Thanks, Jarrad! Really helps to see everything laid out end to end.
I’ve been having trouble successfully connecting to the google cloud apis (for sql storage) from the API connector on the bubble side. It would be amazing if you could map out an example for where all of these fields go within the API connector & the bubble-side process for connecting!
@jarrad - I agree with @susanne that a part 2 of this guide would be awesome!
I’ve been at it for several hours, and still can’t seem to get Google Drive connected through the API Connector. What you have put up so far has been helpful… started a thread on that here
I have successfully hooked up Google Cloud Vision API via the Bubble API Connector, which was relatively straightforward using a service account API key. However, hooking into Google Cloud Storage API is proving much more difficult. Has anyone had any luck doing so? Maybe you @jarrad? The process seems to be much more convoluted, and I am completely stuck trying to figure out Google’s OAuth2 flow for a service account. It involves obtaining a signed JWT to exchange for a bearer token. I’ve followed Google’s documentation as well as I can, and created what I thought was a valid signed JWT, but when I go to exchange it for the bearer token (in Postman) I ultimately still get an error: “invalid_grant” (error_description: “Invalid JWT signature”). Not having any luck troubleshooting on the web/StackOverflow. Can anyone help?
Just looking at a few parts of your message im wondering in what case your using a service account with an API key? but the other thing is when you say OAuth flow - what exactly are you expecting to see using a service account in regards to this? its not a trick question, i have seen a few people go around in circles trying to perform end user tasks with service accounts and expecting the whole auth flow to be the same.
I’m trying to get a list of bucket objects from Google Cloud Storage JSON API. Unlike the Cloud Vision API, which has minimal security since it’s just a processing API (therefore allows a simple service account API key to use the API), the Storage API requires OAuth – at least I think it does – because it is in theory accessing user data. In my case, all of the objects are publicly accessible, but I still can’t see any way to get the storage API to return the object list without authenticating with something more than just my service account API key.
When reading the documentation, it seems that Google Cloud Storage JSON API has both a “normal” user OAuth flow as well as a specific flow for applications (service accounts). Reference here: https://cloud.google.com/storage/docs/authentication?authuser=1, which includes this excerpt …
A server-centric flow allows an application to directly hold the credentials of a service account to complete authentication. Use this flow if your application works with its own data rather than user data. Google Cloud Platform projects have default service accounts you can use, or you can create new ones.
… and an entire section beneath it on Service Account Credentials, the operative part being this:
When you use a service account to authenticate your application, you do not need a user to authenticate to get an access token. Instead, you obtain a private key from the Google Cloud Platform Console, which you then use to send a signed request for an access token. You can then use the access token like you normally would.
I obtained the private key for my service account (easy), but I keep ending up in circles trying to figure out how to exchange it for the bearer token that I need for my API calls.
I also couldn’t get this to work until I checked the Use a generic redirect URL and copied that url under the Authorized Redirect URIs back in the Google Cloud Console.
So I understand that the email of a user who has signed up with a social login should be set using an external api > the social login provider’s endpoint
but what should I set the password to? A random string of characters?
Ahhh: UPDATE You don’t have to manually save the email and you don’t make a password (the Oauth provider has us covered on that). Just make changes to the User object like so:
hey Edd - did you manage to get this working as you’ve described using a Google service account key? I too have the requirement to access my entire firebase database and need a single auth rather than for each individual user.
No, but I don’t think there’s much mystery on the Google side; if memory serves me well, I think it was just the general confusion of how to get a signed JWT. @jarrad may be able to help you (via PM).
I’m trying to do this for the Google Calendar API and since that requires access to sensitive information it looks like Google requests that you register the domain. But I’m not ready to publish by Bubble app and still using the test domain.
For now I’m getting this 403 Error.
Anyone know how to register these test Bubble domains?
After the user has signed in via Google or Facebook, their profile information such as first_name and profile_photo will be available on the current_user like so:
It’s a little confusing because this data doesn’t show up in the database/user table definitions but… as you can see above… it’s there.