'gcloud alpha iap oauth-brands create' getting INVALID PARAMETER - oauth-2.0

For some reason I deleted so called brand entity at my gcloud console. Now I want to create new one using the command in the console:
gcloud alpha iap oauth-brands create --application_title='EmojiRave' --support_email='rebelusgames#gmail.com'
But the console returns me back : INVALID_ARGUMENT: Request contains an invalid argument.
I've used different formats (using brackets and without them)
I've checked whether I have enough permissions to do it (I use owner account, so it's enough permissions)
I'm desperate.

There are two potential reasons for the failure:
1. Incorrect email address. According to the docs: "This [support] email address can either be a user's address or a Google Groups alias. [...] Note: The user issuing the request must be an owner of the specified support email address."
2. Project is not in an organisation. According to this source (see under limitations): If you're [..] outside a Cloud Orginization most likely you'll get an error on step "Creating oauth brand".

Overall, my suggestion is to update the OAuth Consent Screen via GCP Console.
Go to the Google Cloud Platform Console.
From the projects list, select a project or create a new one.
If the APIs & services page isn't already open, click on the Navigation Menu on the upper left and select APIs & services.
On the left, click OAuth Consent Screen.
Click Edit App.
First, it's not possible to delete the OAuth Consent Screen (Brand) once created. This can be seen from #DaImTo's answer, and the lack of delete option in both gcloud command and in the console.
I also tested your command on my Cloud Shell and it works fine as well. I've checked the documentation with regards gcloud alpha iap oauth-brands and it is currently in ALPHA state. It may change without prior notice and it may not be stable or work to all users. If you still want to use the CLI and request to be allow-listed regarding this command, my suggestion is to contact sales, as instructed on the issue tracker you've made.

Related

Microsoft Graph API Problems iOS : Unable to Complete Request Validation Error

I have registered my application here.
I have given all permissions to my App in that panel as well.
I specifically need Groups.ReadWrite.All which requires an admin ? requirement I am not sure what this even means.
https://apps.dev.microsoft.com/#/application/
Okay App is registered and redirect url has been copied.
Now I take that redirect url copy it and paste it into the admin panel for apps. At this link at App Registrations
https://portal.azure.com/
I am not sure why I have to register in two different panels, one which gives me a redirect url for my native app and the other that leaves it blank.
Great So then I setup my iOS app to make a graph request. This scope
https://graph.microsoft.com/Calendars.ReadWrite
I need to readwrite groups so I add this permission
https://graph.microsoft.com/Group.ReadWrite.All
It fails to authenticate.
I have checked that I have added the permissions to my app, and I have at this app registration panel https://apps.dev.microsoft.com/#/application/
Then I try to add the same permissions in the
https://portal.azure.com/
it gives me
Unable to Complete Request Validation Error, then doesn't do anything.
I tried to add a non admin permission same error.
So what is going on here ... ?
So even though they told me use the Graph API from now on moving forward in the docs I tried to go back to their office 365 SDK for iOS, it also has problems as I cannot get the pods to work as per instructions.
I am 100% sure after this issue is resolved I will need permissions
Note: I work at as a consultant for a bank so if someone can tell me what the azure administrator at the bank has to do to get my permissions escalated to admin status that would be great....
Thanks
Those are 2 different registrations,
Per this documentation (https://graph.microsoft.io/en-us/docs/authorization/auth_overview), for personal accounts like live.com or outlook.com, use the Azure AD v2.0, and for the enterprise, use the Azure AD.
So, for your case, I believe you need the latter, the azure AD.
For this to happen, as you said, go https://portal.azure.com/ and add the app registration.
In order to do so, you would need to
select "Azure Active Directory" and go "App registrations".
Once you create an app, you would need to select "native" for the iOS, and then under app access, under "required permissions" add "Microsoft Graph" followed by selected permissions you would like.
To answer the note, you would need permissions to create an app at the portal, otherwise, you would need to ask for that permission or have the admin create an app for you.
Some samples are available at https://github.com/microsoftgraph/ios-objectivec-connect-sample and https://github.com/microsoftgraph/ios-swift-connect-sample for iOS samples.
Hope this helps!

Setting up Google Calendar API

I'm trying to use the Google Calendar API in one of my projects. To do so, I need to set up OAuth access in the Google API console.
But when creating the consent-form (which is required to use OAuth), I get a meaningless error message:
The translation is as follows:
A problem occured. Please check your data and try again . If you have
not given any details, the problem may solve itself . In this case, we
recommend that you wait and try again later.
I have set the E-Mail address and project name. The optional fields were left blank.
So far I have not been able to solve the problem. I tried to wait for hours/days. I tried three different browsers. I also tried to contact Google support. All without success.
After days of trying, this is the solution:
Create another Google account
Using your old account, add the new account as an owner to your Google API project in the console
Log in with your new user account and accept the invitation
Create the OAuth consent form with the new user account
I have no idea WHY this worked, but it did.

Trouble Implementing OAuth in Google Apps Script (Using Domain-Wide Delegation)

I am trying to run the sample Google Apps Script Service Account OAuth example taken from here:
https://github.com/googlesamples/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs and keep getting a server timed-out error. I copied the exact code and just substituted in the private key, client email, and a user email. The example code looks to be current as there was an update to it on July 30th.
I have authorized https://www.googleapis.com/drive/v2/files through the admin console as well as https://accounts.google.com/o/oauth2/token and have listed these as scopes in the admin settings (and domain-wide delegation is enabled). I am using an admin account to run the script.
I keep getting the ubiquitious "Server Timed Out" error and nothing shows up in the Execution Logs.
What might be the problem? Any help would be appreciated. Thanks in advance.
Thanks, Gerardo, for pointing me in the right direction. It turned out that our organization manages permissions for the Google Developer's Console by Organizations (in the Google Admin console). Somehow a few accounts, including mine, were kicked out of the Organization that had permissions to access the Developer's Console. After adding myself back in, the sample worked without problems.

SalesForce API: OAuth authorization error 1800

I am brand new to SalesForce development, and want to explore the API and its capabilities. I have created a new Developer Edition account. I have not yet tried to access the API programmatically, but I am trying (unsuccessfully) to access it via both the Workbench ( https://workbench.developerforce.com/login.php ) and the Apigee Console ( https://apigee.com/console/salesforce ).
For some reason, in both cases I'm redirected to a URL with OAuth error code 1800 (e.g. https://na15.salesforce.com/setup/secur/RemoteAccessErrorPage.apexp?oauth_error_code=1800&display=popup in the Workbench case). At this URL, I am getting a screen with the text "Remote Access Authorization Error" - "There was a problem in setting up your remote access". What am I doing wrong?
Some additional details:
I can log into SalesForce just fine, the problem only occurs with API/OAuth access
I have not touched anything in my brand-new Developer Edition account, except for (1) populating it with some sample data (Leads, Accounts, Contacts), and (2) resetting the security token (through "My Personal Information" -> "Reset My Security Token")
On the WorkBenh login screen, it does not matter which API version I choose (tried 24, 25 and 26), and I am using "Production" for the Environment since my login doesn't seem to work at all for Pre-Release or Sandbox
(not a real answer, I expect to update it frequently as the situation develops)
Weird.
Yes, Developer Edition is a "Production" as far as connecting apps are concerned. You might have to file a Case with Salesforce Support (Help&Training link in the upper right corner).
Workbench does use API (and probably so does this Apigee thingie) but if you're using your username & pass I don't see how it might go to OAuth...
Can you download any other SF-related tooling (Data Loader, Force.com IDE, Real Force Explorer, Excel Connector, some iPad/Android app... hell, Chatter for Desktop even) and try the connectivity?
Sometimes API products don't display special field for the security token (which you can bypass by entering longer string in the password field: "passwordSecurityToken") but Workbench never asked for a token when I was accessing my Dev. Edition.
There was an issue with OAuth on NA15, but should be resolved now. I tested with Workbench with a brand new NA15 org and its working as expected.
I've run into this when I try and "short circuit" the auth url by decoding the startUrl param and going straight to it in a tab that's already logged in. For example
login to some org on na14.salesforce.com
click sfdx authorize an org in vs code with default url
get sent to a url like https://login.salesforce.com/?startURL=%2Fsetup%2Fsecur%2FRemoteAccessAuthorizationPage.apexp%3Fsource%3D<long_base64_encoded_string>
use a url decoder (i.e. https://meyerweb.com/eric/tools/dencoder/) to translate that to https://login.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
change the url to match the domain i'm logged in as, i.e. https://na14.salesforce.com/?startURL=/setup/secur/RemoteAccessAuthorizationPage.apexp?source=<long_base64_encoded_string>
go through the standard oauth grant
success
For the most part that works fine, but in some cases I get that wonderful oauth error 1800. In those cases I've been able to work around the issue by specifying the specific domain my instance is on when starting the oauth authorization. Using the above example for step 2 I would chose https://na14.salesforce.com for the the url (other oauth flows typically provide a similar custom url input, but ymmv). Voila, step 7 is successful.
Can't say for sure if that's exactly what will happen for others.

BlackBerry application code signing problem

I want to sign a BlackBerry application with the 3 CSI files I have. When I install new keys, I give the associated user id and password, but I am getting this error:
Unable to register a client bearing no
175534 because there are no more
registration attempts. If you have
already registered with this server
then you must contact RIM to register
additional users.
Can anybody tell what is next step that I need to do?
The error message seems pretty clear on the next step:
.. you must contact RIM to register additional users.
The official response from blackberry support:
Hello,
Thank you for contacting BlackBerry Application Development Support.
This error means the keys have already been registered so cannot be registered again. To have this issue resolved a new set of signature keys will need to be issued and installed. Please note that signature keys are now completely free and issued several times a day, so the fastest way to get a new set would be to place a new order:
https://www.BlackBerry.com/SignedKeys
Prior to installing this new set of keys please first delete all present CSI files as well as the sigtool.* (DB, CSK, SET) files that will reside in the sub-directories of all development tools. Make sure to write down the PIN used to place the order as well, it will be needed when installing the keys.
After registering your keys and verifying that they are able to sign I would recommend backing them up some place safe in case anything should happen to your development environment:
http://supportforums.blackberry.com/t5/Testing-and-Deployment/Backup-and-Restore-BlackBerry-Code-Signing-Keys/ta-p/837925
Go to the first URL and request a new set of keys. You should get an order confirmation email right away. In about 1-2 hours you will get 3 more emails. Each one will have a CSI key attached. (The keys are free to generate)
To avoid this issue in the future, you can back up the keys, according to the instructions in the second link (above).
Good luck!

Resources