Ben, If you are using a web application, rather than a standalone PC application, you might try making the user log in to his gmail/ gcalendar account before starting your application. (Or at least make the user do this before using the calendar features.) This is what I do, and it has two advantages:
1) Users do not need to grant your application token or passwords, the browser cookie or whatever google uses keeps track of the session, and lets the calendar requests right through automatically. You have no security concerns. 2) You do not need to do any session management for the Google apps, and do not have to write any code. Your life becomes easy by just making the users do this one little step of logging themselves in. It was this browser session management feature that really turned me on to the Google apps in the first place. It works so well that it is unbelieveable -- it will even wake up and submit a request for a calendar that had previously failed, if you log in to your Gmail using another tab in the browser! Regards, Victor On Nov 16, 2:13 pm, "Austin (Google)" <[EMAIL PROTECTED]> wrote: > Hi Ben, > > I understand your concern, unfortunately AuthSub authentication does > not provide the kind of finer access control you have described. Feel > free to propose or file a feature request with the Google Accounts > group - > > http://groups.google.com/group/Google-Accounts-API > > Thanks, > Austin > > On Nov 15, 5:54 pm, Ben <[EMAIL PROTECTED]> wrote: > > > > > Thanks DPM. > > > I know user can revoke the token to cancel the service. But it is > > impossible and the user need to use the service. > > > The problme is : > > Are there any method which allow me to insert event to user Calendar > > only? And then only the event I created can be deleted or modify by > > me? > > > The existing Event Permission is too large so that we can view and > > modify the event created by user. > > > Thanks > > > On 11月14日, 下午1時53分, DPM <[EMAIL PROTECTED]> wrote: > > > > The user can revoke your token > > > with:https://www.google.com/accounts/IssuedAuthSubTokens > > > > On 13 Nov, 00:52, Ben <[EMAIL PROTECTED]> wrote: > > > > > I have web application to insert, update events to user's Google > > > > Calendar. > > > > I use AuthSub proxy authentication. > > > > After user login Google, I obtain the Auth Token of the user. > > > > I found the the Auth Token is permanent and seem not to expire. > > > > I can use this Token to access the user Calendar again and view and > > > > add event in the calendar. > > > > > It seem there are Security and Privacy problems and responsibility on > > > > us. > > > > > Are there any method which allow me to insert event to user Calendar > > > > only? And then only the event I created can be deleted by me? > > > > > Do anyone know more about that? > > > Thanks and Regards,- Hide quoted text - > > > - Show quoted text -- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Calendar Data API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-calendar-help-dataapi?hl=en -~----------~----~----~----~------~----~------~--~---
