Status Update
No update yet.
Comments
se...@google.com
se...@google.com
Hello,
I am consulting on this, I will update you as soon as possible
Regards
mo...@brothercourierservice.com
BCS wip
mo...@brothercourierservice.com
BCS sheets
sa...@google.com
Thank you for your patience.
You can find the relevant information under
With some Google APIs, you can make authorized API calls using a signed JWT directly as a bearer token, rather than an OAuth 2.0 access token. When this is possible, you can avoid having to make a network request to Google's authorization server before making an API call.
ga...@myblueprint.ca
But this is valid for server side requests... how would I use the JWT in the JS library? I am currently using google.picker.PickerBuilder() and in that we need a setOAuthToken and there's no method to pass a JWT (nor parts of it) instead...
ga...@myblueprint.ca
So, before I was able to do something like:
const DISCOVERY_DOC = 'https://www.googleapis.com/discovery/v1/apis/drive/v3/rest';
const AUTH_SCOPE = [
'https://www.googleapis.com/auth/drive.file',// required to see the files
'https://www.googleapis.com/auth/drive.readonly'// required to see preview from videos
].join(' ');
gapi.auth2.init({ client_id: clientId, scope: AUTH_SCOPE, immediate: false, discoveryDocs: [DISCOVERY_DOC] }).then((googleAuth) => {
const accessToken = googleAuth.currentUser.get().getAuthResponse(true).access_token
const picker = new google.picker.PickerBuilder()
.setOAuthToken(accessToken)
picker.build();
});
(parts omitted for simplicity sake, not sure if this is a copy/paste functioning code. Just pasted here the most important parts)
al...@google.com
sa...@google.com
Per
User sign-in no longer requires you to understand or work with OAuth2 authorization codes, access tokens, or refresh tokens. Instead a JSON Web Token (JWT) ID Token is used to share sign-in status and the user profile. As a further simplification, you are no longer required to use "getter" style accessor methods to work with user profile data.
A secure Google-signed JWT ID token credential is returned either:
- to the user's browser-based JavaScript callback handler in Popup mode, or
- to your backend server through a Google redirect to your login endpoint when the Sign In With Google button ux_mode is set to redirect.
In both cases, update your existing callback handlers by removing:
- calls to googleUser.getBasicProfile(),
- references to BasicProfile, and associated calls to getId(), getName(), getGivenName(), getFamilyName(), getImageUrl(), getEmail() methods, and
- usage of the AuthResponse object.
Instead, use direct references to credential sub-fields in the new JWT
ga...@myblueprint.ca
I get that, but I am very sorry, I am not getting how to use the JWT or the new credential into the gPicker...
gPicker requires this .setOAuthToken(accessToken) (I tried to build without it and it doesn't work). I also tried to use the entire JWT as the param for this and just the credential as the param, neither worked.... do you have an example? Can you modify the example I sent with the correct way to use the JWT?
How am I supposed to use any of these fields
header
{
"alg": "RS256",
"kid": "f05415b13acb9590f70df862765c655f5a7a019e", // JWT signature
"typ": "JWT"
}
payload
{
"iss": "https://accounts.google.com", // The JWT's issuer
"nbf": 161803398874,
"aud": "314159265-pi.apps.googleusercontent.com", // Your server's client ID
"sub": "3141592653589793238", // The unique ID of the user's Google Account
"hd": "gmail.com", // If present, the host domain of the user's GSuite email address
"email": "elisa.g.beckett@gmail.com", // The user's email address
"email_verified": true, // true, if Google has verified the email address
"azp": "314159265-pi.apps.googleusercontent.com",
"name": "Elisa Beckett",
// If present, a URL to user's profile picture
"picture": "https://lh3.googleusercontent.com/a-/e2718281828459045235360uler",
"given_name": "Elisa",
"family_name": "Beckett",
"iat": 1596474000, // Unix timestamp of the assertion's creation time
"exp": 1596477600, // Unix timestamp of the assertion's expiration time
"jti": "abc161803398874def"
}
into the Picker builder?
ga...@myblueprint.ca
Is there any example I can go off with using credentials? I mean, the whole point of this ticket is not to change the way the lib is implemented it is just getting better documentation/examples on how to work with the new Identity, which means example on how to use the JWT with the picker api...
ga...@myblueprint.ca
I see that the ticket got marked again as won't fix again, but the last comment doesn't exactly address the issues...
gi...@gmail.com
do...@temp.goformative.com
gsi calls gapi.client.setToken() after a successful login and you can retrieve the OAuth2 access token as gapi.client.getToken().access_token.
ja...@gmail.com
Having the same issue, would be really appreciate if anyone posts a solution
ja...@q42.nl
av...@ucsd.edu
ga...@myblueprint.ca
So, I am having a situation where I am using google.accounts.oauth2.initTokenClient to get the token.
I am still using gapi but for:
gapi.load('client', callback);
gapi.client.drive.files.export;
gapi.client.drive.files.get;
gapi.client.setToken; => I still need to call this otherwise I cannot make use of the loading drive v2 nor the drive objects
gapi.client.load('drive', 'v2');gapi.load('picker', callback
I believe all of those are allowed (even after deprecation)...
But, I am still seeing browser windows to login... shouldn't I be seeing a button like this? gsi was to get rid of the browser window, am I doing something wrong? Or is this already "migrated"?
From this:
To help you identify locations where the old library might be included in your site, typically:
...
direct usage of gapi.client loads apis.google.com/js/api.js.
I think I should not be able to call gapi.client at all, but then, how do I load drive? Or even gapi.client.drive.files I need that for export and getting the file after selection, and I cannot use those without initing client...
sp...@gmail.com
There is absolutely no way on offering the same workflow we tried everything.
How it is possible that with the picker API we are not able to get the user email to access via service account the drive files the user give permission to access?
This issue is tagget as "won't fix" but we need a clear answer on how to manage together google identity & drive picker it as this will be affecting many implementations.
Description
Before filing an issue, please read and follow these instructions carefully.
First, please search through existing issues to ensure that the feature request has not already been reported. You can start the search here:https://issuetracker.google.com/savedsearches/566275
If the feature has already been requested, you can click the star next to the issue number to subscribe and receive updates. We prioritize responding to the issues with the most stars. You can also comment on the issue to provide any context of how the feature would benefit you.
Also, please verify that the functionality you are requesting is not already present in the current API and tools.
If your feature has not been requested, please provide all of the following:
A short description of the request:
What is the purpose of this new feature?
Google is deprecating gapi.auth and the new identity returns a credential that doesn't work directly on
setOAuthTokenand if parsed through JWT parser, does not offer any token for us to use in thesetOAuthToken. There are no docs nor examples on how to integrate both