I have been trying to connect during several days to the YouTube Analytics API. I see that the solution in other posts is related about selecting 'Others' in the Application Type list. Apparently, this option is not available anymore.
I have created two different OAuth 2.0 clients: Web Application and Desktop. For the first one, it is displaying the following error:
Error 400: redirect_uri_mismatch: The redirect URI in the request, urn:ietf:wg:oauth:2.0:oob, can only be used by a Client ID for native application. It is not allowed for the WEB client type.
Then, it is when I try to create a native application (Desktop App in this case), it is sending a new error message:
Error 400: invalid_request. You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure. You can let the app developer know that this app doesn't comply with one or more Google validation rules.
I have read the Google's OAuth 2.0 policy but I am not able to understand why it doesn't comply. It's not quite specific.
Anyone that has had the same issue? This is the sample code that I have been using:
import googleapiclient.errors
import os
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
scopes = ["https://www.googleapis.com/auth/youtube.readonly"]
def main():
# Disable OAuthlib's HTTPS verification when running locally.
# *DO NOT* leave this option enabled in production.
#os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
api_service_name = "youtubeAnalytics"
api_version = "v2"
client_secrets_file = "cliente_analytics.json"
# Get credentials and create an API client
flow = google_auth_oauthlib.flow.InstalledAppFlow.from_client_secrets_file(
client_secrets_file, scopes)
credentials = flow.run_console()
youtube_analytics = googleapiclient.discovery.build(
api_service_name, api_version, credentials=credentials)
request = youtube_analytics.reports().query(
dimensions="day",
endDate="2021-04-01",
ids="channel==MINE",
maxResults=5,
metrics="likes",
startDate="2021-03-01"
)
response = request.execute()
print(response)
if __name__ == "__main__":
main()
Thanks
The code you are using is designed for an installed application hence the
flow = google_auth_oauthlib.flow.InstalledAppFlow.from_client_secrets_file(
client_secrets_file, scopes)
fixing invalid_request. You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
Can be a bit tricking.
Make sure the app is running https.
Check that its still set to testing in google cloud console
Make sure the name of your project in google developer console doesn't contain the world Google or any google products. For example naming your project BEST YOUTUBE app is not going to pass.
Related
I am trying to access google youtube API using the auth2.0 method but am unable to get an access
token.
Given Below python code
import os
import google_auth_oauthlib.flow
import googleapiclient.discovery
import googleapiclient.errors
scopes = ["https://www.googleapis.com/auth/youtube.force-ssl"]
def main():
# Disable OAuthlib's HTTPS verification when running locally.
# *DO NOT* leave this option enabled in production.
os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
api_service_name = "youtube"
api_version = "v3"
client_secrets_file = "client.json"
channel_id='channeld'
# Get credentials and create an API client
flow = google_auth_oauthlib.flow.InstalledAppFlow.from_client_secrets_file(
client_secrets_file, scopes)
credentials = flow.run_console()
youtube = googleapiclient.discovery.build(
api_service_name, api_version, credentials=credentials)
Not Sure What I am missing here ? can you help out any suggestion are welcomed
Click on the link error details. It will tell you the redirect uri your application is sending from.
Take that redirect uri and add it in google developer console, the redirect uri must exactly match.
Google OAuth2: How the fix redirect_uri_mismatch error. Part 2 server sided web applications.
web app vs installed app
The code you are using is designed for an installed application hence the oogle_auth_oauthlib.flow.InstalledAppFlow.from_client_secrets_file So to use it you need to create installed application credetials You appear to have done that. This code will open up the web browser consent screen on the machine its running on. This code is not designed for running on a web server.
update
Open your credentials.json file there should be two redirect URIs in there delete the urn:ietf:wg:oauth:2.0:oob one
I'm receiving an Authorization error when attempting to generate an authorization code:
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's
OAuth 2.0 policy for keeping apps secure.
If you’re the app developer, make sure that these request details
comply with Google policies. redirect_uri: urn:ietf:wg:oauth:2.0:oob
I've used this Google tutorial to replicate and confirm the issue:
https://developers.google.com/assistant/sdk/guides/service/python/embed/install-sample?hl=en_US
It is generating this URL:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=[HIDDEN]&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype&state=[HIDDEN]&prompt=consent&access_type=offline
Here is a workaround provided by jdtoth on Github: https://github.com/greghesp/assistant-relay/issues/266#issuecomment-1065940698
Thanks jdtoth!
I found a workaround for creating a new user. In my case, I needed to
create a specific type of API credential. Here is what I did:
Create a new OAuth Client credential using the link below, ensuring
the application type is "Web application" and set Authorized Redirect
URIs to "http://localhost"
https://console.cloud.google.com/apis/credentials
Download the key, and create the user in the Assistant Relay appas you
tried before. When it opens a new browser window to authorize the
google account, you might need to bypass a warning. After you do this,
a blank browser window will open but the address bar will contain the
auth code you need. Grab the code from the relevant part of the URL
here and paste it back into the Assistant Relay app:
http://localhost/?code=COPYCODEFROMHERE&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype
Let me know if this works. I am successfully sending commands to the
Assistant Relay server but nothing is playing on my speakers.
I have been successfully using Google API (via HTTP/REST, as well as using the .NET client library) with a Google Service Account to access the files in Google Drive.
Recently, I am exploring the Fusion Tables. I am able to use the API with user authorization via a web application. However, when I try to access it using Google Service Account under the same project, it failed with the below error, whenever I have https://www.googleapis.com/auth/fusiontables in the scope:
https:// www.googleapis.com/oauth2/v3/token
HTTP 401
{"error": "unauthorized_client", "error_description": "Unauthorized client or scope in request." }
The error goes away, when I remove https:// www.googleapis.com/auth/fusiontables and the same code block works fine with https://www.googleapis.com/auth/drive and other scopes.
I have checked and confirmed the "Fusion Tables API" is already enabled for my project at Google Developers Console. (Otherwise, my user authorization via a web application would not be working at the first place.)
Is there anything which I could have missed out? Any help would be greatly appreciated.
I just come across this:
Google drive service account and "Unauthorized client or scope in request"
Even though it does not seems to be related at the first glance, it is indeed the same issue.
Problem resolved after removing User = svcAcct, from the below code block.
ServiceAccountCredential credential;
credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(svcAcct) {
// User = svcAcct, *** removed ***
Scopes = new System.Collections.Generic.List<string>(scopes.Split(' '))
}.FromCertificate(certificate)
);
Hence, here is the general advise:
DO NOT call ServiceAccountCredential.Initializer with User = svcAcct unnecessarily.
Only do this when you are trying to impersonating a difference user
(with the condition that the appropriate setup has been correctly done
in Google Apps Admin Console).
Even though it may not produce any error under certain cases, there
are some unexpected behaviors when including an email address of the
service account itself in the JWT claim set as the value of the "sub"
field.
We are trying to incorporate the Google+ SignIn button for authentication to our IOS client and python tornado REST Server.
On the IOS client, we followed the "Enable server-side API access for your app" in https://developers.google.com/+/mobile/ios/sign-in. We set the clientID to the Google+ IOS Client and the homeServerClientID to our web server Google+ Web client id.
Then on our tornado werver, we used the python google+ client and did:
oauth_flow = flow_from_clientsecrets(GOOGLE_CLIENT_SECRET, scope='email')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
So the IOS client works fine, it authenticates, gets the one time token in homeServerAuthorizationCode. It sends this to the REST API and it produces an exception:
File "/usr/lib/python2.6/site-packages/oauth2client/client.py", line 1964, in step2_exchange
raise FlowExchangeError(error_msg)
FlowExchangeError: redirect_uri_mismatch
We have tried to use difference codes, double and triple checked the client ids in the clientsecrets, IOS and tornado code and they are all correct.
Any ideas?
It is likely that it's not happy with the redirect URI on the server side. 'postmessage' is absolutely right for the web flow, but for iOS try either not specifying redirect_uri at all, or using 'urn:ietf:wg:oauth:2.0:oob' (oob being "out of browser") for the redirect_uri.
I would to create a script launched by a cron job that periodically store data about my channel in a file. Those data are retrieved via YouTube Analytics API (not the ordinary YouTube API).
How can i achieve this result?
Are service access compatible with those API?
If this is just a once-off - for your account - running on a server/desktop that you trust, I think the best mechanism will be to:
Create an OAuth client ID for an "Installed application". Create a Google Cloud Console project, enable the API you need, register your application (under "APIs & Auth").
Go through the installed application flow once manually to grant yourself a refresh token - this will require you opening a browser and clicking through a consent screen.
Persist the refresh token.
On subsequent unattended runs, use the refresh token to get a fresh access token to make calls on your behalf.
If you are using Python - and have installed the Google API Python Client, the following code will do steps 2 - 4 for you (assuming you have already done step 1 and saved a client_secrets.json file):
import httplib2
from oauth2client.file import Storage
from oauth2client.client import flow_from_clientsecrets
from oauth2client.tools import run
from apiclient.discovery import build
storage = Storage("/path/to/saved_user_creds.dat")
credentials = storage.get()
if credentials is None or credentials.invalid:
credentials = run(flow_from_clientsecrets("/path/to/client_secrets.json", scope="https://www.googleapis.com/auth/yt-analytics.readonly"), storage)
http = credentials.authorize(httplib2.Http())
# Do your stuff - remember to pass the authenticated http object to execute methods
service = build("youtubeAnalytics", "v1")
result = service.object().method(name=value).execute(http=http)