Reputation: 9888
Login into Google services without user interaction
I'm trying to create a application service to be ran in a cloud server (AppHarbor) I do not directly handle, as a C# Console Application. Basically, it is a Telegram Bot that needs to access Gmail and Google Calendar. When running it locally, it propts the user via browser to give access to the account the first time.
Unfortunately, in the server I cannot give that access, so I need a way to login (authentication) directly, without need for authorization.
I've seen the option to use a Service Account, but sadly it requires GSuite to configure the user permissions and that needs payment I need to avoid.
using (var stream = new FileStream("credentials.json", FileMode.Open, FileAccess.Read))
{
// The file token.json stores the user's access and refresh tokens, and is created
// automatically when the authorization flow completes for the first time.
string credPath = "token.json";
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
Scopes,
"user",
System.Threading.CancellationToken.None,
new FileDataStore(credPath, true)).Result;
}
I have generated my json file with all the settings and secrets needed, but it still requires user interaction.
Is there any way to do so without user prompt?
Upvotes: 2
Views: 2414
Answers (1)
Reputation: 117254
USER
The term user denotes the owner of the data or the account you wish to access. In order to access data owned by a user account. You must have permission of the user in question.
Service Account
Service accounts are only indented for user when you the developer have access to the accounts in question. You are correct that you can only use them with gmail if the emails are controlled though a gsuite other wise there is no way to preauthorize them. service accounts
Oauth2 refresh token
I have done something like this in the past. What you are going to need is two applications. One which your users can run to authenticate your application and send the credentials to your server and the second is the console application you have now. Oauth
User Application
The user application should either be a web application or an installed application that the users can run. They run this application grant your application access (remember to add the offline scope) You will get a refresh token back. Take this refresh token and send it to the server that is running your console application.
Console application
your console application should then use these refresh tokens to request a new access token and gain access to the users data when ever it needs to.
To load this refresh token you will need to create your own implementation of IDataStore. The code you are using now usees FileDataStore which stores the crednetials in %appdata% you will need to over ride that so that it can read from where ever it is you had the user application store the data. I have a few examples here datastore.cs gist
Application verification
remember that you will need to have your application verified by google before you can release it GMAIL is one of the harder scopes to have approved you may want to start that process early.
Upvotes: 3
Related Questions
- How to login to Google API with Service Account in C# - Invalid Credentials
- Server-side google authorization
- Google Sign-In for server-side apps using .net
- Google authentication in Desktop application
- How can I authorize a user without using the browser?
- C# Google API Authentication
- .NET OAuth Google API
- Google OAuth 2.0 Authentication in a C# Installed Application
- Authenticating a user without querying a particular Google service
- OAUTH2 - Login to Google Account - No Services needed