Google Calendar API and Google App Verification Process
I'm creating a website for a client that utilizes the Google Calendar API. Essentially, the client needs to be able to input his calendar ids and have events populate on the website. This is handled via a firebase function that performs a request to the Calendar API.
The first thing I tried was following Google's quickstart tutorial for calendar API. This worked for a while until the temporary access token they provided expired, and I realized the access token was temporary.
Next, I generated my own OAuth2 client ID and used that. This worked briefly until I started receiving "Anonymous usage expired" errors from Google, which after some time I realized was because the key did not have the read-only calendar scope enabled.
In attempting to enable the scope, I was told that I need to verify my app with Google, which can take several weeks and requires that I write terms of service and privacy policy for my app. This seems a little unnecessary, as it will only be reading events from one person's calendar, and he has already granted me approval and access.
My next thought was to make the calendars public and use a static API key, but the calendar is synced from a booking service called Peak Pro, which populates the calendar descriptions with the names, emails, and phone numbers of the clients attending events. I can't expose those publicly.
Next, I was drawn to the CalDAV API, but it seems to have the same requirements with regards to verifying the OAuth2 consent screen with Google.
I wouldn't normally pose such a basic question, but I've been unable to find a solution after 3 weeks. Does Google provide another option here that I'm missing?
Unfortunately the simple answer is that no, Google doesn't provide another option for this.
For security reasons when providing a service to users outside of your domain using the G-Suite APIs, the process necessitates Google's verification of the application. This is purely for security reasons, as personal information could be read and passed by the application, and without this manual verification code could be executed beyond that which the application developer is claiming.
As a workaround for this however, you can use the iframe embed provided in the Calendar's settings to import the calendar into the webpage after making the event details of the events private. Your client can provide this link to you by completing these steps:
- Go to
calendar.google.com - At the top right of the page, go to ⚙ -> Settings
- Select the Calendar you wish to display on the left-hand panel of the page.
- Under 'Access Permissions', click 'Make Available to Public' and change the drop down menu to have 'See only free/busy (hide details)' selected [1].
- Under 'Integrate Calendar', there are links to a public URL of the calendar, and an iframe embed code.
With 'See only free/busy (hide details)' selected, the only information that will be available to view to anonymous/public users is the time of the event and the owner of the calendar. All other information for an event in the calendar is hidden unless the person viewing the page is invited to the event and logged in [2].
- 'getDoc' is not exported from 'firebase/firestore'
- Firebase Cloud Functions: Difference between onRequest and onCall
- Place to initialize Firebase in Nuxt.js app
- How can I work with FCM using Cloud Firestore?
- Writing to FireStore - how to show error when fails (if no network)
- Build falied after flutterfire is configured
- java.lang.IllegalAccessError: superclass access check failed: class org.jetbrains.kotlin.kapt3.base.javac.KaptJavaCompiler?
- Android Firestore query paging FirebaseFirestoreException: INVALID_ARGUMENT
- How can I shut down the local firebase emulators?
- Flutter: include of non-modular header inside framework module 'firebase_core.FLTFirebasePlugin'
- Error: RangeError [ERR_BUFFER_OUT_OF_BOUNDS] when Fetching Document from Firestore
- Error: Failed to get Firebase project project-name. Please make sure the project exists and your account has permission to access it
- How can I prevent certain HTML tags from being stored to Firestore with firestore.rules?
- suspend function returning too early
- Why is the Payload Null in My Redux Action?
- Firebase - Multi-location updates method deprecated, what now?
- How to Detect User First Time Logging in Firebase on Web App Javascript
- Firebase - Check if it's the first time signing in
- iOS Firebase Swift, using on OnDisconnect to monitor online status does not work
- Access Firestore ID generator on the front end
- Angular V18, SSR and requests to Firestore
- Firebase Function using ffmpeg successful with emulator, out of memory when deployed
- Android Firebase DataSnapshot class returning null to custom java object
- app crash on FireBase FireStore connection
- Flutter NSException: Configuration fails. It may be caused by an invalid GOOGLE_APP_ID in GoogleService-Info.plist or set in the customized options
- Firebase Auth: Requests from this Android client application com.xxx are blocked
- OTP SMS verification code request failed: unknown status code: 17499 BILLING_NOT_ENABLED
- Using firebase with WatchKit
- How do I find out what the current version of Firebase Tools is
- DatabaseException: Failed to get FirebaseDatabase instance: Specify DatabaseURL within FirebaseApp or from your GetInstance() call