Service Account w/ Google Calendar -- getting close!
3,541 views
Skip to first unread message
mitz
Aug 3, 2012, 9:16:12 PM8/3/12
to google-api...@googlegroups.com
Hey,
I feel like I'm getting close with getting this to work...I think I've gotten it to authenticate now (at least it's not throwing an exception for that). Right now, I'm getting this error message:
Fatal error: Uncaught exception 'Google_ServiceException' with message 'Error calling GET https://www.googleapis.com/calendar/v3/calendars/myCal...@example.com/events: (404) Not Found'
Here's my code...possibly a problem with line $client->setAssertionCredentials, specifically, the 2nd argument.
ini_set('display_errors', 1);
session_start();
require_once "google-api-php-client/src/Google_Client.php";
require_once "google-api-php-client/src/contrib/Google_CalendarService.php";
const CLIENT_ID = 'your-client-id-here';
const SERVICE_ACCOUNT_NAME = 'your-service-account-name-here';
const KEY_FILE = 'your-privatekey-file-here.p12';
$client = new Google_Client();
$client->setApplicationName("My Calendar App");
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
$key = file_get_contents(KEY_FILE);
$client->setClientId(CLIENT_ID);
$client->setAssertionCredentials(new Google_AssertionCredentials(
SERVICE_ACCOUNT_NAME,
array('https://www.googleapis.com/auth/calendar'),
$key)
);
$client->setClientId(CLIENT_ID);
$service = new Google_CalendarService($client);
foreach ($service->events->listEvents('myCal...@example.com')->items As $item) {
echo $item->start->date . " : " . $item->end->date . " : " . $item->id . '<br>';
}
print_r($service->events->listEvents('myCal...@example.com')->items);
Any ideas? Thanks!
I feel like I'm getting close with getting this to work...I think I've gotten it to authenticate now (at least it's not throwing an exception for that). Right now, I'm getting this error message:
Fatal error: Uncaught exception 'Google_ServiceException' with message 'Error calling GET https://www.googleapis.com/calendar/v3/calendars/myCal...@example.com/events: (404) Not Found'
Here's my code...possibly a problem with line $client->setAssertionCredentials, specifically, the 2nd argument.
ini_set('display_errors', 1);
session_start();
require_once "google-api-php-client/src/Google_Client.php";
require_once "google-api-php-client/src/contrib/Google_CalendarService.php";
const CLIENT_ID = 'your-client-id-here';
const SERVICE_ACCOUNT_NAME = 'your-service-account-name-here';
const KEY_FILE = 'your-privatekey-file-here.p12';
$client = new Google_Client();
$client->setApplicationName("My Calendar App");
if (isset($_SESSION['token'])) {
$client->setAccessToken($_SESSION['token']);
}
$key = file_get_contents(KEY_FILE);
$client->setClientId(CLIENT_ID);
$client->setAssertionCredentials(new Google_AssertionCredentials(
SERVICE_ACCOUNT_NAME,
array('https://www.googleapis.com/auth/calendar'),
$key)
);
$client->setClientId(CLIENT_ID);
$service = new Google_CalendarService($client);
foreach ($service->events->listEvents('myCal...@example.com')->items As $item) {
echo $item->start->date . " : " . $item->end->date . " : " . $item->id . '<br>';
}
print_r($service->events->listEvents('myCal...@example.com')->items);
Any ideas? Thanks!
mitz
Aug 3, 2012, 9:18:12 PM8/3/12
to google-api...@googlegroups.com
PS I am using the latest SVN google-api-php-client and have the Service Account set up in the API console.
Chirag Shah
Aug 6, 2012, 7:32:56 PM8/6/12
to google-api...@googlegroups.com
Hey!
You'll need to do 2 more things:
1) Ask your domain administrator to authorize your service account's "client ID" in the domain's cPanel for the required scope:
2) Use Google_AssertionCredentials with the "prn" parameter set (the very last parameter) to the user you want to impersonate.
With this parameter, your service account will impersonate a particular user, and allow you to list events on behalf of that user on your domain.
Example:
$scopes = array('https://wwww.googleapis.com/auth/calendar');
$client->setAssertionCredentials(new Google_AssertionCredentials(SERVICE_ACCOUNT_NAME, $scopes, $key, 'notasecret', 'http://oauth.net/grant_type/jwt/1.0/bearer', $prn));
We're going through a similar issue in this thread:
print_r($service->events->listEvents('myCalendar@example.com')->items);
Any ideas? Thanks!
mitz
Aug 9, 2012, 5:28:07 PM8/9/12
to google-api...@googlegroups.com
Thanks for the reply. I'll be sure to post back with success or another question.
Message has been deleted
mitz
Aug 13, 2012, 9:08:23 AM8/13/12
to google-api...@googlegroups.com
Hi Chirag,
I tried your suggestion in #2, but I'm getting an invalid credentials (401) now (same result if I don't use the extra Google_AssertionCredentials params).
I'm a little confused about the cPanel reference in #1. Where should I find that? On my test web site (from which I'm trying to access the calendar info), we don't use cPanel.
Thanks,
mitz
I tried your suggestion in #2, but I'm getting an invalid credentials (401) now (same result if I don't use the extra Google_AssertionCredentials params).
I'm a little confused about the cPanel reference in #1. Where should I find that? On my test web site (from which I'm trying to access the calendar info), we don't use cPanel.
Thanks,
mitz
Chirag Shah
Aug 13, 2012, 1:54:09 PM8/13/12
to google-api...@googlegroups.com
On Mon, Aug 13, 2012 at 6:07 AM, mitz <keith...@gmail.com> wrote:
Hi Chirag,
I tried your suggestion in #2, but I'm getting an invalid credentials (401) now.
I'm a little confused about the cPanel reference in #1. Where should I find that? On my test web site (from which I'm trying to access the calendar info), we don't use cPanel.
The only reason to use service accounts with the Google Calendar API is to impersonate a particular user, and fetch/list/create events on behalf of that user on your Google Apps domain.
You would need to first enable this feature in your Google Apps control panel (cPanel). There is a article about this over here: http://support.google.com/a/bin/answer.py?hl=en&answer=162106
If that's not your use case, you'll want to take a look at the standard OAuth 2.0 web flow.
Here's an example:
Here's the documentation:
Thanks,
mitz
mitz
Aug 14, 2012, 12:31:12 AM8/14/12
to google-api...@googlegroups.com
When you said cPanel, I thought you meant the open source Linux server admin software. I'm with you now.
Thanks.
Thanks.
mitz
Aug 14, 2012, 12:31:47 AM8/14/12
to google-api...@googlegroups.com
mitz
Aug 14, 2012, 12:41:53 AM8/14/12
to google-api...@googlegroups.com
Ummm...I checked the API Console. I don't see a screen like the one in http://support.google.com/a/bin/answer.py?hl=en&answer=162106
Is this yet another thing I have to sign into/up for?
mitz
Is this yet another thing I have to sign into/up for?
mitz
Chirag Shah
Aug 14, 2012, 2:07:17 AM8/14/12
to google-api...@googlegroups.com
That's is only applicable to you if you're using Google Apps for your domain.
Otherwise, you'll want to take a look at the standard OAuth 2.0 web flow.
Here's an example:
Here's the documentation:
mitz
Aug 14, 2012, 10:08:30 AM8/14/12
to google-api...@googlegroups.com
Well, that would explain it. Thanks for your help. Back to the drawing board.
Bill M
Nov 22, 2012, 10:42:41 AM11/22/12
to google-api...@googlegroups.com
Hi
I'm trying to do the same thing (I think) and find the whole process insanely complex. I want to use use either 2 legged oauth or service accounts (I'm not sure which)
Basically I want a background task on my system to poke updates into a calendar without having user interaction to authorise the access. Other people will log in to see those updates. I don't know if I should use service accounts with free google calendar or 'google apps for my domain'. I can't even work out what the second one is or what the point of it is, but it might be something to do with paid-for 'google apps for business'??
I've got a google account and enabled the calendar API for it. I've then created a client ID, said it was a service account and I've been able to download a private key file with a not very secret password to protect it. I think I use that private key to encypt a JWT when using the server/server flow (https://developers.google.com/accounts/docs/OAuth2ServiceAccount#libraries) Taking that next step (in perl) looks like it'll be quite complex, so I want to be sure I'm even following the right path...
I've also signed up for a trial google apps for business as this seems necessary for 2 legged oauth. I've gone to the control panel, advanced section and setup Client API access for a 'mygbiz' domain I was able to create for free. This was described here http://googleappsdeveloper.blogspot.co.uk/2011/07/using-2-legged-oauth-with-google-tasks.html but now I'm lost and can't really see what to do next. A further article referenced in the garnier post above is out of date.
Just a pointer about roughly what method and what google products I should be using would be really helpful
Many thanks
I'm trying to do the same thing (I think) and find the whole process insanely complex. I want to use use either 2 legged oauth or service accounts (I'm not sure which)
Basically I want a background task on my system to poke updates into a calendar without having user interaction to authorise the access. Other people will log in to see those updates. I don't know if I should use service accounts with free google calendar or 'google apps for my domain'. I can't even work out what the second one is or what the point of it is, but it might be something to do with paid-for 'google apps for business'??
I've got a google account and enabled the calendar API for it. I've then created a client ID, said it was a service account and I've been able to download a private key file with a not very secret password to protect it. I think I use that private key to encypt a JWT when using the server/server flow (https://developers.google.com/accounts/docs/OAuth2ServiceAccount#libraries) Taking that next step (in perl) looks like it'll be quite complex, so I want to be sure I'm even following the right path...
I've also signed up for a trial google apps for business as this seems necessary for 2 legged oauth. I've gone to the control panel, advanced section and setup Client API access for a 'mygbiz' domain I was able to create for free. This was described here http://googleappsdeveloper.blogspot.co.uk/2011/07/using-2-legged-oauth-with-google-tasks.html but now I'm lost and can't really see what to do next. A further article referenced in the garnier post above is out of date.
Just a pointer about roughly what method and what google products I should be using would be really helpful
Many thanks
Blaine Lang
Nov 27, 2012, 9:36:00 AM11/27/12
to google-api...@googlegroups.com
It was a couple days of frustration but finally have a working program that uses the Google API Service account with the Calendar API V3 to view calendars, event details, create events, delete events and update events.
Some of my comments have been posted as a comment to this thread:
https://groups.google.com/forum/?fromgroups=#!topic/google-calendar-api/MySzyAXq12Q
Some of my comments have been posted as a comment to this thread:
https://groups.google.com/forum/?fromgroups=#!topic/google-calendar-api/MySzyAXq12Q
D Bertrand
Jun 11, 2013, 9:14:13 AM6/11/13
to google-api...@googlegroups.com
Could you post a working copy with each step documented? I have been looking for this for a while..
It would be very much appreciated.
Regards,
Dan
It would be very much appreciated.
Regards,
Dan
Reply all
Reply to author
Forward
0 new messages