If you don't have a Google Admin Account #131
Comments
|
Hey @Sp3y3Der-8 - Thanks for trying out PSGSuite! What functions have you tried so far? There should be a way to use a limited amount of functions like Gmail, Drive or Calendar related ones, but functions that manage users, security settings, etc, may not be usable. There's a chance you may also need to use the client_secrets.json approach instead of the P12Key approach. Let me do some testing and get back to you! I honestly haven't had anyone interested from a purely Gmail perspective yet, tbh 😄 |
|
Hi thanks, yes that would be great. Some minor accesses to gmail/gdrive to pull data would help. So this part of it is tiny, but helpful nonetheless. I havent managed to run anything yet as I get the above error. Gmail / Gdrive specifically Gsheets would be awesome. |
|
I'm hitting the same thing. Naively I thought I would be able to create a service account, then manually grant it access to my account specifically. But I can't find the button to do that, and I don't have an admin account for my domain. |
|
@cspotcode - Are you in a G Suite domain just without an admin account? @Sp3y3Der-8 & @cspotcode - I'll keep you guys updated on this, just haven't had time. |
|
@scrthq I believe so, yes. My employer gives us all GSuite, but I'm not in our IT department so I don't have any sort of admin access. |
|
@cspotcode gotcha! |
|
@Sp3y3Der-8 / @cspotcode - I'm able to replicate the errors, seeing what I can do about fixing them now. |
|
Awesome thanks!
Sent from TypeApp
…On 20 Dec 2018, 05:30, at 05:30, Nate Ferrell ***@***.***> wrote:
@Sp3y3Der-8 / @cspotcode - I'm able to replicate the errors, seeing
what I can do about fixing them now.
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#131 (comment)
|
|
Working with the client_secrets.json method! I need to fix the scoping though, as currently the scopes requested and authorized the first time are the only ones that stick, so this auth method will need to be adjusted to request all applicable scopes (Gmail, Drive, Calendar primarily) on the first run to build the tokens correctly. Additional updates to come soon, but this will require both an update to the documentation as well as an update to the module itself. Should be able to have both done by this weekend though 😄 |
|
Really appreciate this! Will be very a very welcome and helpful edit. Thanks!
Sent from TypeApp
…On 20 Dec 2018, 17:37, at 17:37, Nate Ferrell ***@***.***> wrote:
Working with the client_secrets.json method! I need to fix the scoping
though, as currently the scopes requested and authorized the first time
are the only ones that stick, so this auth method will need to be
adjusted to request all applicable scopes (Gmail, Drive, Calendar
primarily) on the first run to build the tokens correctly.
Additional updates to come soon, but this will require both an update
to the documentation as well as an update to the module itself. Should
be able to have both done by this weekend though 😄
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#131 (comment)
|
|
Thank you for the quick update! |
|
Scope updates validated! Here's a Gmail API call immediately followed by a Drive API call to confirm. The high-level overview for the auth portion of this is that you'll need to create an OAuth Client ID in the Developer's Console using the Below are the steps for using a client_secrets.json file instead of the P12Key. You can try it out right now, just be aware that the scope first authorized will be the only scope that works until I release the next version (i.e. if you use a Gmail command first, a subsequent Drive command will fail due to unauthorized client):
$myConfig = Show-PSGSuiteConfig
Set-PSGSuiteConfig -P12KeyPath $null -ClientSecretsPath "C:\Users\$env:USERNAME\Downloads\client_secrets.json" -ConfigName $myConfig.ConfigName -Verbose
If you try that out and run into issues, let me know here! Should have the updated version out today actually, will update ASAP |
|
Doing more testing on which APIs work with a non-admin account and here are the ones that do:
Basically, anything that's not using the Admin SDK should work with a normal Gmail account using client_secrets.json Updates to come tonight to both the documentation and the module itself! I'll post here once everything is ready to go. |
|
@Sp3y3Der-8 / @cspotcode - Deploying v2.21.1 with the fixes around Auth. You can see the published updates to the docs with info on non-G Suite Admin setup here: https://github.com/scrthq/PSGSuite/wiki/Initial-Setup#free-google-account-users-and-g-suite-users-without-superadmin-access Let me know if everything works out ok and/or if you have any additional questions! Keeping this open until I have confirmation from you both. |
## 2.21.1 * [Issue #131](#131) - _Free/standard Google Account support_ * Fixed: Handling of scopes in `New-GoogleService` for authentication when a client_secrets.json file is used instead of the typical .p12 key. * Updated: Documentation to show how to use an account that is not a G Suite admin or G Suite user at all with PSGSuite * Updated: `*-PSGSuiteConfig` commands now store the client_secrets.json string contents directly on the encrypted config once provided either the path or the string contents directly, allowing users to remove any plain text credentials once loaded into the encrypted config. * Updated: `Get-GSToken` now uses `New-GoogleService` under the hood, so `client_secrets.json` will work with Contacts API.
|
v2.21.1 is available now on the PSGallery! Enjoy! |
|
Hey this is great, I came just to confirm you did infact make that a breeze. Everything I need seems to be working just fine for gmail. Yet to try anything else, but it seems its working just fine and the documentation was spot on and easy to follow.
Thank you so much for taking the time for us free gmail users, <3
Sent from Mail for Windows 10
From: Nate Ferrell
Sent: 21 December 2018 08:16
To: scrthq/PSGSuite
Cc: Sp3y3Der-8; Mention
Subject: Re: [scrthq/PSGSuite] If you don't have a Google Admin Account (#131)
@Sp3y3Der-8 / @cspotcode - Deploying v2.21.1 with the fixes around Auth. You can see the published updates to the docs with info on non-G Suite Admin setup here: https://github.com/scrthq/PSGSuite/wiki/Initial-Setup#free-google-account-users-and-g-suite-users-without-superadmin-access
Let me know if everything works out ok and/or if you have any additional questions! Keeping this open until I have confirmation from you both.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
@Sp3y3Der-8 - Awesome!! I'm happy to hear that you're good to go! And it's my pleasure ❤️ @cspotcode - Let me know when you've had a chance to check it out also 😄 |
|
@scrthq It looks like I need to perform authorization using Windows Powershell, not PowerShell Core. But after that, running command in PowerShell Core works correctly. That's good enough for me! When I authorize via Windows PowerShell, my web browser prompts me to authorize and I click Accept, I see a message "Received verification code. You may now close this window. " However, when I do the same in PowerShell Core, after clicking Accept my browser fails to load the next page and then says "Connection reset." So I think something's going wrong with the HTTP request back to PSGSuite. |
|
@cspotcode - Interesting! Thanks for letting me know, yeah that's a pretty critical note IMHO! I'll see if I can figure out why it's breaking, but I know there are vast differences in the underlying web components between Windows PowerShell and PowerShell Core. |
|
@cspotcode - Confirmed the behavior is the same on macOS in Core; looks like there's an issue with setting up the |
|
That sounds perfect, thanks. Is this something I can do now with an extra
flag?
On Dec 25, 2018 9:59 PM, "Nate Ferrell" <[email protected]> wrote:
@cspotcode <https://github.com/cspotcode> - Confirmed the behavior is the
same on macOS in Core; looks like there's an issue with setting up the
LocalServerCodeRecipient. I've tested the alternative option where it
provides you the link to manually go to in your browser then pauses while
you finish the authorization process in browser. Once auth is complete,
you're given a code to copy/paste back into the console. Works perfectly
from Core, although it's not as ideal. Only needs to happen once though.
Thoughts?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#131 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAW-uAtXm8b6qkOdYwYvxOhm3Ili5Myyks5u8uYDgaJpZM4ZRZYs>
.
|
|
@cspotcode - Not currently, but I'll have a new version out with the fix by tonight! The update will auto-prompt with |
|
@cspotcode - This is what it will look like when attempting to auth for the first time from PowerShell Core:
You would then open the link in browser which will walk you through the same authorization process. Once complete, you'll be provided a code in browser to paste back in your console like the following:
|
… to Prompt instead, added OutputType to all relevant functions ## 2.21.3 * [Issue #131](#131) * Fixed: Changed `CodeReceiver` to use `PromptCodeReceiver` when client is PowerShell Core, as `LocalServerCodeReceiver` does not appear to redirect correctly and auth fails. Same behavior in Core regardless of OS. * Miscellaneous * Added: `OutputType` to all functions that return standard objects.
|
@cspotcode - v2.21.3 is now available that contains the fix! Let me know how it works for you. I'll be updating the documentation as well to include the notes and screenshots above, likely by tomorrow. |
|
@cspotcode - Let me know how the latest version is working for you when initially authenticating in Core! If you have any feedback/criticism on the docs, I'm all ears as well! I'm going to close this issue down as I feel the original request is satisfied at this point with no further hanging items to handle, but I'll be monitoring for any follow-up feedback and will re-open if necessary. Cheers and Happy New Year, y'all! |
|
@scrthq Thanks, I just tested this and it is working perfectly in PowerShell Core! |
|
@cspotcode Awesome!! Thanks for confirming!! |
Hi there, pretty new to all this but used powershell a while. I followed everything and it seemed to work fine. I get the same error
Exception calling "Execute" with "0" argument(s):
"Error:"unauthorized_client", Description:"Client is unauthorized to retrieve
access tokens using this method.", Uri:"""
However, I did see your solution to this. The trouble is I can't go into Google Admin with a regular account to add the scopes etc. It says in your wiki that you need a Google Admin (To access all the functionality) which in itself implies this is possible with a regular gmail account. What can I or others do in this instance?
Many thanks
The text was updated successfully, but these errors were encountered: