How to get auth token for Google Custom Search Engine? - google-app-engine

I'm trying to create a Google custom search engine programatically. Therefore I have to sent the GET request as described in this link.
https://developers.google.com/custom-search/docs/api
GET http://www.google.com/cse/api/<USER_ID>/cse/<CSE_ID>
Authorization: GoogleLogin auth=IM6F7Cx2fo0TAiwlhNVdSE8Ov8hw6aHV
Here they mentioned auth token. How can I get this?

From the page you linked Custom Search - autentication
Although the Accounts Authentication API supports multiple authentication methods, Custom Search only supports ClientLogin
Answer: You get the access token back from client login.
What I would like to know is what will happen when client login stops working and if this will work with OAuth2. If it does work with OAuth2 why haven't they added documentation for it. I am sending some feed back on that page, its really outdated.

I had this same question, especially since ClientLogin is now deprecated, so I asked Google support and this was the response:
"Hi,
Greetings from Google for Work Support Team!
As i understand from your message, you are trying to use GSS features programmatically, i would like to update you that GSS supported only client login authentication to access search engine and its features programmatically, but client login is deprecated and it no longer works with GSS.
Oauth 2.0 is also currently not supported with GSS.
We already have a feature request #6043481 to provide support for Oauth 2.0 with GSS. However i don't have an ETA when it will be implemented.
Due to this reason, currently adding promotion programmatically is not possible. I would recommend you to use search engine control panel and respective features manually by opening GSS control panel in browser and update promotion from GSS control panel->Search Feature-> Promotions-> Add as per your requirement.
Please check the same from your end and let me know if you need any further assistance with this."
tl;dr: This is currently not possible.

It looks like they've removed this functionality altogether instead of fixing it so auth is possible. There are no longer docs at https://developers.google.com/custom-search/docs/api , it 404s.

Related

React Form send email

I am building a form in react and I wanted to send it to my email when the user clicked the submit button.
I was looking at Microsoft Graph API for sending the email (https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=javascript), but checking it, seems that it needs a temporary token, so I can't use it as I would need to be changing the token every hour or so.
So, I'm basicaly trying to find an API like the Gmail but for office 365 accounts (https://developers.google.com/gmail/api/guides/sending), as we can create a gcp project and use the keys that it generates for us, instead of using a token like the MS Graph API
Generaly I would use a route in my API, but this site is static, so I do not have any API (neither serverlets, cloud functions or other stuff like it).
Is there any away to send an email through a Microsoft API from my web client in react, using only a token specific to the domain? Or is there a better away to acomplish this same result?
I highly recommend using https://formsubmit.co/. It's free and I personally use it in many projects. Works flawlessly with many features like email templating, captcha, reply_to, etc.
No backend knowledge is required. Can set it up in like 1 minute.
One option would be to authenticate on behalf of the user.
You can also have a small proxy API, dedicated for the purpose of allowing the users to send an email.

Use one AAD App Registration for Web-API and WPF Client APP

I'm trying to use one AAD App-Registration for both, a Web-API and a WPF Client APP. I've managed to configure the App-Registration correctly for my Web-API, but now I want to add a Native-Client APP to the same Registration, where a WEB-Registration is allready set up.
It works for me if I'm using only one of them, so if i register only the Web App it works. The same is true for the Native-Client App.
So I'm wondering if it is possible to combine those two and only use one App-Registration.
This is the error I get when trying to acquire a token with both registrations:
MSAL.NetCore.4.25.0.0.MsalServiceException:
ErrorCode: invalid_client
Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details.
You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details.
Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Thank you in advance.
Use one AAD App Registration for both is not recommended although it seems to be able to meet your identity authentication needs. But generally we will need to use app roles or some other configurations, it will be very confusing in this case. It's recommended to use 2 app registrations.
The AADSTS7000218 error means you didn't put client_secret.

Will the login functionality built into the Users API stop working on April 20th?

I am currently using the Users API (this one here) with the Go language on my Google App Engine application. My users are getting the warning message when they first grant permissions that says "OpenID 2.0 for Google accounts is going away. Developers should migrate to OpenID Connect by April 20, 2015." But I can't find any warnings in the documentation for the Users API anywhere saying that anything will stop working, like I do all throughout other sections regarding OpenID 2.0 (here).
I am using very little of the Users API code, just to create the login urls like this:
url, _ := user.LoginURLFederated(c, return_url, "www.google.com/accounts/o8/id")
And to read the users' email addresses, like this:
u := user.Current(appengine.NewContext(r))
email := u.Email
Do I need to worry about migrating, or will the Users API handle everything without failing after April 20th?
Please read this information:
https://developers.google.com/identity/protocols/OpenID2Migration
https://developers.google.com/identity/protocols/OpenIDConnect
https://developers.google.com/identity/sign-in/auth-migration
You may also find this forum post helpful.
Apps that use user.LoginURLFederated in conjunction with Google Accounts will stop working. These apps need to follow the information in the first link above to migrate.
Apps can continue to use user.LoginURLFederated for use with various other third-party OpenID2 service providers.
So, it turns out that the answer is "YES!". Definitely stopped working. The older development versions of my website now take you to an error page when you try to sign in. Luckily I had moved away from the User package before the deadline to the much buggier Google Sign-In for Websites.

What's the simplest way to get user Groups from WAAD?

I've got AngularJS and Web.API WAAD authentication up and running. For client side I use great library ADAL.JS. For backend I use Microsoft.Owin.Security.OAuth. This part went quite smooth.
Now I want to implement authorization based on roles (which will be mapped to WAAD groups). Groups are not included in authentication token so I must ask Azure Graph API for them. I saw various ways to do it, using custom claims providers, adding web services to project, etc. Some examples already providing mapping between groups and roles to use in [Authorize] attribute.
But what is just the simplest example of how to get a list of group ids/names from WAAD providing User ID or username, when I'm already authenticated?
Also, is there any way to get this data in JS to use in Angular frontend, or should I create an API service which Angular should call for roles info?
In the non-JS case, the simplest way of getting groups in the token is by opting in. Download your application’s manifest, locate the “groupMembershipClaims” entry, change its value to “SecurityGroup” or “All”, upload back the manifest.
However note that this won't work for your scenario, because it uses the implicit grant - here the token is returned in an URI fragment, hence a big token would risk blowing past the URL length limits of the browser.
You can always request groups to the Graph and make it available to your frontend via custom action on your API, but from what you wrote you are already familiar with that. Let me discuss the matter here - if there's a simpler route to make this work in SPAs, I'll get back to this thread.
HTH
V.
Update: I verified and in the implicit grant case you will receive groups always via the overage claim. Please refer to https://github.com/AzureADSamples/WebApp-GroupClaims-DotNet/tree/master/WebApp-GroupClaims-DotNet - it will show you how to process the overage claim to retrieve groups. All you need to do is apply the same guidance to a web API instead, and if you need to make the info available to the client expose one or more actions doing so.

Use Oauth 2.0 in google app engine with java

I would like to use Oauth 2 for an application in Google App Engine with Java, but I dont find any good example of that use, I would be very thankful if somebody could help me please, it is something frustrating dont find good examples, thnak you.
My 2c is avoid oauth2 libraries. Of course opinions may vary, but for me they provide very leaky abstractions, so you end up being dragged into understanding oauth by the back door. For me at least, taking an hour to read the the two pages that tell you all you need to know, and carefully avoiding all the others, will get you where you want to be.
In simple terms, the steps are :-
Call the auth URL with your app/client ID and the scopes you require. Include the "email" scope.
Google will walk the user through login, and (if the first time through) authorisation dialogues
Eventually the browser will redirect back to your oauthcallback url, and pass you an auth code
Call google to convert the auth code to a refresh token. This will also return the user's google ID and an access token.
Store the user ID in your session so you can identify the user subsequently
Persist the refresh token alongside the google user id in a database
On subsequent visits...
If you have the google user id in the your session, you can retrieve the refresh token from your database and use it to generate access tokens as you need them.
If you do NOT have the google user id in your session, go through the steps above. This time, google will NOT prompt the user for authorisation (since it's already authorised), and the refresh token will be blank (since you already have one stored).
Everything you need to know is within the oauth playground page. If you click through the buttons, you will see that it is following the steps I outlined above.
You then need to deal with the possible error situations, eg
user declines permission
user withdraws permission
google expired the refresh token (happens a lot) so you need to re-auth
timeouts
The two pages you need to read are :-
https://developers.google.com/accounts/docs/OAuth2WebServer and the oauth playground at https://developers.google.com/oauthplayground/
Trust me, as long as you know how to form a URL, store a refresh token (it's just a string) and parse a JSON response, then everything you need is on those pages. Except ...
all the documentation skips over the need to preserve the user ID in your session so you know who it is that is accessing your app. If you're on AppEngine, you may be confused by the appengine sample code which uses a separate appengine login. Ignore it. You will be using oauth to authenticate the user so the appengine stuff doesn't apply and is somewhat confusing.
It's actually much simpler than some of the documentation would lead you to believe, and like I said, imho the leaky libraries don't help.
I'm trying to do exactly the same thing and I agree - it is extremely hard to find a good example of this.
I did find this youtube video however and I think it would help: https://www.youtube.com/watch?v=tVIIgcIqoPw.
Its from Google and it is called Getting Started with Google APIs. The last segment of the video deals with authentication.
There are several OAuth 2 client and server libraries for Java listed on this page: http://oauth.net/2/
Here's quick-start documentation for using Apache Otlu: https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart
If you're accessing a Google API (as a client), you can use the Google client library for Java, which does OAuth as well as API set-up: https://code.google.com/p/google-api-java-client/

Resources