Oddbean new post about | logout
Fabio Manganiello | 1 years ago (raw) | export | reply | flag 
 I'm very tempted to drop the support for all the #Google integrations from #Platypush.

I built these integrations with the Google APIs (Calendar, GMail, Fit, YouTube, Maps, PubSub, Translate...) in a different era, when building against the Google APIs was still fun and Google was a very different company.

Back in the day, it was still very easy for a DIY developer to create their own application in the developer console, generate an OAuth2 client ID, download it, pass it to Platypush, and everything would happily run.

Easy to write in a blog post, easy to do, easy to maintain, easy for any DIY enthusiast to do as a weekend project.

Nowadays, you can't do any OAuth2 thing in your application unless your application has been approved by Google - and every developer who has interacted with the Google ecosystem is familiar with the Kafkaesque, faceless and bureaucratically dumb process that it is to get any piece of software approved by Google.

You can't write a blog post about this kind of stuff anymore.

You can no longer say "create a dashboard that shows events from your Google Calendar, or statistics from your Google Fit metrics, or blinks a light when you get a new email, in 5 simple steps".

Because, among those steps, there will be something along the lines of "submit your app to Google for verification, explain why you want to run a dashboard on your Raspberry Pi instead of buying one of their gadgets, and explain to them that, being the user and the owner of the application the same person (yourself), it sounds even silly to have an verification system in place - i.e. the 'personal use of my own data' case should always be covered". Oh, and all of this only applies if you're the lucky winner of a "Talk to an actual human working at Google" lottery ticket.

Not the kind of article you'd read on Tom's Hardware or HackerNoon, nor the kind of project you can put together on a Sunday afternoon, isn't it?

But, hey, there's still an alternative!

That alternative is the often (and rightfully) overlooked offline API keys.

Create an unrestricted offline API key (i.e. a key that has access to all the scopes connected to your account), download it, and everything will still work.

So I guess that this is the way Google thinks of improving both user security and developer experience?

If you want to build an app that only serves yourself, then you have to create a key that can do anything on your account, instead of relying on the safer and more granular OAuth2 process?

Is it even worth to still build/maintain something that integrates with the products of a company so much hopelessly submerged in diarrhea when it comes to developer experience?

Or should I just say "if you want your Platypush automation scripts to integrate with Google products, just use the IFTTT integration as a proxy"?

p.s. The "Proceed to <appname> (unsafe)" link on their error page doesn't even work anymore.

https://social-media.platypush.tech/media_attachments/files/111/156/375/217/506/124/original/ab167fa5666440a9.png