation refers to your app adding a Contact but it seems like it doesn't use the same Content Providers as Android for this.
From the other thread, my best two ideas for binding a GDK app to a User is to:
1) Generate a QR code on your web service side and scan that in, it will have an encoded authentication token the app will be able to use to identify the user. Obviously this requires integration with the ZXing library and working with the camera.
2) Generate or allow the user to enter a phrase on the web service side that can be treated as a bearer token. In the GDK, prompt the user to speak this phrase and then pass it to your web service, which will reply with a similar authentication token to tie the app to the user. As odd as this is, I do kindof like it since it's simpler from a GDK implementation side.
An application that uses the Mirror API is more likely than not some type of a web service. Why can you not invoke HTTP commands from Glass to your application being hosted on a server?
The Mirror API is a set of REST commands invoked to a Google Server. That same google server then syncs to Glass where Glass will pull the updated content with HTTP requests.
Simply put, create a path in your web app that accepts HTTP commands.
I'm plan on deploy a Java application to Google AppEngine and use federated login (still experimental according to Google). The application is pretty simple Java EE application which expose RESTful interface for simple CRUD operations.
I then want to be able to authenticate to this application using Windows Client Application written in C#.
I think the application should be able to open a window with a browser in ti which will present the login page of my web application and after successful authentication I should be able to get the login token or a cookie to use in the rest of my HTTP requests.
Is it possible to do such thing using federated login? I've found a post explain how to do it using google proprietary login.
Thank you,
Ido.
I've manage to make this work much easier then I thought it would be.
When I send HTTP request to my web service I get 302 Found response with response header name Location which point to the login page.
I use WebBrowser control, register to it Navigated even and navigate to the URL in the Location header.
When the Navigated even fire I use the code from this answer to get the cookies container.
I check each cookie until I find one with the name ACSID and store it.
For every web request to my service I add cookie name ACSID with the value saved at step 4.
This is not the most secure way of doing this. I will add check for the domain of the cookie but this looks good.
I need to send emails from my web application (on account creation, password reset, etc.). This application will most likely be hosted on a standard hosting site (or possibly on Amazon EC2), not on Google App Engine.
However, I like the ease of use for sending email through App Engine. Is there a way to host your application elsewhere but use App Engine to send emails programatically? I suppose I could send a web request from my application to a custom application on App Engine, parse the request, and then send the email from App Engine.
However, I would like to avoid having to create an application on App Engine even if it is very simple as it would be another item to maintain. Is there a simpler way to just use App Engine as the email gateway, similar to using Google Apps for my Domain?
I don't need to receive email by the application. Also, I would like all emails to come from the same domain (like mail#example.com) regardless of if it were sent from the hosted application or App Engine.
You can do this using remote_api. Simply upload a Python app with nothing but the remote api handler included; you can then use the Python remote api library to send emails via App Engine.
Note that emails sent by the App Engine Mail API have to be from an administrator of the app (or the logged in user, but this doesn't apply over remote api). Thus, you'll want to add whatever from account you want as an administrator to the app.
Edit: As mentioned, I am totally wrong! Above post is correct.
First, I am very positive if you want to use App Engine's features you need to actually build an app on it. You can't use their API on external applications. You are right though that you could simply send a request to your app engine app if you wanted it to send email. I don't see how it would be too hard to maintain if that's all it is doing.
Second, if you are planning to send emails via GMail's service, they don't allow you to mask the from address so you will always see it from whatever gmail address you're sending it from.
Why not just send emails from your application but use whatever email service you use now? In most languages and frameworks, SENDING email and not managing it is a breeze.