In my meteor app, how do I make authenticated Google API calls on behalf of my user?
Background . This is my first do-it-yourself web development project and my only experience with Meteor has been building the Discover Meteor app over the past summer. I get about a year of CS experience as a side interest in school and my favorite is C and C ++. I have experience with python and java.
The project is for now . I am creating a calendar management system (for fun). Using Google Accounts, I created Google Authenticated User Accounts. I have requested the required permissions for my application, including "identity" and "read / write calendar access". I've spent the last week or so trying to get over this next hurdle, which is actually getting data from Google.
Purpose . I would like to receive a call to the Calendar.list API using a GET request. I already called meteor add http
to add the GET request functionality, my problem is with the actual implementation.
Problem . I registered my application in the developer console and configured accounts using client id and secrets, but I was unable to find / generate my "API key" to use in the request. Hereis a google guide for generating an access token using my (already) uploaded private key. I'm having a hard time getting my head over to a server side implementation with JS because I don't have much experience with what is mentioned in the HTTP / REST part of the implementation examples. I would appreciate some help on how to implement the handshake and get an access token for use in my application. If there is a call I can make, or some package that will handle the token generation for me, that would be even better than implementation help. I believe the answer to this question will also benefit this other question
The SO answer I have talked about so far is: https://stackoverflow.com/a/2179516/ ... Some of them are in Spanish, but it's pretty self-explanatory code. He has an API key to request it and I asked this question to help me. The documentation is accounts-google
not enough to explain all of this to me.
Also unrelated little question: what is the simplest way to handle "time" parameters in queries. I am assuming JS has its own built-in functionality that I am not aware of yet.
source to share
So, I started trying to implement all of this myself on the server side, but was wary of a lot of hardcoding I did and the assumptions I made to fill in the blanks. My safety prof. said "never use encryption yourself", so I decided to take another gander for a useful package. By revising my search criteria for "JWT" I found jagi meteor-google-oauth-jwt
in the atmosphere. The Readme is comprehensive and provides everything I need. By following the process used in the Google OAuth Guide , an authorization request and the key generated for the API call can be made.
Atmosphere link: https://atmospherejs.com/jagi/google-oauth-jwt
Repo link: https://github.com/jagi/meteor-google-oauth-jwt/
I'll update this answer with any additional hurdles I got into the Google API process and how I solved them:
I have been having problems lately with the result of the API request. I am getting an empty calendar list from an API call. I suspect this is because I am calling the API for my developer account, not the theme user. I research the issue and either post a new question or update this solution with the fix I find.
Fixed: did not include the 'sub' qualifier in the JWT token. Fixed by modifying the JWT package token generation code to include delegationEmail: user.services.google.email
after scope
. I don't know why he used such a long notation for the option instead of sub:
as it did in the Google API, but I appreciate his package unchanged.
I'm pretty quick on this, so if people have questions related to Google meteorological issues, let me know.
source to share
Thanks for your research. I also asked a very similar question and I am currently reviewing the package you recommend. I have reviewed this meteor-google-api package, but it seems to be abandoned.
As for your question about time manipulation, I recommend MomentJS. There are many packages; I usemeteor add mrt:moment
EDIT: MomentJS now has an official package for Meteor, so use the meteor add momentjs:moment
command mrt
above instead
Below is a snippet of what it can do. More documentation here .
var startTimeUTC = moment.utc(event.startTime, "YYYY-MM-DD HH:mm:ss").format();
//Changes above formatting to "2014-09-08T08:02:17-05:00" (ISO 8601)
//which is acceptable time format for Google API
source to share
DO NOT USE APPROPRIATE COUNTERS HOW TO PERFORM ABOVE!
The correct approach is to use standard web access + offline access request. The documentation on the api page states the following:
Typically, an application uses a service account when the application uses the Google API to work with its own data, rather than user data.
The only exception is when you are using Google Apps domain accounts and want to delegate access to your service account for the entire domain:
Authorizing a service account to access data on behalf of users in a domain is sometimes referred to as "domain delegation"
This makes sense, since the user must be allowed to "authorize" your application.
Back to the original question about posters, the flow is simple:
1) Google's Meteor accounts package already does most of the work for you to get tokens. You can enable the scope for offline access.
2) if you create your own thread you will go through the standard process and calls as described in auth
This will require you to:
1) HTTP request to make the original request, or you can disable some internal meteor calls: Package.oauth.OAuth.showPopup () - go look at the source, there are more elegant functions there.
2) Then you need to create an Iron router server side route to accept the oauth response which will contain the parameter of the code you will use to exchange tokens.
3) Then use this code to make the final call to exchange "code" for token + refresh_token
4) Store them wherever you want - my requirement was to store them not at the user level, but several per user
5) Use a package like GoogleAPI that completes Google API calls and updates as needed - it only works when tokens are stored in user accounts, so you need to split them up a bit if your tokens are stored somewhere else (for example , in my case)
source to share