I'm thinking on my scenario and there is a point I cannot manage to bring to a valid approach:
I have a web app where users log in and, among other things, they can create calendars. If this calendars are marked as publics, all users can see them.
I want them to be able to sync the calendars with their google calendar account. I have this already implemented using gapi.
The problem is when, after a while, any user updates an event of a calendar which other user had synchronized before. He is not going to see the changes in his google calendar, as I'm not able to send him updates since he is not logged into the app.
So, my idea was to create all calendars in our own account, and whoever wants to have it in their google account, just have to subscribe to it. I would do that with gapi.acl lib.
What I don't know how to do is: when the first user wants to syncronize the calendar, it should first be created in our own google account, so that the user will be able to subscribe to it...
But how do I change the account where to create a calendar using gapi?
Maybe it is a stupid question but I cannot manage to find out how to do it.
Thanks in advance!!!!
But how do I change the account where to create a calendar using gapi?
You cant, what you are trying to do is get offline access to a users Google calendar data. OffLine access means that your application can access the users account when the user is "offLine" as in not there. This being a fully automated functionality of your application.
You need to request permission of the user for "offline" access once that is granted you are given a Refresh token the refresh token can then be used to request a new access token when ever your application needs even if the user is "offline".
Your problem being that JavaScript is client side this means that the code is running in the users browser. Due to major security concerns offline access is not something you can request using JavaScript you need to use a server sided programming language.
Maybe it is a stupid question but I cannot manage to find out how to do it.
I don't think its a stupid question but I do think there are some major wholes in your applicating design.
You first need to think of if users really want you writing to their personal calendar account.
Then you need to consider weather or not you want to be writing and sharing your personal calendar with a bunch of unknown users.
There are also major limitations to the number of writes or inserts you can make to a single calendar per day so storing everyone's calendar data in your own calendar is going to not only messy but it may end up overloading your request limit.
Once all that is added up have you considered the verification process this application is going to have to go though. How will you justify your application to googles security review, I am writing to a users calendar, I am storing users calendar data in my own personal calendar ....
Related
I have spent 3 days researching this problem and cannot find a solution or similar use case that shows how to solve the problem, so any pointers would be greatly appreciated.
I am creating a web-app that uses Google Cloud Storage and Bigquery. A user registers on the web app and then can upload data to Cloud Storage and Big Query. Two users could be from the same company and therefore should be able to view the same data - i.e. Jack and Jill work for company A and if Jack uploads a massive dataset via this app, Jill should also be able to view it later.
Another scenario will be I have two completely separate clients with users using this web-app. If users from Company A upload data, users from Company B should not be able to view Company A's data, and vice versa. But users from the same company should be able to view the data within their company.
Currently, I have an app that works for a single company. This has a React front-end that uses Firebase for authentication. Once the user is logged in, they can use the app which sends off API calls to a Flask back-end that does some error checking and authentication checking and then fires off an API call to GCP. This uses a service account and the key is loaded as an environment variable in the environment in which the Flask app is running.
However, if Company B want to use the app now, both Company A and Company B will be able to see each other's data and visualize it through the app. In addition, they will be sharing a project (I would like to change this to allocate billing more easily to have each client have their own project).
I ultimately want to get this app onto Kubernetes and ensure that each company is independent of each other, however, do not want to have to have separate URL's for every company using the app. Also, I want to abstract GCP away from the client. I would prefer to authenticate a user based on their login credentials and then they will be given access to their GCP project (via my front-end) accordingly.
I thought about perhaps having separate service keys for each client and then storing the service key info in Firebase, while using the respective keys for API calls but not sure this is best practice. It is however the only strategy I can think of.
If anyone could provide some help or guidance it would be very much appreciated. This is my first GCP project and have not been able to find any answers on GCP, SO, Google Groups, Slack or Medium.
Thanks,
TJ
First if all, welcome on GCP! It's an awesome platform, very powerful and flexible. But not magic.
Indeed, the use case that you describe is specific to your business logic. GCP provides told for securing access for user and VM(through service account) but not for customer. Here you have to implement your own custom and authorisation logic, with a database (I don't recommend bigquery for website, the latency is too high) to list three users, the companies where they work, the blobs of each company...
Nothing is magic and your use case specific.
If you want to discuss more about which component to use and to start, no problem. Let a comment.
I am trying to create a sample application that will use schemas embedded into email (particulary, ReviewAction described in the end-to-end example by Google).
I have created an google-app-engine application, deployed it as described. It works as expected, excluding gmail doesn't add any buttons to the email.
An email is being send to the same Google account that has created the application (From and To headers of the email are the same).
What I am doing wrong in embedding schemas into email?
ReviewAction hasn't rolled out to all users yet and it is probably going to take the whole next week before it is available to test. Sorry for the delay, I'm sure you understand it takes time to roll out features to all Gmail users and to all Gmail servers.
We’ve got a CRM 2011 implementation using IFD which in turn means is uses claims based identity and ADFS.
I’m struggling to determine how I can keep my user logged in across multiple browser sessions.
I’m not an ADFS expert; I know enough to watch the How-2 video for CRM IFD and click through the wizards. Usually I'd back myself to Google something like this in no time but I've had no luck to date.
Can anyone provide some guidance as to how I might configure some sort of persistence of login in this setup? i.e. for the user to remain logged in and able to return directly to CRM even when they close their browser.
You need to increase the TokenLifetime. Refer:
CRM 2011 ADFS and TokenLifetime
It is hardcoded to be a session cookie in Microsoft.Crm.Authentication.CrmSessionAuthenticationManager, Microsoft.Crm.Authentication
You would need to decompile the class, change the code and configure CRM to use your new module in the web.config
I'm using Google's user api on Google App Engine for authentification. As nearly everyone have a Google Account and api is easy to implement, that solution is convenient.
The problem is, though, with user who do not have a Google Account (or have no idea what a Google Account is). Where the api provides a nice interface to log in/log out and redirect immediately and easily to the app, nothing is said to developers about potential new users.
So here are a couple of things worth noticing:
Google' new Google Account page (https://www.google.com/accounts/NewAccount) is pretty straightforward, but not convenient at all for new users of a GAE app: no mention of anything not Google (users who don't really know what authentification is won't have any clue of why they need to open an account with Google), dead end (won't lead anywhere in the end), ugly.
GAE Log In screen includes a link to the New Google Account page. This link is of the form:
https://www.google.com/accounts/NewAccount?continue=http%3A%2F%2Fexample.com%2F_ah%2Flogin%3Fcontinue%3Dhttp%3A%2F%2Fexample.com%2Fprofile%2F&service=ah<mpl=gm&sig=0aa0a000aa000a00000aa0000a000aa
(Where example.com is the return url provided to the API). Great! But the situation is in no way different than it was: still a dead end, still no mention of any non-Google app, still ugly).
So, I'm asking, is there any imaginative way to provide a nicer interface for new users? Have anyone have ideas of how to present the process to the new users (a video for how to create a new account? some kind of tutorial page? etc.)? Just trying to think outside of the technical box here...
Regarding the various authentication options you can check out the Java or Python docs on OpenID (http://openid.net/)
Basically this allows supporting authentication by different agents, which includes Google accounts or even your own GAE application's custom implementation.
Furthermore you can check out User Experience summary for Federated Login for more information regarding UX considerations and best practices - with user authentication.
I have developed a dating website built on top of the Google App Engine, to which I would like to add instant messaging, and possibly/probably audio and video conferencing.
Given that the users on the website do not want to share their personal details or real contact information, I am handling all of the login information and sessions without assuming that the clients have (or even want) a google account ID or any other login that is associated with their real identity.
I would like to hear suggestions on how I could go about adding instant messaging to my website given that I cannot just directly access Google Talk or some other existing service.
Would it make sense to use XMPP for this, and if so will Google Talk or any other XMPP service provider allow me to register new user accounts without manual intervention (ie. after a user is registered on my site, automatically register them with the XMPP provider)? Or, if not, perhaps I can use a single google ID with Google Talk with a different resource identifier for each user (me#google.com/user1, me#google.com/user2, etc...), and send messages between the different resources? Could this work, and/or would having thousands of simultaneous connections to a single account get me banned from Google Talk?
Perhaps some kind of AJAX based solution might make more sense given the fact that users are already registered on my website, but are not registered for an XMPP service?
Any suggestions about how I might approach this problem would be greatly appreciated.
Kind Regards
-Alexander
Text chat is the easier problem. You can do either with or without XMPP. Without XMPP, you'll be building a Facebook chat type client on your pages that sends messages from each user to the app, and the app then shows then on the recipient's screen.(The client can be polling, or use comet when it comes out). Check out olark to see how this works.
Once you build code to use the app as a switchboard that routes the correct message to the correct person (anonymously, maybe), you can port this easily to XMPP if you require. Both parties add you.dating.site#appspotchat.com to their buddy lists, and you send all messages from girl#site.com to guy#site.com and vice-versa. (assuming a heterogeneous site.)
Audio and video, I have no clue how to do without sharing details between the parties :-/