I want to get user email messages or tokens from Gmail in an Android application. How can I get a user's messages and token from Gmail? I need an example application.
You can use the example from here:
https://developers.google.com/gmail/api/quickstart/android
Later, instead request the labels you need to ask for messages so you need to update function 'getDataFromApi' to get messages :
private static final long MAX_RESULTS_PER_REQUEST = 20;
private void getDataFromApi() throws IOException {
List<String> labelsId = new ArrayList<>();
labelsId.add("INBOX");
ListMessagesResponse response=null;
response = mService.users().messages().list("me").setMaxResults(MAX_RESULTS_PER_REQUEST).setLabelIds(labelsId).execute();
List<Message> messages = response.getMessages();
for (Message message : messages) {
Message curMessage = mService.users().messages().get("me", message.getId()).execute();
System.out.println("cur message==>"+curMessage);
}
}
You can get this using Content Provider API of Gmail
The Android Gmail app starting in versions 2.3.6 (Froyo/Gingerbread)
and 4.0.5 (Honeycomb/ICS) includes a new Content Provider API that
third party developers can use to retrieve label information like name
and unread count, and stay updated as that information changes
To see an example of this API in action, check out the sample app.
Related
I'm developing an Android App based on Outlook-SDK-Android. The App talks with Outlook Calendar REST API to retrieve, book and delete events (see code examples here and here). Now I need to read someone else's calendar and I've been provided an Office365 account with delegate access (author permission level) towards other users.
I've registered my app using the provided account on the new portal. In my App I use the scope "https://outlook.office.com/Calendars.ReadWrite".
(The scope is used in com.microsoft.aad.adal.AuthenticationContext.acquireToken() to initialize an Office REST Client for Android OutlookClient, a shared client stack provided by orc-for-android)
When I try to read another user's calendar on which I have delegate access I just receive back a 403 response:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
Any help?
Is it a limitation of the API? If so why is the following method invocation chain provided then?
outlookClient.getUsers()
.getById("meetingRoom#company.com")
.getCalendarView()
UPDATE:
It seems like there are works in progress that will allow this scenario, as reported here: Office 365 REST API - Access meeting rooms calendars
So if progress in that direction has been made can I achieve my goal without using an "admin service app"? (see Office 365 API or Azure AD Graph API - Get Someone Elses Calendar)
Can I use basic authentication as suggested here?
Calendar delegation is a feature of Exchange, the Graph API and Outlook API do not allow the user to access the delegated calendar.
Currently, the alternative workaround could be use the EWS. And here is an sample for your reference:
static void DelegateAccessSearchWithFilter(ExchangeService service, SearchFilter filter)
{
// Limit the result set to 10 items.
ItemView view = new ItemView(10);
view.PropertySet = new PropertySet(ItemSchema.Subject,
ItemSchema.DateTimeReceived,
EmailMessageSchema.IsRead);
// Item searches do not support deep traversal.
view.Traversal = ItemTraversal.Shallow;
// Define the sort order.
view.OrderBy.Add(ItemSchema.DateTimeReceived, SortDirection.Descending);
try
{
// Call FindItems to find matching calendar items.
// The FindItems parameters must denote the mailbox owner,
// mailbox, and Calendar folder.
// This method call results in a FindItem call to EWS.
FindItemsResults<Item> results = service.FindItems(
new FolderId(WellKnownFolderName.Calendar,
"fx#msdnofficedev.onmicrosoft.com"),
filter,
view);
foreach (Item item in results.Items)
{
Console.WriteLine("Subject: {0}", item.Subject);
Console.WriteLine("Id: {0}", item.Id.ToString());
}
}
catch (Exception ex)
{
Console.WriteLine("Exception while enumerating results: { 0}", ex.Message);
}
}
private static void GetDeligateCalendar(string mailAddress, string password)
{
ExchangeService service = new ExchangeService();
service.Credentials = new WebCredentials(mailAddress, password);
service.TraceEnabled = true;
service.TraceFlags = TraceFlags.All;
service.AutodiscoverUrl(mailAddress, RedirectionUrlValidationCallback);
SearchFilter sf = new SearchFilter.SearchFilterCollection(LogicalOperator.And, new SearchFilter.IsEqualTo(AppointmentSchema.Subject, "Discuss the Calendar REST API"));
DelegateAccessSearchWithFilter(service, sf);
}
And if you want the Outlook and Graph API to support this feature, you can try to contact the Office developer team from link below:
https://officespdev.uservoice.com/
FindMeetingTimes is currently in preview! To view the details, use this link and then change it to view the Beta version of the article (top right in the main column): https://msdn.microsoft.com/en-us/office/office365/api/calendar-rest-operations#Findmeetingtimespreview
Details below from the article, but please use the link to get the latest:
Find meeting times (preview)
Find meeting time suggestions based on organizer and attendee availability, and time or location constraints.
This operation is currently in preview and available in only the beta version.
All the supported scenarios use the FindMeetingTimes action. FindMeetingTimes accepts constraints specified as parameters in the request body, and checks the free/busy status in the primary calendars of the organizer and attendees. The response includes meeting time suggestions, each of which is defined as a MeetingTimeCandidate, with attendees having on the average a confidence level of 50% chance or higher to attend.
I have been doing extensive research on how to authenticate your client (Android, iOS, web-app) with Cloud Endpoints without requiring your user to use their Google account login the way the documentation shows you.
The reason for this is that I want to secure my API or "lock it down" to only my specified clients. Sometimes I will have an app that does not have a user login. I would hate to pester my user to now sign in just so my API is secure. Or other times, I just want to manage my own users like on a website and not use Google+, Facebook, or whatever else login authentication.
To start, let me first show the way you can authenticate your Android app with your Cloud Endpoints API using the Google Accounts login as specified in the documentation. After that I will show you my findings and a potential area for a solution which I need help with.
(1) Specify the client IDs (clientIds) of apps authorized to make requests to your API backend and (2) add a User parameter to all exposed methods to be protected by authorization.
public class Constants {
public static final String WEB_CLIENT_ID = "1-web-apps.apps.googleusercontent.com";
public static final String ANDROID_CLIENT_ID = "2-android-apps.googleusercontent.com";
public static final String IOS_CLIENT_ID = "3-ios-apps.googleusercontent.com";
public static final String ANDROID_AUDIENCE = WEB_CLIENT_ID;
public static final String EMAIL_SCOPE = "https://www.googleapis.com/auth/userinfo.email";
}
import com.google.api.server.spi.auth.common.User; //import for the User object
#Api(name = "myApi", version = "v1",
namespace = #ApiNamespace(ownerDomain = "${endpointOwnerDomain}",
ownerName = "${endpointOwnerDomain}",
packagePath="${endpointPackagePath}"),
scopes = {Constants.EMAIL_SCOPE},
clientIds = {Constants.WEB_CLIENT_ID, Constants.ANDROID_CLIENT_ID,
Constants.IOS_CLIENT_ID,
Constants.API_EXPLORER_CLIENT_ID},
audiences = {Constants.ANDROID_AUDIENCE})
public class MyEndpoint {
/** A simple endpoint method that takes a name and says Hi back */
#ApiMethod(name = "sayHi")
public MyBean sayHi(#Named("name") String name, User user) throws UnauthorizedException {
if (user == null) throw new UnauthorizedException("User is Not Valid");
MyBean response = new MyBean();
response.setData("Hi, " + name);
return response;
}
}
(3) In Android call the API method in an Asynctask making sure to pass in the credential variable in the Builder:
class EndpointsAsyncTask extends AsyncTask<Pair<Context, String>, Void, String> {
private static MyApi myApiService = null;
private Context context;
#Override
protected String doInBackground(Pair<Context, String>... params) {
credential = GoogleAccountCredential.usingAudience(this,
"server:client_id:1-web-app.apps.googleusercontent.com");
credential.setSelectedAccountName(settings.getString(PREF_ACCOUNT_NAME, null));
if(myApiService == null) { // Only do this once
MyApi.Builder builder = new MyApi.Builder(AndroidHttp.newCompatibleTransport(),
new AndroidJsonFactory(), credential)
// options for running against local devappserver
// - 10.0.2.2 is localhost's IP address in Android emulator
// - turn off compression when running against local devappserver
.setRootUrl("http://<your-app-engine-project-id-here>/_ah/api/")
.setGoogleClientRequestInitializer(new GoogleClientRequestInitializer() {
#Override
public void initialize(AbstractGoogleClientRequest<?> abstractGoogleClientRequest) throws IOException {
abstractGoogleClientRequest.setDisableGZipContent(true);
}
});
// end options for devappserver
myApiService = builder.build();
}
context = params[0].first;
String name = params[0].second;
try {
return myApiService.sayHi(name).execute().getData();
} catch (IOException e) {
return e.getMessage();
}
}
#Override
protected void onPostExecute(String result) {
Toast.makeText(context, result, Toast.LENGTH_LONG).show();
}
}
What is happening is that in your Android app you are showing the Google account picker first, storing that Google account email in you shared preferences, and then later setting it as part of the GoogleAccountCredential object (more info on how to do that here).
The Google App Engine server receives your request and checks it. If the Android Client is one of the ones you specified in the #Api notation, then the server will inject the com.google.api.server.spi.auth.common.User object into your API method. It is now your responsibility to check if that User object is null or not inside your API method. If the User object is null, you should throw an exception in your method to prevent it from running. If you do not do this check, your API method will execute (a no-no if you are trying to restrict access to it).
You can get your ANDROID_CLIENT_ID by going to your Google Developers Console. There, you provide the package name of your Android App and the SHA1 which generates for you an android client id for you to use in your #Api annotation (or put it in a class Constants like specified above for usability).
I have done some extensive testing with all of the above and here is what I found:
If you specify a bogus or invalid Android clientId in your #Api annotation, the User object will be null in your API method. If you are doing a check for if (user == null) throw new UnauthorizedException("User is Not Valid"); then your API method will not run.
This is surprising because it appears there is some behind the scenes validation going on in Cloud Endpoints that check whether the Android ClientId is valid or not. If it is invalid, it won't return the User object - even if the end user logged in to their Google account and the GoogleAccountCredential was valid.
My question is, does anyone know how I can check for that type of ClientId validation on my own in my Cloud Endpoints methods? Could that information be passed around in an HttpHeader for example?
Another injected type in Cloud Endpoints is the javax.servlet.http.HttpServletRequest. You can get the request like this in your API method:
#ApiMethod(name = "sayHi")
public MyBean sayHi(#Named("name") String name, HttpServletRequest req) throws UnauthorizedException {
String Auth = req.getHeader("Authorization");//always null based on my tests
MyBean response = new MyBean();
response.setData("Hi, " + name);
return response;
}
}
But I am not sure if the necessary information is there or how to get it.
Certainly somewhere there must be some data that tells us if the Client is an authorized and specified one in the #Api clientIds.
This way, you could lock-down your API to your Android app (and potentially other clients) without ever having to pester your end users to log in (or just create your own simple username + password login).
For all of this to work though, you would have to pass in null in the third argument of your Builder like this:
MyApi.Builder builder = new MyApi.Builder(AndroidHttp.newCompatibleTransport(),
new AndroidJsonFactory(), null)
Then in your API method extract whether or not the call came from an authenticated client, and either throw an exception or run whatever code you wanted to.
I know this is possible because when using a GoogleAccountCredential in the Builder, somehow Cloud Endpoints knows whether or not the call came from an authenticated client and then either injects its User object into the API method or not based on that.
Could that information be in the header or body somehow? If so, how can I get it out to later check if it is there or not in my API method?
Note: I read the other posts on this topic. They offer ways to pass in your own authentication token - which is fine - but your .apk will still not be secure if someone decompiles it. I think if my hypothesis works, you will be able to lock-down your Cloud Endpoints API to a client without any logins.
Custom Authentication for Google Cloud Endpoints (instead of OAuth2)
Authenticate my "app" to Google Cloud Endpoints not a "user"
Google Cloud Endpoints without Google Accounts
EDIT:
We used Gold Support for the Google Cloud Platform and have been talking back and forth with their support team for weeks. This is their final answer for us:
"Unfortunately, I haven't had any luck on this. I've asked around my
team, and checked all of the documentation. It looks like using OAuth2
is your only option. The reason is because the endpoint servers handle
the authentication before it reaches your app. This means you wouldn't
be able to develop your own authentication flow, and would get results
much like what you were seeing with the tokens.
I would be happy to submit a feature request for you. If you could
provide a little more information about why the OAuth2 flow doesn't
work for your customers, I can put the rest of the information
together and submit it to the product manager."
(frowny face) - however, maybe it is still possible?
I have implemented Endpoint Auth using a custom header "Authorization" and it works just fine. In my case this token is set after login but should work all the same with your app. Check your tests because the value should be there.
The way to retrieve that header is indeed:
String Auth = req.getHeader("Authorization");
You could take it a step further and define your own implementations of an Authenticator and apply it to your secure API calls.
So you don't have any user specific info, but just want to ensure that only your app is able to communicate with your backend...
This is what i think,
change
#Api(name = "myApi", version = "v1",
namespace = #ApiNamespace(ownerDomain = "${endpointOwnerDomain}",
ownerName = "${endpointOwnerDomain}",
packagePath="${endpointPackagePath}"),
scopes = {Constants.EMAIL_SCOPE},
clientIds = {Constants.WEB_CLIENT_ID, Constants.ANDROID_CLIENT_ID,
Constants.IOS_CLIENT_ID,
Constants.API_EXPLORER_CLIENT_ID},
audiences = {Constants.ANDROID_AUDIENCE})
{
...
}
to
#Api(name = "myApi", version = "v1",
namespace = #ApiNamespace(ownerDomain = "${endpointOwnerDomain}",
ownerName = "${endpointOwnerDomain}",
packagePath="${endpointPackagePath}"),
scopes = {Constants.EMAIL_SCOPE},
clientIds = {Constants.ANDROID_CLIENT_ID},
audiences = {Constants.ANDROID_AUDIENCE})
{
...
}
The Client ID is generated from the signature of your app. It can't be replicated. If you only allow your endpoints to accept requests from the Android App, your problem would be solved.
Tell me if this works.
Faced the same problem to find a solution to call my API safely from my endpoints, without using Google Account. We can't decompile an IOS App (Bundle), but decompile an Android App is so simple..
The solution I found is not perfect but do the job pretty good:
On android APP, I just create an constant String variable, named APIKey, with simply content (For example "helloworld145698")
Then I encrypt it with sha1, next md5, and finally sha1 (Order and frequency of encryption up to you) and store the variable on SharedPref (For Android) in private mode (Do this action on an random class in your App) It's this result encrypted I authorize on my Backend !
On my backend, I just add a parameter (named token for exemple) on every request
Example:
#ApiMethod(name = "sayHi")
public void sayHi(#Named("name") String name, #Named("Token") String token) {
if (token == tokenStoreOnAPIServer) {
//Allow it
} else {
//Refuse it and print error
}
}
On android, active ProGuard for obfuscated your code. It will be really unreadable for anyone who tried to decompile your app (Reverse engineering is really hardcore)
Not THE perfect secure solution, but it works, and it will be really really (really) difficult to find the real API key for anyone who try to read your code after decompilation.
Authentication and app engine, there is a lot to be read about it, but a lot seems to be outdated!
Even the google pages https://developers.google.com/appengine/docs/java/endpoints/consume_android#making-authenticated-calls
Here, they talk about 'GoogleAccountCredential.usingAudience', but nowadays, you should use GoogleAuthUtil (as far as I know, please correct me if I'm wrong).
I am trying to set up an app engine as a backend to my Android app (and in future, my iOS app).
I am using Android Studio, used the 'new module' and chose app engine with cloud messaging there.
I created a simple endpoint, and have a function there, here is some code:
public class ReviewEndpoint {
// Make sure to add this endpoint to your web.xml file if this is a web application.
private static final Logger LOG = Logger.getLogger(ReviewEndpoint.class.getName());
/**
* This method gets the <code>Review</code> object associated with the specified <code>id</code>.
* #param id The id of the object to be returned.
* #return The <code>Review</code> associated with <code>id</code>.
*/
#ApiMethod(name = "getReview")
public Review getReview(#Named("id") Long id) {
// Implement this function
Review r = new Review();
r.setData("test!");
As you can see, this is nicely generated by Android Studio. I implemented some stuf like creating the 'review' object and return it at the end.
On the Android side, I can do this:
ReviewEndpoint.Builder b = new ReviewEndpoint.Builder(AndroidHttp.newCompatibleTransport(), new AndroidJsonFactory(), null);
ReviewEndpoint ep = b.build();
Review review = ep.getReview(1L).execute();
data = review.getData();
and yes, I get 'test!' :)
Now, I want to have this authenticated. I want to know which user wrote what, so I thought I am going to use GMail account and Facebook later.
Here I'm stuck. I am able to get a token from the user on Android:
token = GoogleAuthUtil.getToken(MainScreenActivity.this, mAccount.name, "oauth2:https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile");
then you are able to add this token as credential to the request:
Credential cr = new Credential(BearerToken.authorizationHeaderAccessMethod()).setAccessToken(token);
ReviewEndpoint.Builder b = new ReviewEndpoint.Builder(AndroidHttp.newCompatibleTransport(), new AndroidJsonFactory(), cr);
Then in the app engine I tried to get the user info, but how?
Will it be supplied as 'bearer'? How do I get this bearer token? Should I then do API request to get the data on the server?
this does not work:
OAuthService service = OAuthServiceFactory.getOAuthService();
try {
User user = service.getCurrentUser();
can anyone give me a heads up?
So finally, today, I found out how to do it! I had questions on Stackoverflow on this before and never had an answer, but these to sites gave me the answer:
https://developers.google.com/appengine/docs/java/endpoints/auth
https://developers.google.com/appengine/docs/java/endpoints/consume_android
The first shows what needs to be done on the app engine side. The second page will tell you how to get the credentials. I was quite close. I am not sure if the adjusting of the build.gradle file mentioned in the second link is necessary. What I added to the App Engine:
#Api(name = "reviewEndpoint", version = "v1", ...<<some more stuff here >>
scopes = {Constants.EMAIL_SCOPE},
clientIds = {Constants.WEB_CLIENT_ID, Constants.ANDROID_CLIENT_ID},
audiences = {Constants.ANDROID_AUDIENCE})
and then get the credentials:
// Initialize the scope using the client ID you got from the Console.
final String scope = "server:client_id:" + Constants.WEB_CLIENT_ID;
credential = GoogleAccountCredential.usingAudience(activity,scope);
You have to add the e-mail address of the user:
credential.setSelectedAccountName("some-mail-address#gmail.com");
you can get the e-mail address using the account picker (also example shown when you follow the link)
and next. you do a call to the endpoint, using the credential, I think Play Services will validate the user, because if I use an e-mail that is not logged in on the device, it will not work. The following code will throw an GoogleAuthIOException :
ReviewEndpoint.Builder b = new ReviewEndpoint.Builder(
AndroidHttp.newCompatibleTransport(),
new AndroidJsonFactory(), id_token);
ReviewEndpoint ep = b.build();
Review review;
review = ep.getReview(1L).execute();
for testing, I've put the e-mail address I get at the server side as a string in the review object, and there it gave me the e-mail address instead of the user object being null. Ow! I forgot to tell you, you need a user argument on the app engine side. Even though you do not see the 'user' argument in the 'getReview' call above, it will be added by App Engine.
So this is how my getReview looks now:
#ApiMethod(name = "getReview")
public Review getReview(#Named("id") Long id, User user) {
// Implement this function
Review r = new Review();
r.setData("user == " + (user == null ? "NULL " : user.toString()));
Hope this will help someone
By reading asmack source, when create a chat room and invite user to join, the message add a extendsion MUCUser.Invite .
public void invite(Message message, String user, String reason) {
// TODO listen for 404 error code when inviter supplies a non-existent JID
message.setTo(room);
// Create the MUCUser packet that will include the invitation
MUCUser mucUser = new MUCUser();
MUCUser.Invite invite = new MUCUser.Invite();
invite.setTo(user);
invite.setReason(reason);
mucUser.setInvite(invite);
// Add the MUCUser packet that includes the invitation to the message
message.addExtension(mucUser);
connection.sendPacket(message);
}
I use message.getExtension( "x","http://jabber.org/protocol/muc#user"), but it return DefaultPacketExtension, not MUCUser.Invite. So I doubt how i can get inviter name.
Any help will be appreciative!
Using message.getBody(), it can get invite reason and content which contains inviter name. With subString(), I get the inviter name.
But I don't think it is a good solution, my doubt in the question is not solved。
I am developing an android application..in that application there is a registration module.for that i have to implement email verification functionality.
by using the following code I am able to send email for particular email..
public void onClick(View v) {
// TODO Auto-generated method stub
try {
GMailSender sender = new GMailSender("username#gmail.com", "*******");
sender.sendMail("This is Subject",
"This is Body",
"rose.jasmine87#gmail.com",
"naresh_bammidi#yahoo.co.in"
);
} catch (Exception e) {
Log.e("SendMail", e.getMessage(), e);
}
}
but how to know the status, whether it has been sent or not?
I'm assuming that you're using GMailSender as defined in this post.
Internally GMailSender calls Transport.send(message) which will throw an exception if the send to the GMail server is unsuccessful, but this is being caught and suppressed, so your calling code has no way of knowing whether sending was successful. Firstly you'll need to change the GMailSender code to do something a bit more meaningful in the case of a send error.
What you must remember is that email is not delivered directly to the final recipient by your app or even the GMail server. Just because you managed to send correctly to the GMail server, does not mean that it will actually reach its intended recipient, as it could fail at any mail relay on its route. To properly detect and report on whether mail actually reaches its destination you'll need something a little more sophisticated than this.
RFC 1891 is an extension to the SMTP protocol which supports delivery status notifications, but you may need to re-architect your app to be able to use this. Essentially it works by setting flags in your outgoing message to instruct mail relays to inform you of the message status. In order for you to receive this notification, you must essentially have your own mail server which is capable of receiving emails. You will receive an email containing, for example, a delivery report once a mail relay has successfully delivered it to the recipient's mailbox.
So, to properly implement this, you'll need a mail account for your app which will receive delivery status notifications. You'll need to create an SMTPMessage object, and add a header including a "Return-Receipt-To" header, whose value is set to this mail account. You'll also need to setNotifyOptions() on your message, and then send it to the GMail server. Your app will need to check its account periodically for delivery notifications.
This is a purely email-centric approach. Without knowing your precise requirements, there are alternate mechanisms that you can use. For example, if your requirement is purely to verify that an email address exists, then you can send an email which contains a URI to a server that you control. The URI contains parameters which uniquely identify both the user, and the installation of your app. The user must click on the link, and your server component verifies the mail account. It can then use something like C2DM to inform your app that the mail account is real and valid.
Sorry if this answer is a little long, and does not offer you a simple solution, but if you want to be able to properly determine whether mail is reaching its recipient, then there is no simple answer, I'm afraid.
check below method, which will validate email from client side, simply pass mail string it will return a boolean, whether entered email is correct or not.
public boolean isEmail(String email)
{
boolean matchFound1;
boolean returnResult=true;
email=email.trim();
if(email.equalsIgnoreCase(""))
returnResult=false;
else if(!Character.isLetter(email.charAt(0)))
returnResult=false;
else
{
Pattern p1 = Pattern.compile("^\\.|^\\# |^_");
Matcher m1 = p1.matcher(email.toString());
matchFound1=m1.matches();
Pattern p = Pattern.compile("^[a-zA-z0-9._-]+[#]{1}+[a-zA-Z0-9]+[.]{1}+[a-zA-Z]{2,4}$");
// Match the given string with the pattern
Matcher m = p.matcher(email.toString());
// check whether match is found
boolean matchFound = m.matches();
StringTokenizer st = new StringTokenizer(email, ".");
String lastToken = null;
while (st.hasMoreTokens())
{
lastToken = st.nextToken();
}
if (matchFound && lastToken.length() >= 2
&& email.length() - 1 != lastToken.length() && matchFound1==false)
{
returnResult= true;
}
else returnResult= false;
}
return returnResult;
}