I am trying to read some data from a private google sheet to which only the ones within my organisation have the access.
So, I have created API key and OAuth client and secret keys in the Google Cloud Developer Account. I am trying to send API request from POSTMAN as follows,
curl --location --request GET 'https://sheets.googleapis.com/v4/spreadsheets/***********/values/sheet1?key=********' \
Also I am using OAuth client and secret keys in the Authorization type OAuth 2.0
But the response is always being
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
But the google cloud account from which I have generated the API key, client and secret keys is the one which have the access to that particular google sheet.
Note:- I can be able to get the expected data using the playground application, in which I am authorizing the application at UI. So, it seems like there were some issues in obtaining the access token with the credentials I gave.
Related
I am trying to issue a POST request towards the google calendar api, but I fail to understand how to authenticate it.
I took the following steps to try and use a service account to do so:
I've enabled the the calendar api in the Google Cloud console
I've created a new service account, enabled G Suite Domain-wide Delegation, and downloaded the provided key.
I've added the service account email to the calendar to be able to make changes and create events.
I've tried to create a POST request to https://www.googleapis.com/calendar/v3/calendars/calendarId/events with the contents of the JSON key as the value of the Authorization header, but I receive the following error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
Am I missing some steps or have I do not understand correctly the authentication process?
I would appreciate your help.
Its not simply a matter of applying the contents of the key file to your call, all google apis need an access token in order to authenticate them.
To get an access token from a service account you need to follow the following steps. Preparing to make an authorized API call
There are steps you will need to complete inorder to get the access token you will need to make a call to the api
After you obtain the client ID and private key from the API Console, your application needs to complete the following steps:
Create a JSON Web Token (JWT, pronounced, "jot") which includes a header, a claim set, and a signature.
Request an access token from the Google OAuth 2.0 Authorization Server.
Handle the JSON response that the Authorization Server returns.
I recommend you pick your favorite server sided programming language and find a client library for it. It will make things much easier then you trying to authncate using a service account by yourself.
Hopefully I'm missing something very simple. According to this documentation to get an access token I need to hit the following url:
https://login.live.com/oauth20_authorize.srf?client_id={client_id}&scope={scope}
&response_type=token&redirect_uri={redirect_uri}
So far this appears to be working as the returned url I get contains
/#access_token=EwAYA61DBAAUcSSzo.......
According to the token flow documentation above,
You can use the value of access_token to make requests to the OneDrive API.
According to this page,
Your app provides the access token in each request, through an HTTP header:
Authorization: bearer {token}
When running curl I give it the exact token I was given before,
curl -X GET \
https://graph.microsoft.com/v1.0/drive \
-H 'Authorization: Bearer EwAYA61DBAAUcSSzoTJJs.....
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 8004920A",
"innerError": {
"request-id": "8780c600-2b7f-45a0-b484-7eca9dfd2697",
"date": "2019-01-25T19:33:22"
}
}
}
Why is the token they provided not working?
What I've tried so far:
changing the case of bearer in the header
wrapping said token in {}
generating new tokens
URL decoding said token
One thing to note: the tokens I am receiving are not JWT tokens. Googling the error code pulls up several Stack Overflow questions that seem to imply the graph api is expecting a JWT. If this is the case, am I missing a step to obtaining it?
You can't call Microsoft Graph API after completing the authentication flow for Microsoft accounts (OneDrive personal).
In addition, the authorization process with Microsoft accounts is no longer recommended according the docs and new applications should be developed using Microsoft Graph:
This topic contains information about authorizing an application using Microsoft accounts for OneDrive personal. However, this approach is no longer recommended. New applications should be developed using Microsoft Graph and follow the authorization process in Authorization and sign-in for OneDrive in Microsoft Graph.
I've a Node.js API which is authenticated using passport and passport-azure-ad's OIDC strategy.
After User's authentication I get User's profile, access_token, refresh_token, sub and ISS.
Then I use the same access_token to get User's details from Microsoft graph using this API - https://graph.microsoft.com/v1.0/me
When I request, it prompts me this error,
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "04048b3a-7636-4197-88ef-1f08d3a07c9e",
"date": "2018-12-26T09:40:58"
}
}
}
When I use OAuth 2.0 and get the access_token and use that access_token to access the same API, the details are returned successfully.
Although even I tried matching the access_tokens returned by Open ID connect and OAuth 2.0, they differ despite logging in as a same user.
I don't understand why the access_token returned by the Open ID connect didn't worked.
I am trying to fetch auditDetails of YouTube channels.
As per official API docs (https://developers.google.com/youtube/v3/docs/channels/list) I am supposed to provide an authorization token that contains the https://www.googleapis.com/auth/youtubepartner-channel-audit scope.
Authorization
A request that retrieves the auditDetails part for a channel resource must provide an authorization token that contains the https://www.googleapis.com/auth/youtubepartner-channel-audit scope. In addition, any token that uses that scope must be revoked when the MCN decides to accept or reject the channel or within two weeks of the date that the token was issued.
I am currently trying to fetch a YouTube channel's auditDetails by hitting following URL:
https://www.googleapis.com/youtube/v3/channels?key=xxxxxxxxxx&id=UC9eSXrzVl9ZFLwsNSBgvTog&part=auditDetails
But, it is returning an Insufficient Permission error as follows:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Can someone suggest me an approach to generate youtubepartner-channel-audit scope for various YouTube channels.
The error you have encountered means that:
The OAuth 2.0 token provided for the request specifies scopes that are
insufficient for accessing the requested data.
You can request for authorization of auditDetails part for channel resource:
Must provide an authorization token that contains the
https://www.googleapis.com/auth/youtubepartner-channel-audit scope. In
addition, any token that uses that scope must be revoked when the MCN
decides to accept or reject the channel or within two weeks of the
date that the token was issued.
After that, you can add your scope to the OAuth sign-in request.
In order to introduce scopes, an authorization token containing those scopes needs to be created.
Authorization credentials can be created via the Credentials page in the API Console.
Create credentials
But before creating OAuth client ID authorization credentials, user is required to set a product name on the consent screen.
On the consent screen itself user can add multiple scopes as per application requirement.
Add scope
i'm trying to integrate the Fitbit SDK in my iOS app. I have created project on fitbit now i'm running there API in Postman to check profile, but in response it is showing me invalid access token,
{
"errors": [
{
"errorType": "invalid_token",
"message": "Access token invalid: 39ec7defa6f0e33b314bbf6217279b15. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
}
],
"success": false
}
This is my API https://api.fitbit.com/1/user/-/profile.json and this is what i'm passing in header, Authorization : Bearer Client Secret But it is showing me status code 401 having error of invalid access token . How can i get the access token for my app?
You need to get an OAuth2.0 token from the FitBit authentication service before you can call any other endpoints on the API. You will need to redirect your app to Safari and go to the fitbit authentication service so that the user can log in and authorise your apps access to their FitBit data. The callback will then return an OAuth token that you can pass in subsequent requests.
You will need to call something like this:
https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=%#&scope=%#&redirect_uri=%#"
This is the official fitbit documentation for Authorisation:
https://dev.fitbit.com/build/reference/web-api/oauth2/