We Keep Coding

c# How do we give access to users from a dynamically generated google sheet?

I' am creating dynamically some google sheet given an array of data on one of my endpoints.
it creates successfully, but when I open the generated url, I get the following:
The documentation is not very clear, but I wish to add permissions to a given domain (or set of people) every time I generate a new sheet.
code:
private static readonly string[] Scopes = { SheetsService.Scope.Drive, SheetsService.Scope.Spreadsheets };
public string Create(string templateName, List<IList<object>> values, int numberOfRows)
{
var sheetId = 0;
var spreadSheetId = string.Empty;
var initializer = new ServiceAccountCredential.Initializer(SheetsOptionsConstants.ServiceAccountEmail)
{
Scopes = Scopes
}.FromPrivateKey(SheetsOptionsConstants.PrivateKey);
var credential = new ServiceAccountCredential(initializer);
// Create Google Sheets API service.
var service = new SheetsService(new BaseClientService.Initializer
{
HttpClientInitializer = credential,
ApplicationName = applicationName
});
// Create a new sheet
var sheetTitle = $"[{templateName}] {_clock.Now:yyyy-MM-dd HH-mm}";
try
{
var sheet = new BatchUpdateSpreadsheetRequest
{
Requests = new List<Request>
{
new Request
{
AddSheet = new AddSheetRequest
{
Properties= new SheetProperties
{
Title = sheetTitle
}
}
}
}
};
var createRequest = new Spreadsheet
{
Properties = new SpreadsheetProperties
{
Title = sheetTitle
}
};
var spreadSheetCreate = service.Spreadsheets.Create(createRequest).Execute();
spreadSheetId = spreadSheetCreate.SpreadsheetId;
var request = service.Spreadsheets.BatchUpdate(sheet, spreadSheetId);
var result = request.Execute();
sheetId = result.Replies.First().AddSheet.Properties.SheetId.GetValueOrDefault(0);
// Add data in sheet
var range = $"'{sheetTitle}'!A1:X{numberOfRows + 1}";
var valueRange = new ValueRange
{
Range = range,
Values = values
};
var valuesRequest = service.Spreadsheets.Values.Update(valueRange, spreadSheetId, range);
valuesRequest.ValueInputOption = SpreadsheetsResource.ValuesResource.UpdateRequest.ValueInputOptionEnum.USERENTERED;
valuesRequest.Execute();
_logger.LogInformation("Create sheet with name {sheetTitle} and {count} lines", sheetTitle, numberOfRows);
}
catch (Exception exception)
{
_logger.LogError(exception, "Error to create sheet with name {sheetTitle}", sheetTitle);
}
return string.Format(TemplateUrl, spreadSheetId, sheetId);
}
Thanks in advance

You need to use the Drive API to create the permissions for the Sheet. To do so, initialize the Drive Service and create a permissions object. Then, apply it to the Sheet Id using the method create().
You should include the following to your code:
using Google.Apis.Drive.v3;
using Google.Apis.Drive.v3.Data; //This might be not necessary if you already use Drive.v3
The required scopes:
https://www.googleapis.com/auth/drive.file
Create the permissions object:
//(example to give writing permissions to a domain)
Permission perms = new Permission();
perms.Role = "writer";
perms.Type = "domain";
perms.Domain = "your_domain";
And then the request:
// Create Drive API service.
var service = new DriveService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName,
});
service.Permissions.Create(perms, sheetId).Execute();
References:
.NET Quickstart
Manage sharing
Permissions from the Drive Api

Azure AD On-Behalf-Of flow for power bi management

I successfully set up "Azure AD On-Behalf-Of flow", my web api secured actions call and ms graph api calls work as well.
No I added more grants which are related to power bi. I want to read/write workspaces/reports etc from the web api
I tried that:
string[] scopes = { "Capacity.Read.All", "Capacity.ReadWrite.All",
"Content.Create", " Dashboard.Read.All", " Dashboard.ReadWrite.All",
"Data.Alter_Any", "Dataset.Read.All", "Dataset.ReadWrite.All", "Group.Read", "Group.Read.All",
"Metadata.View_Any", "Report.Read.All", "Report.ReadWrite.All", "Tenant.Read.All",
"Workspace.Read.All", "Workspace.ReadWrite.All"};
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes); // error
var tokenCredentials = new TokenCredentials(accessToken, "Bearer");
using (var client = new PowerBIClient(new Uri(_powerBiConfig.ApiUrl), tokenCredentials))
{
...
}
but GetAccessTokenOnBehalfOfUser returns
AADSTS70011: The provided request must include a 'scope' input
parameter. The provided value for the input parameter 'scope' is not
valid.

Got it myself.
The code below demonstrates how to retrieve all power bi workspaces
public async Task<string> Groups()
{
string[] scopes = { "https://analysis.windows.net/powerbi/api/Dataset.Read.All"};
try
{
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
var tokenCredentials = new TokenCredentials(accessToken, "Bearer");
using (var client = new PowerBIClient(new Uri(_powerBiConfig.ApiUrl), tokenCredentials))
{
return JsonConvert.SerializeObject(client.Groups.GetGroups().Value, Formatting.Indented);
}
}
catch (Exception exc)
{
return string.Empty;
}
}

How to authorize console application c# for Google Contacts API

I have an issue with the authorization in Google Contacts.
Until June my console C# application worked.
I have made steps to get contacts https://developers.google.com/google-apps/contacts/v3/?hl=en.
I cannot get the contacts; I have only access to serviceAccountEmail (xxxxxxxxxxxxxxxxxxx#developer.gserviceaccount.com).
I have 2 contacts stored there and I have access only to them.
I want to have access to my 7000 Gmail contacts.
Is there any tutorial for this in C#?
I found ones for analytics and for calendar but not for contacts.
Below is my code:
const string serviceAccountEmail = "xxxxxxxxxxxxxxxxxxx#developer.gserviceaccount.com";
var certificate = new X509Certificate2("grdom-all-xxxxxxxxxxxx.p12", "notasecret",
X509KeyStorageFlags.Exportable);
ServiceAccountCredential.Initializer serviceAccountCredentialInitializer =
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { "https://www.google.com/m8/feeds/" },
}.FromCertificate(certificate);
var credential = new ServiceAccountCredential(serviceAccountCredentialInitializer);
if (!credential.RequestAccessTokenAsync(CancellationToken.None).Result)
throw new InvalidOperationException("Access token request failed.");
var oauthParameters = new OAuth2Parameters()
{
AccessToken = credential.Token.AccessToken,
AccessType = "offline",
ApprovalPrompt = "force",
};
var settings = new RequestSettings("grdom-all", oauthParameters)
{
AutoPaging = true,
UseSSL = true,
};
ContactsRequest cr = new ContactsRequest(settings);
var query = new ContactsQuery(ContactsQuery.CreateContactsUri("default"));
Feed<Contact> f = cr.GetContacts();
foreach (Contact entry in f.Entries)
{
//do something
};

How to use Google Contacts API via Oauth2 authentication

I have this below code to get calendar entries using the google Calendar API (https://developers.google.com/google-apps/calendar/) which uses OAuth2.
It works well.
private IList<string> scopes = new List<string>();
private CalendarService calendarService;
private void InitializeCalendarService()
{
// Add the calendar specific scope to the scopes list
scopes.Add(CalendarService.Scopes.Calendar.GetStringValue());
// Display the header and initialize the sample
CommandLine.EnableExceptionHandling();
CommandLine.DisplayGoogleSampleHeader("Google.Api.Calendar.v3 Sample");
// Create the authenticator
//FullClientCredentials credentials = PromptingClientCredentials.EnsureFullClientCredentials();
var provider = new NativeApplicationClient(GoogleAuthenticationServer.Description);
FullClientCredentials credentials = new FullClientCredentials();
credentials.ClientId = "XYZ.apps.googleusercontent.com";
credentials.ClientSecret = "XYZ";
credentials.ApiKey = "XYZ";
provider.ClientIdentifier = credentials.ClientId;
provider.ClientSecret = credentials.ClientSecret;
OAuth2Authenticator<NativeApplicationClient> auth = new OAuth2Authenticator<NativeApplicationClient>(provider, GetAuthorization);
// Create the calendar service using an initializer instance
BaseClientService.Initializer initializer = new BaseClientService.Initializer();
initializer.Authenticator = auth;
calendarService = new CalendarService(initializer);
CalendarList list = calendarService.CalendarList.List().Execute();
// do something with the list .. the list is all good
}
public IAuthorizationState GetAuthorization(NativeApplicationClient client)
{
// You should use a more secure way of storing the key here as
// .NET applications can be disassembled using a reflection tool.
const string STORAGE = "google.samples.dotnet.calendar";
const string KEY = "s0mekey";
// Check if there is a cached refresh token available.
IAuthorizationState state = AuthorizationMgr.GetCachedRefreshToken(STORAGE, KEY);
if ((state != null))
{
try
{
client.RefreshToken(state);
return state;
// we are done
}
catch (DotNetOpenAuth.Messaging.ProtocolException ex)
{
CommandLine.WriteError("Using an existing refresh token failed: " + ex.Message);
CommandLine.WriteLine();
}
}
// Retrieve the authorization from the user
string[] array = new string[scopes.Count];
scopes.CopyTo(array,0);
state = AuthorizationMgr.RequestNativeAuthorization(client, array);
AuthorizationMgr.SetCachedRefreshToken(STORAGE, KEY, state);
return state;
}
How can I use the similar OAuth2Authenticator to fetch Contacts?
I am able to fetch contacts using the below code, but its not password-less, I need to get it working using Oath2. The example below uses Gdata contacts api v2. I can see that i can pass through OAuth2Authenticator but im not exactly sure how to do it correctly (i cant see any valid examples in C# on the google site) and fetch the access code based on what the user is selecting.
I cant see how to use OAuth2Authenticator with the contacts api v3 (https://developers.google.com/google-apps/contacts/v3/)
RequestSettings rsLoginInfo = new RequestSettings("", email,pwd);
rsLoginInfo.AutoPaging = true;
ContactsRequest cRequest = new ContactsRequest(rsLoginInfo);
// fetch contacts list
Feed<Contact> feedContacts = cRequest.GetContacts();
foreach (Contact gmailAddresses in feedContacts.Entries)
{
// Looping to read email addresses
foreach (EMail emailId in gmailAddresses.Emails)
{
lstContacts.Add(emailId.Address);
}
}

I ended up doing this by fetching the access code by having a browser control read the Document title value when the user selects the google account and grants access.
eg:
To Generate URL
RedirectURI = "urn:ietf:wg:oauth:2.0:oob"
OAuth2Parameters parameters = new OAuth2Parameters()
{
ClientId = clientId,
ClientSecret = clientSecret,
RedirectUri = redirectUri,
Scope = requiredScope
};
// Request authorization from the user (by opening a browser window):
string url = OAuthUtil.CreateOAuth2AuthorizationUrl(parameters);
var loginUri = new Uri(url);
// This form has browser control
GoogleLoginForm form = new GoogleLoginForm(loginUri, redirectUri);
var dr = form.ShowDialog();
if (dr == System.Windows.Forms.DialogResult.OK)
{
parameters.AccessCode = form.OAuthVerifierToken;
}
Then In GoogleLoginForm :
We have a browser control and registered browserControl_Navigated event and the do the below. The DocumentTitle contains the AccessCode which is used to generate the token.
private void GoogleLoginForm_Load(object sender, EventArgs e)
{
wbGoogleLogin.Url = _loginUri;
}
private void wbGoogleLogin_Navigated(object sender, WebBrowserNavigatedEventArgs e)
{
string fullPath = e.Url.ToString();
WebBrowser control = sender as WebBrowser;
if (control != null && !string.IsNullOrEmpty(control.DocumentTitle) && control.DocumentTitle.Contains("Success code"))
{
_OAuthVerifierToken = control.DocumentTitle.Replace("Success code=","");
DialogResult = DialogResult.OK;
}
}
This way it can be done in the same piece of code, without having to write a complicated callback service of some sort to read the access token back into our system.
Not exactly sure why the calendar api has this built in, and the contacts API doesn't.

Firstly, the quick answer to your question. I believe that the IAuthorizationState has similar properties to OAuth2Parameters. Thus, you should be able to do this (combining it with the code you have for the calender):
OAuth2Authenticator<NativeApplicationClient> auth = new OAuth2Authenticator<NativeApplicationClient>(provider, GetAuthorization);
//This will call your GetAuthorization method
auth.LoadAccessToken()
RequestSettings settings = new RequestSettings("appName", auth.State.AccessToken);
ContactsRequest cRequest = new ContactsRequest(settings);
// fetch contacts list
Feed<Contact> feedContacts = cRequest.GetContacts();
foreach (Contact gmailAddresses in feedContacts.Entries)
{
// Looping to read email addresses
foreach (EMail emailId in gmailAddresses.Emails)
{
lstContacts.Add(emailId.Address);
}
}
This should work as the RequestSettings allows you to specify an access token. That being said, I myself prefer to use :
var parameters = new OAuth2Parameters()
{
//Client
ClientId = CLIENT_ID,
ClientSecret = CLIENT_SECRET,
RedirectUri = redirectUri,
Scope = "https://www.google.com/m8/feeds",
ResponseType = "code"
};
//User clicks this auth url and will then be sent to your redirect url with a code parameter
var authorizationUrl = OAuthUtil.CreateOAuth2AuthorizationUrl(parameters);
.
.
.
//using the code parameter
parameters.AccessCode = code;
OAuthUtil.GetAccessToken(parameters);
var settings = new RequestSettings(applicationName, parameters);
var cr = new ContactsRequest(settings);
//Now you can use contacts as you would have before
Although, Ive only tested this with Web Server Apps, so maybe the authenticator is needed for your situation? I found these source codes handy:
OAuth2Demo
IAuthorizationState
OAuth2Authenticator

Can't list users with Google Directory API Admin SDK

I'm trying to use the AdminService to manage my domain's users and groups, but I'm stuck with a simple request to get all the users of my domain. There is the code in C#:
public Users GetAllUsers()
{
var provider = new AssertionFlowClient(
GoogleAuthenticationServer.Description,
new X509Certificate2(privateKeyPath, keyPassword, X509KeyStorageFlags.Exportable))
{
ServiceAccountId = serviceAccountEmail,
Scope = AdminService.Scopes.AdminDirectoryUser.GetStringValue()
};
var auth = new OAuth2Authenticator<AssertionFlowClient>(provider, AssertionFlowClient.GetState);
m_serviceGroup = new AdminService(new BaseClientService.Initializer()
{
Authenticator = auth,
});
var request = m_serviceUser.Users.List();
request.Domain = m_domainName;
return request.Fetch();
}
I'm getting an exception when Fetch() that says:
Code: 403
Message: Not Authorized to access this resource/api
Error: {Message[Not Authorized to access this resource/api] Location[ - ] Reason[forbidden] Domain[global]}
I've followed the instructions here to have enabled API access, and also authorized my service account in domain control panel:
[Security]->[Advanced Setting]->[Authentication]->[Manage third party OAuth Client access]
with scopes:
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.user
Admin SDK Service is also enabled in API control panel.
I tried the code to use the DriveService and successfully listed/created/deleted files without any problem, so the authentication part of the code should be alright. I couldn't figure out what else needs to be configured or if there is any other problems with my code.
Thanks for any help.

As described on the page:
Manage API client access
Developers can register their web applications and other API clients with Google to enable access to
data in Google services like Calendar. You can authorize these
registered clients to access your user data without your users having to individually give consent or their passwords. Learn more
The service account needs to act on behave of a user, so when initializing the client the ServiceAccountUser needs to be assigned.
var provider = new AssertionFlowClient(
GoogleAuthenticationServer.Description,
new X509Certificate2(privateKeyPath, keyPassword, X509KeyStorageFlags.Exportable))
{
ServiceAccountId = serviceAccountEmail,
Scope = AdminService.Scopes.AdminDirectoryUser.GetStringValue(),
ServiceAccountUser = domainManangerEmail
};
Edit: AssertionFlowClient is deprecated, the following should work:
var cert = new X509Certificate2(privateKeyPath, keyPassword, X509KeyStorageFlags.Exportable);
var serverCredential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new []{DirectoryService.Scope.AdminDirectoryUser},
User = domainManagerAccountEmail
}.FromCertificate(cert));
var dirService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = serverCredential
});

This code works for me
static void GettingUsers()
{
String serviceAccountEmail = "xxxxxxx#developer.gserviceaccount.com";
var certificate = new X509Certificate2(#"xxxxx.p12", "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser},
User = "your USER",
}.FromCertificate(certificate));
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "name of your app",
});
var listReq = service.Users.List();
listReq.Domain = "your domain";
Users allUsers = listReq.Execute();
int counter = 0;
foreach(User myUser in allUsers.UsersValue){
Console.WriteLine("*" + myUser.PrimaryEmail);
counter++;
}
Console.WriteLine(counter);
Console.ReadKey();
For more information, Please take a look in Directory API: Users list.
There are Limits and Quotas.

We will need to give the service ID that we are using the super admin or the right privileges to get pass this error.
Hope this helps.
-Venu Murthy

Work for me.
using Google.Apis.Auth.OAuth2;
using Google.Apis.Admin.Directory.directory_v1;
using Google.Apis.Admin.Directory.directory_v1.Data;
using Google.Apis.Services;
using Google.Apis.Util.Store;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace ConsoleApplication1
{
class Program
{
static string[] Scopes = { DirectoryService.Scope.AdminDirectoryUserReadonly};
static string ApplicationName = "API G Suite implementation guid by amit";
static void Main(string[] args)
{
UserCredential credential;
using (var stream =
new FileStream("client_secret.json", FileMode.Open, FileAccess.Read))
{
string credPath = System.Environment.GetFolderPath(
System.Environment.SpecialFolder.Personal);
credPath = Path.Combine(credPath, ".credentials1/admin-directory_v1-dotnet-quickstart.json");
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
Scopes,
"user",
CancellationToken.None,
new FileDataStore(credPath, true)).Result;
Console.WriteLine("Credential file saved to: " + credPath);
}
// Create Directory API service.
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName,
});
////// Define parameters of request.
UsersResource.ListRequest request = service.Users.List();
request.Customer = "my_customer";
request.MaxResults = 10;
request.OrderBy = UsersResource.ListRequest.OrderByEnum.Email;
////// List users.
IList<User> users = request.Execute().UsersValue;
Console.WriteLine("Users:");
if (users != null && users.Count > 0)
{
foreach (var userItem in users)
{
Console.WriteLine("{0} ({1})", userItem.PrimaryEmail,
userItem.Name.FullName);
}
}
else
{
Console.WriteLine("No users found.");
}
Console.Read();
}
}
}