Posting in Blogger using v3 API in C#
1,249 views
Skip to first unread message
Matías Kusack
Nov 5, 2016, 4:57:23 AM11/5/16
to Google APIs Explorer Users Forum
Hi, I'm trying to post in Blogger using the C# API.
I've tried to use impersonateEmail with my google account but it is also giving me an error. I'm using the private key obtained using the service account key created in console. If I use the API Explorer I'm able to create the post.
Here's my code:
public void Publish(string title, string content, string tags) { string serviceAccountEmail = "serviceac...@appspot.gserviceaccount.com"; string impersonateEmail = "som...@gmail.com"; string privateKey = "-----BEGIN PRIVATE KEY-----REMOVED_FOR_FORUM-----END PRIVATE KEY-----\n";
var credentials = new Google.Apis.Auth.OAuth2.ServiceAccountCredential( new Google.Apis.Auth.OAuth2.ServiceAccountCredential.Initializer(serviceAccountEmail) { Scopes = new string[] { //Google.Apis.Blogger.v3.BloggerService.Scope.BloggerReadonly, Google.Apis.Blogger.v3.BloggerService.Scope.Blogger }, //User = impersonateEmail }.FromPrivateKey(privateKey) );
var srv = new Google.Apis.Blogger.v3.BloggerService(new Google.Apis.Services.BaseClientService.Initializer() { HttpClientInitializer = credentials, ApplicationName = "Blogger" }); var cander = srv.Posts.List(_blogId); var exec = cander.Execute(); var insertRequest = srv.Posts.Insert(new Google.Apis.Blogger.v3.Data.Post() { Kind = "blogger#post", Blog = new Google.Apis.Blogger.v3.Data.Post.BlogData() { Id = _blogId }, Title = title, Content = content }, _blogId); var post = insertRequest.Execute(); // THIS IS FAILING var publishRequest = srv.Posts.Publish(_blogId, post.Id); var publish = publishRequest.Execute(); if (publish.Status != "Published") throw new Exception("Probando"); }The error I'm getting is:
Google.Apis.Requests.RequestErrorWe're sorry, but you don't have permission to access this resource. [403]Errors [ Message[We're sorry, but you don't have permission to access this resource.] Location[ - ] Reason[forbidden] Domain[global]]Any ideas of what I am doing wrong.
Regards
John Boswell
Nov 14, 2016, 6:28:39 PM11/14/16
to Google APIs Explorer Users Forum
To clarify, is `impersonateEmail` an account in your Google Apps domain? And have you delegated permission for this application to impersonate accounts in your domain (https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority)?
On Saturday, November 5, 2016 at 1:57:23 AM UTC-7, Matías Kusack wrote:
Hi, I'm trying to post in Blogger using the C# API.Here's my code:
Matías Kusack
Nov 16, 2016, 12:54:43 PM11/16/16
to Google APIs Explorer Users Forum
Hi, thanks for answering.
No, impersonateEmail is my personal email Account, the one I've used to create the blogger Blog.
When I try to enter the Admin Console, I'm given an error because I don't have a Google Cloud Account. Is it necessary? Can't I just post with a non-professional account?
Answering your second question: no, I don't know how to do this, since in documentation it says I need to enter Admin Console? What I'm doing wrong?
Regards
El martes, 15 de noviembre de 2016, 0:28:39 (UTC+1), John Boswell escribió:
To clarify, is `impersonateEmail` an account in your Google Apps domain? And have you delegated permission for this application to impersonate accounts in your domain (https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority)?
On Saturday, November 5, 2016 at 1:57:23 AM UTC-7, Matías Kusack wrote:
Hi, I'm trying to post in Blogger using the C# API.Here's my code:
John Boswell
Nov 16, 2016, 1:57:50 PM11/16/16
to Google APIs Explorer Users Forum
A service account doesn't appear to be the right way to accomplish your goal. Service accounts act as their own "email". So if you wanted to post as serviceac...@appspot.gserviceaccount.com (if that account has permission to post on your blog), I think you could. But you can't post as your own email with this approach because that service account doesn't have permission to act on your behalf (unless you were part of a Google Apps domain, in which case your domain administrator would have had to grant permission on your behalf to that service account).
For personal accounts, you want to use Google OAuth 2.0 instead. This is how you grant your code permission to act as your account.
Matías Kusack
Nov 18, 2016, 1:12:47 PM11/18/16
to google-apis-e...@googlegroups.com
In google docs says that the service account is the way to connect server to server. I'm developing a feature so the ASP.NET WebSite can add blog posts on certain events, unattended. Other ways, like OAuth2.0 ask me for a password any time, is that wright?
This is the page I was inspired by https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#service-account
Is there any other way to do this? I just want to create a new post on a blog I've created for my WebSite.
Thanks
Matías
--
You received this message because you are subscribed to a topic in the Google Groups "Google APIs Explorer Users Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apis-explorer-users/RkD7NvkdxCk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apis-explorer-users+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
John Boswell
Nov 18, 2016, 2:11:30 PM11/18/16
to Google APIs Explorer Users Forum
"Unlike the scenario in which a client application requests access to an end-user's data, service accounts provide access to the client application's own data." (from the page you linked to).
Service accounts are the correct solution if you want to access data that the service account has permission to. But you can't act on behalf of a user this way without their permission. Even though this is your code, the Blogger API doesn't know that unless your account authenticates it (hence needing a password). See: https://developers.google.com/blogger/docs/2.0/developers_guide_dotnet#Authenticating
On Friday, November 18, 2016 at 10:12:47 AM UTC-8, Matías Kusack wrote:
In google docs says that the service account is the way to connect server to server. I'm developing a feature so the ASP.NET WebSite can add blog posts on certain events, unattended. Other ways, like OAuth2.0 ask me for a password any time, is that wright?This is the page I was inspired by https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth#service-accountIs there any other way to do this? I just want to create a new post on a blog I've created for my WebSite.Thanks
Matías
Matías Kusack
Jan 9, 2017, 2:24:12 PM1/9/17
to google-apis-e...@googlegroups.com
Hi, sorry that take me so long to answer back, I was working with other stuff.
I've been rereading everything and I'm staring to fear that I cannot achieve what I want.
The workflow I'm thinking on is:
1.- Application detects an internal event
2.- It sends a Blog
3.- End
The thing here is that it has tu be unattended, no user interaction can take place.
On the other hand, in this page https://developers.google.com/blogger/docs/3.0/using says:
"Requests to the Blogger API for non-public user data must be authorized by an authenticated user."
If I am understanding it correctly I'm not going to be able to create a new Blog post without user interaction.
What are service accounts for so?
I haven't been able to give a service account permissions to access any blog, what am I doing wrong?
Matías
Matías
To unsubscribe from this group and all its topics, send an email to google-apis-explorer-users+unsubsc...@googlegroups.com.
John Boswell
Jan 10, 2017, 2:53:28 PM1/10/17
to Google APIs Explorer Users Forum
I don't see why you couldn't do what you want. You just can't do it with service accounts with your current setup.
Here are the options I see:
1) Store your account's credentials on your server, so it can use OAuth as your account without your interaction. In other words, it would be logging in as you, but you won't need to interact with it because it can use your password for you. (Note: make sure you store your credentials securely, since if your server is compromised, so will your personal gmail account's credentials). https://developers.google.com/blogger/docs/2.0/developers_guide_dotnet#ClientLogin
2) Sign up for a Google Apps domain, then you can post as any of your Apps accounts using service accounts like you were originally attempting to do.
Option 1 is the easier and cheaper approach as long as you're comfortable with the risk.
Keep in mind that I'm not an expert with this API specifically, this is mostly a group for the APIs Explorer and APIs in general, so you might also consider asking somewhere like StackOverflow (find a tag specific to this API).
On Monday, January 9, 2017 at 11:24:12 AM UTC-8, Matías Kusack wrote:
Hi, sorry that take me so long to answer back, I was working with other stuff.I've been rereading everything and I'm staring to fear that I cannot achieve what I want.The workflow I'm thinking on is:1.- Application detects an internal event2.- It sends a Blog3.- EndThe thing here is that it has tu be unattended, no user interaction can take place.On the other hand, in this page https://developers.google.com/blogger/docs/3.0/using says:"Requests to the Blogger API for non-public user data must be authorized by an authenticated user."If I am understanding it correctly I'm not going to be able to create a new Blog post without user interaction.What are service accounts for so?I haven't been able to give a service account permissions to access any blog, what am I doing wrong?
Matías
Matías
To unsubscribe from this group and all its topics, send an email to google-apis-explorer-users+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Matías Kusack
Jan 16, 2017, 11:56:42 AM1/16/17
to google-apis-e...@googlegroups.com
Ok, thanks for answering again.
Option 1 is deprecated, I've tried it and after developing it I realized that google has discontinued it and ClientLogin fails.
Option 2 is not even an option, since customer is not willing to pay.
So, thanks for the effort, I'm gonna develop the OAuth or change Blog provider. Customer's desition.
Matías
Matías
Matías
To unsubscribe from this group and all its topics, send an email to google-apis-explorer-users+unsubsc...@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "Google APIs Explorer Users Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apis-explorer-users/RkD7NvkdxCk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apis-explorer-users+unsubsc...@googlegroups.com.
John Boswell
Jan 17, 2017, 5:01:21 PM1/17/17
to Google APIs Explorer Users Forum
For option 1, it does appear that ClientLogin is deprecated, but it's page notes a replacement: https://developers.google.com/identity/protocols/OAuth2. It should be the same idea, just different docs page.
On Monday, January 16, 2017 at 8:56:42 AM UTC-8, Matías Kusack wrote:
Ok, thanks for answering again.Option 1 is deprecated, I've tried it and after developing it I realized that google has discontinued it and ClientLogin fails.Option 2 is not even an option, since customer is not willing to pay.So, thanks for the effort, I'm gonna develop the OAuth or change Blog provider. Customer's desition.
Matías
Matías
Matías
To unsubscribe from this group and all its topics, send an email to google-apis-explorer-users+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Google APIs Explorer Users Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-apis-explorer-users/RkD7NvkdxCk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-apis-explorer-users+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages