Google API Authentication for App That Only Accesses One Account
Should I use a Service Account or an OAuth 2.0 Client ID?
I'm struggling to understand Google's documentation on authenticating for their APIs. I'm creating a basic application that will help users add and modify Google Calendar events for a single Google account (the account is shared between all users). I only need the application to access that one account, it'll never need to access any others.
It seems to me that Service Account would be best for this, but Google's documentation suggests Service Accounts should only be used for automated processes (unless I'm misunderstanding). For instance this page contains the following, describing when to use Service Accounts.
Would my application qualify as acting on the users behalf?
If so, I would want to use OAuth Client ID credentials, which will ask the user to sign in to a google account. In this case, is there a way I can guarantee they only sign in to the one account I want modified?
I can't find any decent documentation on the OAuth authentication requests to figure this out myself. If there is any could you point me there?
I'm sure I'm misunderstanding something basic here, but thank you for any help!
First off you should know that you can only use service accounts with Google aclendar api if you have a google workspace domain account.
You can then set up a calendar and a domain user that the service account can act on behalf of to control the access of that calendar.
Assuming that your application is going to preform all actions on this calendar then yes i would say that you could use a service account for this. If your app bacly has a ui with a calendar on it your just using google calendar to store the data.
However if you intend to share this calendar with the users themselves, this way they could see it within their own google Calendar account. Im not sure a service account would be the way to go.
If you want the users to be able to see it and make changes then you may want to just use Oauth2. Grant them access to the calendar and then request access to their calendar account.
Drawback to that option is going to be the verification process. You will get access to all the users calendars and your going to need write access.
If you can go with a service account you really should consider it it will save you a lot of hassle with verification.
- ValueError: Client secrets must be for a web or installed app
- CredentialManager and Google Identity Signin API How to
- GoogleApis - JavaScript heap out of memory
- Cannot insert moment - Google Plus API
- How to obtain android app version code using Google Api?
- How to access Google search right hand side data programmatically?
- Phone Number Hint enable phone number sharing
- Get file name from id with Google Drive PHP Library
- Exclude specific URLs from chrome.declarativeNetRequest redirect?
- YouTube Data API set_thumbnail generates error - failedPrecondition: Precondition check failed
- Google Console - How to add Authorized redirect URIs via API
- "Error 403: access_denied" from Google authentication web API despite Google account being owner
- Google+ API leave business review
- How to identify a Google OAuth2 user?
- Google API Invalid JWT Signature in SFCC
- Google cloud, unable to edit policies to enable permission to create Service Account Keys
- Google Cloud Platform Secret Manager API 403 Error
- Google Calendar API why is EXDATE not working
- My Business Notifications Google APIs: 403 The caller does not have permission
- How to get quick answers in Google or DuckDuckGo using Python
- Google Drive api scope and file access (drive vs drive.files)
- Google Calendar API v3 - Only send emails to newly added attendees
- Google Vision API hitting request limit even though I am sending way less no of requests
- Using JS Blogger API v3, How to sort posts in an ascending order?
- Are there tools like Jqwik for easily testing Google API's time class? (DateTime, EventDateTime...etc)
- Quota exceeded for quota metric 'Requests' and limit 'Requests per minute' of service 'mybusinessaccountmanagement.googleapis.com'
- Google Sheets API - Bolding and Highlighting text
- How to test Google's OAuth granular consent screen for TV & Device Apps
- How to specify fields for $plus->people->get('me') call?
- Getting the raw data from google drive using google api