I have registered an app in the Azure AD portal and given Microsoft Graph API permissions to fetch user data (user.read.) and yammer feeds.
Note: the app is also registered with the yammer portal.
App auth is working fine if I have used a single scope but it fails in case of multiple scopes.
cases :
Working fine in single scope case
val SCOPES = arrayOf("https://graph.microsoft.com/.default")
Not Working in multiple scope case
val SCOPES = arrayOf("https://graph.microsoft.com/.default", "https://api.yammer.com/user_impersonation")
We are using Graph SDK in Android.
Thanks in Advance.
please suggest a way to achieve the solution.
You have set two scopes from different resources, which is not supported.
Because, finally you will get an Azure AD access token. However, the aud claim in the token can only represents one resource.
Conclusion:
You can add more than one scopes from one resource. For example: https://graph.microsoft.com/User.Read.All, https://graph.microsoft.com/Mail.ReadWrite and other scopes from Microsoft Graph.
If you want to get token for more than one resource, you need to get tokens for them separately.
I think we can add just user.read.all, mail.readwrite etc too without prefixing with entire graph URL, just that it needs to be comma separated.
Related
I've set up a small android and firebase app... Authentification works like a charm, and in the firebase console, I can see my user, logged in with the Google account.
Now I am trying to experiment a little with the Text to Speech api, and in doing so, I followed this tutorial:
https://github.com/GoogleCloudPlatform/java-docs-samples/tree/master/texttospeech/cloud-client
I managed to make the small java app work, by setting the GOOGLE_APPLICATION_CREDENTIALS Environment variable (I followed this tutorial for this step: https://cloud.google.com/docs/authentication/getting-started), but I am not sure what I need to do to make that code work in the Android app where the users are authentificated..
The Error that I get when trying to make a call to the TextToSpeech API is:
The Application Default Credentials are not available. They are
available if running in Google Compute Engine. Otherwise, the
environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined
pointing to a file defining the credentials. See
https://developers.google.com/accounts/docs/application-default-credentials
for more information.
The error mentioned comes from the line:
TextToSpeechClient textToSpeechClient = TextToSpeechClient.create();
This error appears because of the fact that on the android emulator I don't have access to the credentials that are set as environment variable in my OS..So I have to provide the credentials in another way.
In the case of other Google APIs, like Storage, I found out that this can be done like this:
// You can specify a credential file by providing a path to GoogleCredentials.
// Otherwise credentials are read from the GOOGLE_APPLICATION_CREDENTIALS environment variable.
GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream(jsonPath))
.createScoped(Lists.newArrayList("https://www.googleapis.com/auth/cloud-platform"));
Storage storage = StorageOptions.newBuilder().setCredentials(credentials).build().getService();
I managed to create the GoogleCredentials object with the contents of the json file, however the TextToSpeech client doesn't seem to provide a functionality similar to this:
StorageOptions.newBuilder().setCredentials(credentials).build()
So my question is....is there a way to provide the Credentials object to the TextToSpeech client?
Thanks
Currently, there is not a way to provide credentials to the TTS Client from this page.
Due to Security / Auth reasons, I believe the best suggested approach is to use Firebase Functions.
Get the Text
Call Firebase Functions
Have Firebase Functions call the TTS API
Return the results.
This way, no keys are leaked inside the application and you can use Firebase Auth.
Let me know if that helps!
Update:
Option 2: iOS Tutorial (should be adaptable to Android)
Get the Text
Call Firebase Functions
Have Firebase Functions return an OAuth2 Token
Use the token directly with the API
Hi (i'm new to this so you'll need to forgive me)
My end goal is to be able to grab an attribute from Microsoft azure active directory for use in my app. The issue being that while i have done a fair amount of research i'm still at a loss of how to achieve my end result.
I have found that Microsoft has an API of sorts that allows authentication with azure AD but i'm unable to find any information as to how i query an attribute.
Possible solutions I've looked into:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-android (Microsoft's android AD API)
Using Java to find simple Active Directory Information (this isn't a possible solution as i need azure integration as the AD server isn't outward facing).
I'm sure that the solution to this isn't a complex one but i would be grateful if someone could point me in the right direction. I don't have much experience with AD which is why i'm struggling here.
You could learn how to integrate Azure AD into an Android app from here . You could call Microsoft Graph API or Azure AD Graph API to access AAD resource :
To call Microsoft Graph API/Azure AD Graph API from Android Native Client application , In Settings blade of that app in azure portal, select Required Permissions and select Add. Locate and select Windows Azure Active Directory(Azure AD graph api )/Microsoft Graph(microsoft graph api) , add the appropriate permissions under Delegated Permissions .
To get access token With ADAL for android :
mContext.acquireToken(MainActivity.this, resource, clientId, redirect, user_loginhint, PromptBehavior.Auto, "", callback);
resource is required and is the resource you're trying to access.So you need to set that value to "https://graph.windows.net" if you want to call Azure AD graph api , and "https://graph.microsoft.com" if you want to call Microsoft Graph Api.
We would like to provide a list of reference from a public sheets that everyone can view in android.
I tried the Quickstart sample from Google which works just fine.
But we would like to minimize the steps (steps like allow access to contacts, choosing google account) since this apps is designed for people who's considering suicide. The list is fill of info about where to ask for help.
I did find a article about how to read a sheet as a InputStream
I would really appreciate if there's more elegant way with Google Sheet API V4
If the Sheets are shared to "anyone with link" or "public", it might not be necessary to go through the account flow in Android. Choosing an account is mainly to get access to the right credentials, but public sheets can be read anonymously (without credentials) with the API.
If you are still looking for an answer, only a single line replacement is needed for this to work:
Credential credential = new GoogleCredential().createScoped(SCOPES);
instead of
Credential credential = authorize();
then you can remove the method authorize() and the corresponding variables
I found out there's a setKey method in com.google.api.services.sheets.v4.Sheets. For the third parameter in Builder, as credential, can be null. But will have error "Requests from this Android client application are blocked" if the Key restricted to Android.
I'm in a situation where I need to request access tokens for two scopes (from my android application), https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.userinfo
I would like to get both permissions on a single call to getAuthToken, but can't figure out the string to pass in the authTokenType parameter. I tried several reasonable combinations with no positive results :(
Has anyone solved this issue? Is it possible?
I was having the same issue. Shah is almost right, but his scope string is wrong. It should be
"oauth2:<scope_url> <scope_url>"
not
"oauth2:<scope_url> oauth2:<scope_url>"
If you need multiple OAuth 2.0 scopes, use a space-separated list.
oauth2:https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.userinfo
You asked for sample code, so have a look at the Google Docs Upload Sample application, and in this application have look at the authentication flow done in this sample Android screen (ignore that it's about Google Docs, it still authorizes first). You can get the whole application and run it in an emulator with Google APIs present or run it on your phone. The authorization workflow starts with the buttonAuthorize click, Authorize() and you are specifically interested in this method:
private void gotAccount(Account account)
{
Bundle options = new Bundle();
accountManager.getAuthToken(
account, // Account retrieved using getAccountsByType()
"oauth2:https://www.googleapis.com/auth/userinfo.email oauth2:https://www.googleapis.com/auth/userinfo.userinfo", // Auth scope
//"writely", // Auth scope, doesn't work :(
options, // Authenticator-specific options
this, // Your activity
new OnTokenAcquired(), // Callback called when a token is successfully acquired
null); // Callback called if an error occurs
}
The user gets this access request screen:
Note that this is using the 'local' OAuth2 mechanism, not opening a web browser, but using the authentication provided when you first activated the Android phone.
Also note that the user sees the full URL of the scope instead of a friendly name, I haven't found a way around this and if you do find out it would be great if you could share the answer.
I go through 2 different Google Calendar code samples. After finished reading them, I am getting confused.
https://developers.google.com/google-apps/calendar/instantiate
They are using oAuth2?
They are using scope https://www.googleapis.com/auth/calendar. Is it because they are using oAuth2?
They required 2 API keys, clientId and clientSecret. Is it because they are using oAuth2?
They are using com.google.api.services.calendar.Calendar.
http://code.google.com/p/google-api-java-client/source/browse/calendar-android-sample/src/main/java/com/google/api/services/samples/calendar/android/CalendarSample.java?repo=samples
They are using ClientLogin?
The scope is cl? Is it because they are using ClientLogin?
They only require 1 simple API access key. Is it because they are using ClientLogin?
They are using com.google.api.services.calendar.model.Calendar. What is the difference with com.google.api.services.calendar.Calendar?
My target platform is on Android. Should I be using method from 1st example, or 2nd example?
The second example is using Android functionality of AccountManager which can access stored account information on an Android device. The AccountManager class will do the OAuth in the background, so that the developer doesn't need to. See previous question.