I'm using the Google Cloud Speech-to-text API, within my android app.
How would one authenticate to the API without the ability to set the necessary environment variable?
I've not been able to find any documentation covering authenticating on android, with the environment variable, and file
Your question is unclear but I think you're trying to use a service account ("file") and perhaps GOOGLE_APPLICATION_CREDENTIALS ("environment variable") to authenticate your app.
You should not.
Service Accounts are best applied to software (e.g. another service) that's running autonomously (i.e. not directly by a human user) that needs to authenticate with a Google API.
For an Android App, I think you probably wish to authenticate the human user of your app against the Google API using the full OAuth flow were your user is prompted to approve use of the Google API and then, your application is authenticated as this user.
See here for an explanation of the 3 primary authentication methods:
https://cloud.google.com/docs/authentication/
See here for an overview of authenticating a human user to a Google API:
https://cloud.google.com/docs/authentication/end-user
See here -- less confident in this as I've not used it -- as a way to authenticate Android apps using Google Sign-In (i.e. OAuth):
https://developers.google.com/identity/sign-in/android/sign-in
HTH
I have SiteA storing user information(name, office, department etc.).
The back end has exposed REST WS that give the information to the front end. The site uses Google OAuth2 authentication - Users log in via Google account. With OAuth2 we let google handle the login(without asking for username and password). Google generates an authorization code that is used with the client_id and client_secret to generate an token for the user.
I have SiteB. I am creating a job that is going to be executed once a day.
I need it to login programmatically to SiteA so I can get a security token that I can use in requests to the REST WS API provided by SiteA and fetch the needed information.
I was unable to find a similar question online. Everything usually ends up to the user opening a browser and navigating to an approaval URL.
Something similar is Google Drive API - OAuth2.0: How to Automate Authentication Process? Doubts and Questions, but it is about connecting to Google Drive without login.
I am starting to doubt that it is possible. Have anyone figured out how to implement this way of communication between systems?
The only option that I could thing of is connecting to SiteA DB and extracting records manually, but that would duplicate the login in SiteA and SiteB.
What I was asking is not possible in the time of writing the question.
What we did to solve the issue is to extend the life of the token for the account that is used to login to SiteA and set it it in the header of the request from SiteB:
connection.setRequestProperty("Authorization", token);
We changed the lifespan of the token from the database and since this are internal systems the long life of the token is not a problem.
Another option is to follow How to get offline token and refresh token and auto-refresh access to Google API and generate an offline token, but the idea is still the same.
Hope this helps someone.
I've successfully implemented user login in my android app with Google Identity Toolkit. I've also created an App Engine Endpoint to communicate from the Android app. Now I want to secure the endpoints with auth.
I know I can create a custom Authenticator for endpoint and do any kind of verification of the data in request header in there and get the job done.
But I don't know how to do the Gitkit verification there.
Basically
What data should I pass to reach endpoint calls from Android app?(token ID?)
What should I do in the custom Authenticator of endpoint to ensure the requests are valid?
I saw people suggesting to use Session or cookies. Will these work if I'm using the endpoint from Android app? If yes please give me some reference on how it can be done.
Gitkit tokens are JWT format, so you validate them on server-side just as any other JWT token.
See example documentation on how to validate JWT here: https://developers.google.com/identity/sign-in/web/backend-auth It's the same format.
I have also my own project to integrate it with Jersey server:
https://github.com/dlazerka/gae-jersey-oauth2. It uses recommended com.google.api-client library to actually verify the token.
I'd like to use the google universal analytics API on the server side. The idea is that there is a browser app showing some graphs which is open to the intranet and doesn't require a login at all. So server either does the login for client and provides the working token to the client or the server provides all the data to the client as well. Oauth login docs and libs from google rely on redirect urls etc which sounds painful for a server-side login . So is it possible and are there any tutorials?
I am developing a Java application that needs to access personal account Google Data of a user. The development is currently in netbeans on my localhost. I am implementing 3-legged OAuth. And while sending Grant request, it sends me Unauthorized Request Token and then redirects to Callback URL.
While trying to access Access Token, it gives me Error "Error Getting HTTP Response". Now, as per it given in Google Documentation, it is given that "If the application is not registered, Google uses the oauth_callback URL, if set; if it is not set, Google uses the string "anonymous"." Does it mean that I must register my application on Google Apps Engine before granting authorization & accessing request ? Please Help.
For reference : OAuth for Web Applications, OAuth in the Google Data Protocol Client Libraries
Based on your question, it's probably not the registration piece that's causing you trouble. It sounds like you just haven't implemented OAuth correctly — not that doing so is easy. The OAuth process is roughly as follows:
Get a request token. You must pass in a bunch of stuff that declares what kind of stuff you want access to and where you want Google to send the user when they're done granting you access to that data. This is where you pass in your consumer key, which you get by registering. The consumer key will be the string anonymous if you are developing an installed application (i.e., mobile app, desktop app, etc). This is a work-around; the alternative would be to embed your client secret or RSA private key within the application itself, which is a very, very bad idea. If you use 'anonymous', you should absolutely be setting the xoauth_displayname parameter. (Actually, everyone should set this parameter, but it's especially important if you're using anonymous.)
Once you have a request token, you then redirect the user to the special authorization endpoint, passing along the request token key in the query string. Assuming the user grants access, Google will redirect the user back to the callback URL that you associated with your request token. The request token is now authorized, but it can't be used directly just yet.
Once the request token is authorized, you can exchange it for an access token key/secret pair. The access token key/secret can then be used to sign requests for protected resources, such as the private data in the API you're trying to access.
For web applications, registering is almost always a good idea. It makes it much easier for users to manage their access tokens and revoke them if your application misbehaves or if they don't want you to have access anymore. If you don't register, your application will probably show up as a fairly scary-looking 'anonymous' in that list. It's really only installed applications that you wouldn't want to register for. You probably also want to register for an API key. An API key will dramatically increase your rate limit and it will also allow Google to get in touch with you if your application starts to malfunction.
I'd link to the OAuth docs, but you've already found them. Hope my explanation helps!
If you're developing on your local machine, you'll continue to get the same result as above.
For more interesting tests, then yes, you'll have to register your app and push it to the app engine.
Google will check if the domainname of the return-url is registered. You could also modify your dns/host-file to point the domain-name you're using to localhost.