I'm receiving an Authorization error when attempting to generate an authorization code:
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's
OAuth 2.0 policy for keeping apps secure.
If you’re the app developer, make sure that these request details
comply with Google policies. redirect_uri: urn:ietf:wg:oauth:2.0:oob
I've used this Google tutorial to replicate and confirm the issue:
https://developers.google.com/assistant/sdk/guides/service/python/embed/install-sample?hl=en_US
It is generating this URL:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=[HIDDEN]&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype&state=[HIDDEN]&prompt=consent&access_type=offline
Here is a workaround provided by jdtoth on Github: https://github.com/greghesp/assistant-relay/issues/266#issuecomment-1065940698
Thanks jdtoth!
I found a workaround for creating a new user. In my case, I needed to
create a specific type of API credential. Here is what I did:
Create a new OAuth Client credential using the link below, ensuring
the application type is "Web application" and set Authorized Redirect
URIs to "http://localhost"
https://console.cloud.google.com/apis/credentials
Download the key, and create the user in the Assistant Relay appas you
tried before. When it opens a new browser window to authorize the
google account, you might need to bypass a warning. After you do this,
a blank browser window will open but the address bar will contain the
auth code you need. Grab the code from the relevant part of the URL
here and paste it back into the Assistant Relay app:
http://localhost/?code=COPYCODEFROMHERE&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype
Let me know if this works. I am successfully sending commands to the
Assistant Relay server but nothing is playing on my speakers.
Related
I am setting up the DocuSign rest connector in power apps. I have other API's that working well this same way.
I want to get this setup to sweep completed files on a scheduled.
I started by going through this tutorial and tried the same setup. But when I try to test the connector I don't get prompted for credentials. We use SSO - so the window comes up and goes away without an error message.
https://www.docusign.com.au/blog/get-the-flow-sending-docusign-envelopes-microsoft-power-automate
I then tried to create a connection in in power automate Data/Connections and get an error message after entering my dev credentials. The clientid (integration key) and the secret match.
OAuth2 authorization flow failed for service 'Generic Oauth 2'. OAuth 2 sign in failed to exchange code for access token. Client ID and secret sent in form body.. Response status code=NotFound. Response body: { "statusCode": 404, "message": "Resource not found" } Client ID and secret sent in Basic authorization header.. Response status code=NotFound. Response body: { "statusCode": 404, "message": "Resource not found" }
The setup looks correct. It seems like a reference problem = like the production account and the developer account are not in sync or something. I have the same email address for both production and developer accounts and we use SSO - maybe its trying to reference production and not the developer account when its logging in? Just guessing.
I have a ticket with them, but they have note been able to help so far and they are on AEST time and I won't be able to get a response back from them for another couple of days :(
(I tried using the DocuSign Git repo API to create the connection as well - same problem)
Anyone have problems like this or know a solution? Anything else I can look at. This seems all straight forward -standard OAuth setup.
Using this setup like in the article for the demo (dev) account.
DEMO:
IKey: Integration Key [captured earlier]
Secret Key: Secret Key [captured earlier]
Authorization URL (DEMO): https://account-d.docusign.com/oauth/auth
Token URL (DEMO): https://account-d.docusign.com/oauth/token
Refresh URL (DEMO): https://account-d.docusign.com/oauth/token
Scope: signature extended
This will connect to a single DocuSign user (like a "service account"). It will not prompt each user for their credentials. You will need 1 generic user setup within your DocuSign account, without SSO (you can setup an exception user in DocuSign admin. This is best practice when setting up SSO as a fallback in case SSO fails to login as well).
The envelope will be sent from that generic user, not the actual user. This is common practice with some "system level" integrations.
Also, are you connecting a DocuSign "demo" or production account?
I ask because there's two connectors for power automate - "DocuSign" (for production) and "Docusign Demo" (for demo). I would recommend doing it all in demo first, as the "client id" (aka "integration key") needs to go through a go-live process to be promoted from demo to prod (see the link in the guide).
I actually looking for an answer for my problem of account linking on Google Assistant.
Sorry, the screens are in french but I can translate all if it's necessary to understand.
I followed the google account linking documentation until "implement your Oauth server"
https://developers.google.com/assistant/identity/oauth2?oauth=implicit
First:
On google Action, this is my configuration of account linking:
Next I'm trying to auth me on my application :
I have to sign in on Google Home APP.
I said, "talk to my test app:"
And google redirect me on my API with the authorization page.
I provide my password and my email.
The auth works on my API, but unfortunately an error is display on google assistant after the redirection ...
The error message in English is : "Sorry, an error occured. I didn't succeed to sign-up. You can try again later."
I don't understand why I got this Error ...
The URL GET authorize is :
http://f8f73376.ngrok.io/api/auth/authorize?redirect_uri=https%3A%2F%2Foauth-redirect.googleusercontent.com%2Fr%2Farlex-ccevqe&client_id=*clientid*&response_type=code&state=AB8b_TOd3At3ADLyuTi9k02War1fEmzT8vBeXxgHidVA5zTHVmVmE536Sjw60EAK_rUfb4Ie84Ly2l6E5AfW-F_Eo3hipueQzGbnEfpGlUHdhIeTQyfJYCk2I5-yT_n6vceOYeVlYfXF-frpVoiSCH9K2ns-7rbbgq3wEX2Px0DX3QH5ijgSsT7lvr0vOHECCCzTav9ldYf4G-EcruSModayIhIYBMKjKUQJqddBjJZ5JyCEE0cOJNvOeI13T35WoJ8_0HYoX2BXRYKGUJLiEOHX_cNlLWmcL1Y5wzDze6wa-qTM7Hvg7cutqO_u9pnhNWeMDkMgQljpSfUzyP7Ry1iWziE64nMtDmhxA48Qbufm-bRjpTRTCOBQN-_gLmx1aT2bBGTouSyg6cNY8E33HCzsp7H8qRfKYTdZ_Ga0IJcOam9MjNp2XFfgrw0uV7TTLig2LmYyJG_d-6urRGBY-xcwRxWkp7vCUtWvY6CXEZsF42rTjXYk-kr8xraS-2tNvgavhLASGvVVVgIg0AVSNZLdw9qvQMM-4NRFwsrAkZWz08kO493_lvA&user_locale=fr-FR
And the URL I sent for the redirection is:
https://oauth-redirect.googleusercontent.com/r/arlex-ccevqe#access_token=65cc814038a84114b8922b47eebc45cb&token_type=bearer&state=AB8b_TOd3At3ADLyuTi9k02War1fEmzT8vBeXxgHidVA5zTHVmVmE536Sjw60EAK_rUfb4Ie84Ly2l6E5AfW-F_Eo3hipueQzGbnEfpGlUHdhIeTQyfJYCk2I5-yT_n6vceOYeVlYfXF-frpVoiSCH9K2ns-7rbbgq3wEX2Px0DX3QH5ijgSsT7lvr0vOHECCCzTav9ldYf4G-EcruSModayIhIYBMKjKUQJqddBjJZ5JyCEE0cOJNvOeI13T35WoJ8_0HYoX2BXRYKGUJLiEOHX_cNlLWmcL1Y5wzDze6wa-qTM7Hvg7cutqO_u9pnhNWeMDkMgQljpSfUzyP7Ry1iWziE64nMtDmhxA48Qbufm-bRjpTRTCOBQN-_gLmx1aT2bBGTouSyg6cNY8E33HCzsp7H8qRfKYTdZ_Ga0IJcOam9MjNp2XFfgrw0uV7TTLig2LmYyJG_d-6urRGBY-xcwRxWkp7vCUtWvY6CXEZsF42rTjXYk-kr8xraS-2tNvgavhLASGvVVVgIg0AVSNZLdw9qvQMM-4NRFwsrAkZWz08kO493_lvA
There are two possible OAuth2 flows that you can use: Implicit (or "token") and Authorization Code (or "code"). While they are similar, there are some significant differences between the two in values of some of the parameters, how those parameters are sent back, and what else you need to support for each flow.
Although the URL you provided indicated you were following the "Implicit" flow, your screen shot shows you set Actions on Google to expect the Authorization Code flow. Additionally, Google is sending you a URL with response_type=code, and you are responding using a redirect that includes a hash and an access_token parameter, which are expected with the Implicit flow.
It looks like you have most things already setup to use the Implicit Flow, so the easiest solution would be to change this configuration in the Actions on Google Console. If you need the features that the Authorization Code Flow provide (most notably, limited lifetime for tokens), then you should adjust your server accordingly.
I have trouble creating a Google API OAuth2.0 token though following all the steps here: [OAuth2 Authentication](
https://developers.google.com/adwords/api/docs/guides/authentication?authuser=1)
When trying to create the token through the OAuth2.0 playground:
OAUTH 2.0 playground
I end up with this error:
Discussion on similar threads tried to give some guidance but without any luck in my case.
Add google.com in the authorized domain list of your app's OAuth consent screen.
Click on the application for which you want to configure for the next step:
Make sure to also add 'https://developers.google.com' in the Authorized JavaScript origins and 'https://developers.google.com/oauthplayground' in the Authorized redirect URIs[click 'save' below once added]:
You are applying your own client id and client secret to Oauth2 playground you are also using browser credentials.
For browser credentials to work it must be able to return the token to an endpoint that can handle it and that endpoint (Redirect uri) must be registered in the Google Developer console for that project.
if you check your first picture under the check box you clicked
You will need to list the URL https://developers.google.com/oauthplayground as a valid redirect URI in your Google APIs Console's project. Then enter the client ID and secret assigned to a web application on your project below:
Try adding that URL as it says.
I'm currently implementing an OAuth2 authentication using Microsoft Bot Framework and Cortana as one of my channels. However, as I was setting up my OAuth2 configuration with the following details in where I properly set the Redirect URL both from Knowledge Store and apps.dev.microsoft.com
Knowledge Store:
apps.dev.microsoft.com:
Whenever I authenticate to Cortana based from the OAuth2 that I've configured, the redirect URI seems to be always set as https://www.bing.com/agents/oauth. Here's a screenshot of the http request from Cortana Authentication that I got from fiddler:
Which causes this error message:
Any idea how to fix this?
Don't forget that the bot channel (in this case Cortana) needs to be where the redirect points to. Cortana's redirect is https://www.bing.com/agents/oauth.
Documentation here. You can test OAuth via botframework and the emulator. In that case, the redirect is https://token.botframework.com/.auth/web/redirect. Documentation here. If you look at the diagram in the spec on page 10, you'll see that Cortana is the client. The auth call needs to come back to her. You also need to let the auth server know that the redirect URL is allowed. For Microsoft login, you go to the app dev portal, select your app, go add a "web platform" and register the redirect urls. That should solve the problem on both ends.
I would like help obtaining/locating the correct access_token value for an API call.
I'm configuring an application that wants to search Facebook using the graph-api search request at https://graph.facebook.com/fql, for which I need an access_token. The application is a backend server so there's no UI and no users.
I registered a new 'app' using the developer pages 'Create a New App' link, so I now have an app at: https://developers.facebook.com/apps/<> and from that I get an 'app secret' token. Digging into the Advanced settings page for the app there is also a Client token.
However using either token results in the following JSON error:
{"error":{"message":"Invalid OAuth access token.","type":"OAuthException","code":190}}
Can anyone point me to where I've gone wrong?
==
The following 'curl' request demonstrates the command working correctly, but it's only usable token-less like this occasionally, so the app needs &access_token=...stuff... adding to the parameters.
$ curl 'https://graph.facebook.com/fql?q=select%20url,%20share_count,%20like_count,%20comment_count,%20click_count,%20total_count%20from%20link_stat%20where%20url%20=%20"http%253A%252F%252Felifesciences.org%252Fcontent%252F2%252Fe01233"'
{"data":[{"url":"http\u00253A\u00252F\u00252Felifesciences.org\u00252Fcontent\u00252F2\u00252Fe01233","share_count":0,"like_count":0,"comment_count":0,"click_count":0,"total_count":0}]}
The 'app secret' and 'Client token' will not work.
What you need is an Access Token, refer to this.