Google Search Console API O-Auth from Settings

franzenzenhofer / f19n-obtrusive-livetest

A sandboxed, extendable testing chrome extension and framework! It runs pre-defined and custom tests on each page that you visit.

https://chrome.google.com/webstore/detail/f19n-obstrusive-live-test/jbnaibigcohjfefpfocphcjeliohhold?hl=en

55 stars 1 forks source link

Google Search Console API O-Auth from Settings #80

Open franzenzenhofer opened 5 years ago

franzenzenhofer commented 5 years ago

it should be possible to access the

Google Search Console API (https://developers.google.com/apis-explorer/#p/webmasters/v3/ ) Google Analytics API (https://developers.google.com/analytics/devguides/reporting/core/v4/ )

from the rules

for this we need an OAuth 2 Token GSC: https://developers.google.com/webmaster-tools/search-console-api-original/v3/how-tos/authorizing GA: https://developers.google.com/analytics/devguides/reporting/core/v4/authorization (read only access it enough)

on the "Settings" Section it should be able to start the authentiaction. the OAuth Verification Section should before the rules.

in the context of the rules the oauth token shoud be available as someting like

context.tokens.google_search_console context.tokens.google_analytics

please implement some sample rules that show the access to these APIs

(in the application the code should be implmented in a way that it is relatively easy to add other oauth verifcation pathns in the future )

franzenzenhofer commented 5 years ago

hi, ja, wäre super, hiermit beauftragt, ruf mich an falls fragen gibt.

idee ist dass ich mich via oauth2.0. in den settings bei google search console, google analytics anmelden kann.

dann zugriff auf den oauth token von den regeln aus (globals)

dann regeln schreiben die die den oauth token verwenden können . bitte auch eine dummy regel schreiben als proove of concept.

neuling commented 5 years ago

Erste Implementierung sollte funktionieren inkl. Beispiel-Rule (https://github.com/franzenzenhofer/f19n-obtrusive-livetest/blob/master/src/public/default-rules/google-api-token.js).

Es ist allerdings so, dass wir in der App (Google Console) die Extension-ID angeben müssen. Ich muss noch checken, ob sich diese ID eh nicht ändert und wenn doch, müssten wir die ID fixieren. Ich gebe dir diesbezüglich noch bescheid was von deiner Seite dann zu tun wäre.

Sofern bei dir die Extension-ID im development modus folgende ist jhpgmhnbhbbicghjgdipjoodolgclkek kannst du die aktuelle Implementierung schon mal testen. Wenn nicht, gib bescheid.

Screenshot 2019-03-14 22 33 31

Screenshot 2019-03-14 22 33 46

Screenshot 2019-03-14 22 34 10

Screenshot 2019-03-14 22 34 23

franzenzenhofer commented 5 years ago

meine ID is leider

bei 'nen click mit "sign in with google" bekomme ich

i found this online https://developer.chrome.com/apps/manifest/key

neuling commented 5 years ago

@franzenzenhofer Hab jetzt einen fixen public key im manifest gesetzt. Sollte zur folge haben, dass die Extension beim Entwickeln immer die selbe ID bekommt (njakpgmhmabjndneefpeehijmkepmkmd).

Habe die ID auch entsprechend bei der App eingetragen.

Außerdem habe ich zwecks sauberer Trennung eine eigene App für Development (DEV) angelegt.

franzenzenhofer commented 5 years ago

frage: funkt das dann auch in der fertigen gebuildeten app nach den rollout via appstore?

franzenzenhofer commented 5 years ago

Außerdem habe ich zwecks sauberer Trennung eine eigene App für Development (DEV) angelegt. ? bitte um mehr context, wo?

franzenzenhofer commented 5 years ago

Oauth Works now.

If it's successfully conneceted please add a checkmark next to the headline:

Connect with Google ✅

franzenzenhofer commented 5 years ago

will write first rule today at night for further testing

franzenzenhofer commented 5 years ago

hi @neuling

i'm struggling to make the API requests work

with this rule https://github.com/franzenzenhofer/f19n-obtrusive-livetest/blob/610ba67c518194ca8ae01d1d716860d67004d4b7/src/public/default-rules/google-search-console-webproperty-available.js

i get this console output (background.html)

this is the same error response as if i do not give an KEY value

test case when visiting this page https://www.fullstackoptimization.com/

i gave you access to this domain in google search console to your email (ownedb...@gmail.com) so you can test

neuling commented 5 years ago

@franzenzenhofer I just figured out you need to send the access_token via Authorization header instead of key URL param. I changed the rule and from what i can see the rules works now.

franzenzenhofer commented 5 years ago

hi, it works great until it doesn't.

i often get an http 401 - invalid token.

then i need to disconnect - connect again and it works great again.

here are some hints why this happens https://stackoverflow.com/questions/17813621/oauth2-0-token-strange-behaviour-invalid-credentials-401

i also can confirm it happens when i change network (and with this prop my ip and with this the token is imvalidl

is there a way to prevent this token invalidation - or - to automate the connect/disconnect dance? either on an event, regularly or a method / message i can ise from the rules?

neuling commented 5 years ago

Got it. Will find a solution for this problem.

franzenzenhofer commented 5 years ago

hi moritz, would be awesome if we could finish this in the near future so we can focus on that other project

franzenzenhofer commented 5 years ago

ping @neuling

neuling commented 5 years ago

Sorry, I am on it … update soon.

neuling commented 5 years ago

@franzenzenhofer Pls pull and test it again. I will check for a fresh accessToken before the rules get executed.