I have been using the Google Calendar API since October 2014 thanks to VCL Cloud Pack. Today I migrated the application to Delphi 10.4 using the latest version of TAdvGCalendar. But my DUnit
test cases for adding/editing/deleting a Google Calendar entry failed.
So I went back to the same project in Delphi 10.3.2 and tested it there
as well. Another failure. This was working not so long ago. The error I
get inside the REST handling of the component is: "API key not valid.
Please pass a valid API key."
I read up on how to create an application for Google's Calendar API via the API console here. In my OAuth consent screen I added the scopes
../auth/calendar.events
../auth/calendar.readonly
and as a result the OAuth consent screen now needs verification. Previously I did not use these scopes and had a "native client" as OAuth 2.0 Client ID.
I also added an Application Homepage link and an Application Privacy Policy link today. I also did a Domain verification and added a DNS entry to my domain name for Google. A SSL certificate exists for my domain name and is installed.
I have tried the new Client ID & Client secret of the new Client ID for Web application.
But I am still told that my app has not been verified and when I accept
the "risk" and proceed to give my application the right to add, edit
& delete calendar entries in my personal test calendar I can not get
a valid token. The token TAdvGCalendar returns is way too short (e.g. just 6 characters).
Do I really need the above OAuth scopes? Have these OAuth requirements of Google changed recently? Am I doing the right thing and just need to wait for the app verification by Google?
Note that there is no need for extra scopes. The default scopes should be sufficient.
The error you mentioned is caused by recent changes in the Google APIs.
The issue has been fixed in the latest version of TMS VCL Cloud Pack.
Please make sure you have correctly installed the latest version.
I have installed TMS VCL Cloud Pack 4.0.7.1 and my test cases pass again. Thanks for the update!
Mind you I have a tool for new customers to grant access to the calendar and create the Tokens string required for the INI file. In that tool I ask for the list of calendars belonging to the Google account my user has and let them select a calendar. This CalendarID is stored together with the Tokens in the INI file of my application server.
If I do this now as if I were a new user of my software I need to login to my Google account and it says "This app isn't verified". I select "Advanced" and can then click on the link "Go to Maranatha Consulting CRM Google-Calendar-Integration (unsafe)". Then I can allow access to my calendars and the reply from your HTTP server inside the TAdvGCalendar conmponent is "Application succesfully authorized. You can close this browser window". In the TCloudGoogleWin.DoCommandGet I can see that I get an access_token & refresh_token back from the Google API.
What has changed is that the TAdvGCalendar.DoAuth is no longer synchronous and I had to move the code to populate my calendar selection combobox into the event handler TAdvGCalendar.OnReceivedAccessToken. So it is all working again.
Form your experience how long will it take for Google to declare the application as safe & verified?
it seems the security tokens that my customers used to use on their app server are no longer working. So I have to ask them to login to their Google account and select the correct calendar again. Then the selected CalendarID and Tokens need to be updated in the INI file of their app server.
Could that be a side-effect of using the new Google Calendar API?
There haven't been any changes to the behaviour of the DoAuth call, but it is indeed recommended to use it in combination with the OnReceivedAccessToken event.
Please note that you'll have to manually request your Google App to be verified by Google. Unfortunately I'm unable to provide a timeframe to get your app verified as we have no control over this process.
It is possible that if you changed the settings in your Google App that existing tokens become invalid.
