Reputation: 53
.net google calendar api : anybody can create/update/delete events
In my application, i am using google calendar api. i have created client id and client secret for my account as well as for few users. when i run the application, if i am not logged in to the browser it ask me login to my gmail account. once i log in to my gmail account, i can successfully get/create/update/delete events on my calendar.
currently i am loggedin with my calendar id to gmail account, i am able to get the events for different calendar id but the is i am not able to create/update/delete events by another user calendar id.
my requirement is, i am logged in to my gmail id lets say [email protected] and i am able to fetch events for calendar id [email protected] but not able to create/update/delete events for calendar id [email protected]
i did lot of research on internet but did not find anything. as per my knowledge we need to pass authorization + access token to the request. i tried this also but did not work.
Please suggest what should i do to achieve this requirement.
calID = Convert.ToString(Session["CalenderId"]);
userSecret = Convert.ToString(Session["UserSecret"]);
if (!string.IsNullOrEmpty(calID) && !string.IsNullOrEmpty(userSecret))
{
using (var stream =
new FileStream(userSecret, FileMode.Open, FileAccess.Read))
{
string credPath = System.Environment.GetFolderPath(
System.Environment.SpecialFolder.Personal);
credPath = Path.Combine(credPath, ".credentials/calendar-dotnet-quickstart.json/" + calID);
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
Scopes,
"user",
CancellationToken.None,
new FileDataStore(credPath, true)).Result;
// Response.Write("Credential file saved to: " + credPath);
}
// Create Google Calendar API service.
var service = new CalendarService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName,
});
Hope you have understood my requirement. waiting for earliest response. Thank you.
Upvotes: 2
Views: 1218
Answers (1)
Reputation: 116958
You need to remember that authentication is on a per user basses. when you run GoogleWebAuthorizationBroker.AuthorizeAsync and save "user" loging in with [email protected] you can access [email protected]'s calendar.
When you login again using GoogleWebAuthorizationBroker.AuthorizeAsync and save "User2" using [email protected] you have access to [email protected]'s calendar.
What you should do is have [email protected] share their calendar with [email protected] then they will have access to update it.
Untested sample code:
AclRule body;
body.Role = "writer";
body.Scope.Type = "user";
body.Scope.Value = "[email protected]";
service.Acl.Insert(body, calendarId).Execute();
Upvotes: 1
Related Questions
- Google Calendar PHP API
- Outlook calendar events sync like Google Calendar
- Google Calendar API 403 errors for 2022 dates
- Google Calendar API with PHP and a Service Account won't work anymore
- Google Calendar API gives 403 error during OAuth even though it seems to grant access
- Insert New Calendar Before Inserting Events Google API and Delete Calendar Events (in Python)
- Google Calendar API doesn't work with a calendars from Google Apps for Work
- Google .Net Service Account access to Calendar
- Google Calendar API always Paginates Event List