G Suite Developers Blog

On the road again - upcoming events around the world

October 25, 2011

Ryan BoydNicolas GarnierMoscow, Prague, and Paris (with a side trip to a Warsaw GTUG)Saurabh GuptaClaudio CherubinoMichael Manoochehri

Google Developer Day in Tokyo - November 1st

Google Developer Day in Sydney - November 8th

Google DevFest in Singapore - November 12th

Google DevFest in Jakarta - November 16th

RyanMichael

Google Developer Day in Tel Aviv - November 13th

Google DevFest in Berlin - November 19th

First up is the gSocial conference on November 8-9 in Santa Clara, California. This is a peer-to-peer conference for Google Apps Resellers and Independent Software Vendors (ISVs) to collaborate, share best practices, and partner to grow their businesses.

The Small Business Web is hosting its first Summit on November 11-12 in San Jose, California. Software vendors, resellers, and distributors serving small businesses are attending to make decisions to push the industry forward over the next few months.

Steven Bazyl profile | twitter | events

Steve is a Developer Advocate for Google Apps and the Google Apps Marketplace. He enjoys helping developers find ways to integrate their apps and bring added value to users.

Upcoming changes to OAuth 2.0 endpoint

October 11, 2011

Editor's note: This post by Google Senior Product Manager Justin Smith has been cross-posted from the Google Code blog because we think it'll be of great interest to Google Apps developers. -- Ryan BoydIn the coming weeks we will be making three changes to the experimental OAuth 2.0 endpoint. We expect the impact to be minimal, and we’re emailing developers who are most likely to be affected.November 15, 2011Change #1: Error responses for client-side web applicationsOAuth 2.0 client-side web applicationshttps://www.example.com/back?error=access_denied.https://www.example.com/back?error=access_deniedhttps://www.example.com/back#error=access_deniedChange #2: Offline access as a separate parameterOAuth 2.0 server-side

Redirect the browser to the Google OAuth 2.0 endpoint.

The user will be shown a consent page.

If the user consents, parse the authorization code from the query string of the response.

Exchange the authorization code for a short-lived access token and a long-lived refresh token.

offlineonlineonlineofflineofflineofflineonlineonlineChange #3: Server-side auto-approvalOAuth 2.0 server-sidesending a user through the flow another time requires them to see the consent screen again

Users will only see the consent screen on their first time through the sequence.

If the application requests offline access, only the first authorization code exchange results in a refresh token.

Mitigation of offline access (#2) and auto-approval (#3) changesapproval_prompt=forceaccess_type=offlinehttps://accounts.google.com/o/oauth2/auth? client_id=21302922996.apps.googleusercontent.com& redirect_uri=https://www.example.com/back& scope=https://www.google.com/m8/feeds/& response_type=code https://accounts.google.com/o/oauth2/auth? client_id=21302922996.apps.googleusercontent.com& redirect_uri=https://www.example.com/back& scope=https://www.google.com/m8/feeds/& response_type=code& access_type=offline& approval_prompt=force Questions?https://groups.google.com/forum/#!forum/OAuth 2.0-dev

Justin Smith

Justin Smith is a Product Manager who works on authentication and authorization technologies at Google. He enjoys woodworking, cycling, country music, and the company of his wife (not necessarily in that order).

Improving the Apps Marketplace Sign-in experience

October 11, 2011

Google Identity Toolkit

account chooseropt-inGoogle Identity ToolkitGITkit and Apps Marketplace documentation.

Eric Sachs

Eric is a Product Manager for Google Security and board member of The OpenID Foundation. He has more than 15 years of experience in the areas of user identity and security for hosted Web applications. During his five-plus years at Google, he has worked as a Product Manager for many services, including the Google Account login system, Google Apps for Your Domain, orkut.com social network, Google Health, Google Security, and Internal Systems.

Service On/Off Now for All Apps

October 10, 2011

.on { padding: 0 3px 0 3px; color: white; background-color: green; } .off { padding: 0 3px 0 3px; color: white; background-color: red; }

Organization & users > Services

This replaces the old link labeled "Disable {app name}"Dashboard > {app name} > "App status" App and Gadget Visibiltyapp and gadget visibilityON"More"OFFDashboard New Scoping by Suborganizationan important new scoping capability:

Visibility versus Authentication and AuthorizationOFFnot a substitute

Andy Rothfusz

Andy is a Developer Programs Engineer for Google Apps Marketplace. He has over 14 years of experience in developer programs covering a wide range of applications including 3D graphics acceleration, natural language processing, video games and video streaming.

On our Way to See You in Moscow, Warsaw, Prague and Paris

October 9, 2011

Just a few weeks ago, several members of our Google Apps Developer Relations team returned from Buenos Aires, Sao Paulo, Hyderabad and Bangalore where they met with many enthusiastic developers as part of Google Developer Day and DevFest events. We're now headed to the skies again and looking forward to talking with amazing Russian, Polish, Czech and French developers.Whether you're building integrations with Google Apps into your products to connect users with their data, helping customers integrate Google Apps with other parts of their Enterprise IT systems, or are simply customizing your own Google Apps environment-- we want to meet you. Drop us a line on Google+ or Twitter and let us know where you'll be.Here's our schedule:

Google Developer Day in Moscow - October 10th

Google Technology User Group meetup in Warsaw - October 12th

Google Developer Day in Prague - October 18th

Google DevFest in Paris - October 20th

Here's who's visiting:

Ryan Boyd profile | twitter | events

Talking about: OAuth and OpenID, Google Apps Administrative APIs
Headed to: Moscow, Warsaw, Prague

Ryan is a Developer Advocate on the Google Apps team, helping businesses build applications integrated into Google Apps. Wearing both engineering and business development hats, you'll find Ryan writing code and helping businesses get to market with integrated features.

Nicolas Garnier profile | twitter | events

Talking about: Google Apps Script, Google Apps: New APIs & Features, OAuth and OpenID
Headed to: Moscow, Prague, Paris

Nicolas joined Google’s Developer Relations in 2008. Since then he's worked on commerce oriented products such as Google Checkout and Google Base. Currently, he is working on Google Apps with a focus on the Google Calendar API, the Google Contacts API, and the Tasks API. Before joining Google, Nicolas worked at Airbus and at the French Space Agency where he built web applications for scientific researchers.

Calorie Counting with Google Apps Script

October 6, 2011

by 2030, 50% of the population will be obesehttp://caloriecount.about.com/http://fatsecret.com/ Counting Calories using Apps Script

“@FOOD” How do you set it up?Tools > Script EditorFile > New > From Script Template“Calorie Counting”Triggers>Current script’s triggers

“@WEIGH”Script Editor > Share > Publish Project

Drew Csillag

Drew is a Software Engineer and Manager at Google on the Google Apps Script project, based in New York. He previously worked on Billing at Google, and for the 13 years before, he has worked on everything from hardware up to GUI frontends and everything in between.

Building Integrated Apps for the Mobile Workforce

September 30, 2011

The Google Apps Marketplace is a storefront for Google Apps customers to discover, purchase, deploy and manage web applications which are integrated with Google Apps. These applications are typically used from desktops and laptops, but many vendors on the Apps Marketplace have also optimized the experience for their users who are on-the-go. There are several different strategies for enabling a mobile workforce, and each requires a different approach to authentication and authorization.Lightweight: Synchronize Contacts, Calendars and Docs with Google AppsGoogle has written applications and synchronization clients to help ensure that the core Google Apps data is available to users on their mobile devices, whether they’re on their mobile phones or tablets. By storing contacts, dates and documents from your application in Google Apps using the application APIs, you can leverage these features to provide a mobile view for your users. Since you’re only accessing the application APIs on your web application’s server, and the user has already linked up their mobile device to their Google account, there are no special techniques for authentication and authorization when using this lightweight approach.Standards-based: Build a mobile-optimized web applicationWith the latest advances in HTML5 web technologies such as offline and local storage, it’s possible to build mobile interfaces for business apps which are full-featured and accessible to users on many devices. The primary goal in building the mobile web application is to optimize the user experience for different input devices, form factors and limitations in network availability and bandwidth. Because the application is in a web browser, most of the changes to implement are in the frontend-- HTML, JavaScript and CSS. User authentication and data authorization continue to use the same OpenID and OAuth technologies as are used for the desktop/laptop version of the application.Device-custom: Build native companion apps for mobile devicesDoes your application need access to hardware-specific APIs which are not available in a web browser, or do you feel a great user experience can only be achieved using native code? Several Apps Marketplace vendors have built native applications for popular mobile platforms like Android and iOS. Although it takes considerably more effort to build multiple native applications to cover the major platforms, these vendors can also take advantage of the additional distribution channels offered by mobile stores.Authentication and authorization are often challenging for developers building native mobile applications because they cannot simply ask users for a password if their app supports single-sign on to Google with OpenID. We recently published an article describing a technique using an embedded webview for accomplishing OpenID authentication in mobile apps. This article includes references to sample code for Android and iOS.

Many Project Management applications, like Manymoon, store important dates on Google Calendar. These dates are then available on mobile devices.

GQueues has a HTML5 mobile app. Their founder has written about why they used this technique.

Native applications, such as the OpenID Sample Store displayed, can use an embedded webview to authenticate users.

Ryan Boyd profile | twitter | events

Ryan is a Developer Advocate on the Google Apps Marketplace team, helping businesses build applications integrated into Google Apps. Wearing both engineering and business development hats, you'll find Ryan writing code and helping businesses get to market with integrated features.

Want to weigh in on this topic? Discuss on Buzz