The request https://www.googleapis.com/youtube/v3/members fails with code 403 "Access forbidden. The request may not be properly authorized." even in the Google OAuth 2.0 Playground while all other requests succeed. Does that mean I am missing the approval from YouTube? I have completed the forms to request the approval several weeks ago, but I have yet to get any response from YouTube.
API request with parameters used
https://youtube.googleapis.com/youtube/v3/members?part=snippet
Result
{
"code" : 403,
"errors" : [ {
"domain" : "youtube.common",
"message" : "Access forbidden. The request may not be properly authorized.",
"reason" : "forbidden"
} ],
"message" : "Access forbidden. The request may not be properly authorized."
}
Expected result
Response body with Members List
Is it 100% reproducible?
Yes
Reproducible API explorer link
https://developers.google.com/oauthplayground/
approval
If you check the top of the page for
members.list you will see that this method has been replaced by sponsors.list
So calling Members.list isnt going to work. You ened to call sponsors.list and you need permission from google inorder to call that
authorization
Assuming you have summited the form and requested access to the new sponsors.list method and have been granted access you should know that calling memebers.list wont work. As its been deprecated you need to call sposors.list and it needs to be authorized. I would guess with the same scope as before.
The message is telling you that you have summited the request without being properly authorized to access the data.
Access forbidden. The request may not be properly authorized.
You need an access token sent as an authorization header before you will be able to make that call please check authorization
As this new method isn't documented I would have to guess it would be something like this.
GET https://youtube.googleapis.com/youtube/v3/sponsors?part=snippet?key=[YOUR_API_KEY] HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
If you have been granted access to this method then you might have an email contact at google that you can ask what the actual call is if its not working.
Related
When I use this endpoint in postman https://discordapp.com/api/guilds/1068721953185206354/members/460428342781542402
I keep getting
{ "message": "Invalid OAuth2 access token", "code": 50025 }
the status code is 403
Here are my headers and body:
Response
Headers
`Body
Please help I have looked everywhere and nothing worked.
I have tried to reset the token a couple try (Revoke it then regenerate it)
I have tried to use it on https://discord.com/api/oauth2/#me and it worked so it's not the access token.
I have tried to use https://discordapp.com/api/guilds/1068721953185206354/members/460428342781542402 as PATCH and it did tell me the info of the user.
I have searched everywhere on the internet.
I have checked that the bot is on the same application as the token
Within my application I generate an access token via
GET https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize?client_id=<CLIENT_ID>&response_type=code&response_mode=query&scope=user.read+mail.send+mail.readwrite&redirect_uri=https%3A%2F%2Fgraphresponse%2F&prompt=consent
to use the code on
POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token
with application/x-www-form-urlencoded: grant_type=authorization_code&redirect_uri=https%3A%2F%2Fgraphresponse%2F&client_id=<CLIENT_ID>&scope=user.read+mail.send+mail.readwrite&client_secret=<CLIENT_SECRET>&code=<CODE>
So far so good, i receive a bearer token like this (formatted for readability):
{"token_type":"Bearer",
"scope":
"Mail.Read Mail.Read.All Mail.Read.Shared
Mail.ReadBasic Mail.ReadWrite Mail.ReadWrite.Shared
Mail.Send openid User.Read profile email",
"expires_in":3600,
"ext_expires_in":3600,
"access_token":"<TOKEN>"
}
and I can use the following endpoints
GET http://graph.microsoft.com/v1.0/me
POST http://graph.microsoft.com/v1.0/me/sendMail
POST http://graph.microsoft.com/v1.0/me/messages
but I get the following error
GET http://graph.microsoft.com/v1.0/me/messages
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "xxxxxxx",
"date": "2019-03-12T13:38:47"
}
}
}
Did I miss any configuration that is neccessary explicitly to read the current users inbox, or is there any admin configuration required?
As you are trying with authorization code flow so you need follow the below
step to access
https://graph.microsoft.com data.
Note:
Make sure you have office 365 user account registered
All Required permission grant
As the document explain first you need token request code
response_type = code
To do that there are two ways.
From postman request and From browser with your required credentials
Here I would show postman workaround you could also try it pasting on browser.
Postman Code Access Example
Here make sure in portal you have configure this URL as expected see the below screen shot:
To get v2.0 token request access code set request endpoint to:
https://login.microsoftonline.com/common/oauth2/v2.0/token
Content type to : application/x-www-url-form-urlencoded
See the screen shot below:
Now Click on Authorization tab and select type OAuth 2.0 and click on Get New Access
Token. See the screen shot below:
You Will prompt postman popup like below:
Enter Your necessary information here and click Request Token
In postman console body segment you will get access code for token request. See the screen shot below:
Copy the code for next use.
Now add a new tab on post man for token request like below:
In response you will get you access token like below:
Now with this token request to your expected endpoint for example http://graph.microsoft.com/v1.0/me
See the screen shot below:
In response you will get your endpoint data as expected
See the screen shot below :
If you have any more question just let me know Thank You.
I am trying to work with the Box API and need an access token. I followed the tutorial video here: https://www.youtube.com/watch?v=ha26tN8amI0 to get an authorization code and then exchange it for an access and refresh token. Here is the post request I made into Post Man:
https://api.box.com/oauth2/token?grant_type=authorization_code&client_id=<my_client_id>&client_secret=<my_client_secret>&code=<code_given_on_redirect>&redirect_uri=http://0.0.0.0
The response I get is:
{
"error": "invalid_client",
"error_description": "The client credentials are invalid"
}
Unless I am completely losing my mind, I am positive I am entering the correct client_id and client_secret from my application page. (I tried several times.)
I sent this post request in less than 30 seconds after it was generated.
Any idea what I might be missing? Thanks.
I am having the same problem that is described in LinkedIn OAuth2: "Unable to verify access token"; however, the solution described there does not fix my problem.
I am able to successfully request an access token; however, when I make a request with it (using either the Authorization header or the oauth2_access_token query param), I get a 401 failure:
$ curl "https://api.linkedin.com/v1/people/~?format=json&oath2_access_token=############"
{
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "Z9ZJ1MOUM0",
"status": 401,
"timestamp": 1440096560396
}
$curl --header "Authorization: Bearer #############" 'https://api.linkedin.com/v1/people/~?format=json'
{
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "Y1P2PEBEC3",
"status": 401,
"timestamp": 1440096564518
The strange thing about this is:
This problem doesn't surface if the user is logged into Linkedin.
If you wait five minutes, the request will just start working.
My guess this is a bug in Linkedin about latency of authorizing access codes based the users' logged in state, but I don't know.
Also I find it strange that the Linkedin authorization form reads, "Sign in to LinkedIn and allow access:"; however, when you put in your credentials and click "Allow access", you are not actually logged into Linkedin.
My code was working fine on last week. Anyone else seeing this?
Looks like you have oath2_access_token there instead of oauth_access_token ? Not sure if this is a hand-paste failure or the actual issue.
curl "https://api.linkedin.com/v1/people/~?format=json&oath2_access_token=############"
Try this it work for me
get('https://api.linkedin.com/v1/people/~?oauth2_access_token=*******&format=json');
Hope that help some one
This seems to be caused by triggering a security watchdog, i.e. after an invalid request or after requesting several access tokens without using them linkedin seems to stop validating tokens and responds 401 instead.
in fact you need to add the two following header :
Authorization : Bearear #ACCESS TOKEN#
x-li-src : msdk
regards
I am getting the following error when I use the linkedin V1 API:
response body: {
"errorCode": 0,
"message": "[unauthorized]. The token used in the OAuth request has been revoked. 75--5cfb9cdb-3c9c-47c2-b3f8-XXXXXXXX",
"requestId": "I2GQ0ZMWIE",
"status": 401,
"timestamp": 1408976297742
}
I am using this guide here, I am doing exactly what this person is doing but I get a different result:
https://github.com/PrincessPolymath/LinkedIn-OAuth-Sample-Client
I have no idea why I get The token used in the OAuth request has been revoked. for an error. The HTTP request is identical. Could it be something with my bundle ID?
I cannot find anything from linkedin on the matter. Why don't linkedin have normal error-code lookups like other API's.
Here are some photos of the two request objects, one from the example and one from mine.
I'm taking a guess here based on my understanding of the problem you're describing, have not tested this. I'm also assuming you got your credentials right...
You should checkout this answer by Kamyar Mohager (#39), he explains how to bypass this error:
When obtaining access token, error occurs if:
POST https://www.linkedin.com/uas/oauth2/accessToken
Body:
{
grant_type=authorization_code,
code={auth-code},
redirect_uri={uri},
client_id={id},
client_secret={secret}
}
The error WON'T occur if you obtain the access token by passing the params as query params:
POST https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code={auth-code}&redirect_uri={uri}&client_id={id}&client_secret={secret}
Error clearly states that the user is authorized to make a call using the token which you are using.
"message": "[unauthorized]. The token used in the OAuth request has been revoked. 75--5cfb9cdb-3c9c-47c2-b3f8-XXXXXXXX",
In the two photos which you pasted above I can see that your request object has different values "tokenKey and tokenSecret" parameters than the example request object, which is correct as your request should have the token information which received from LinkedIn.
But the thing which I don't understand is why both the request objects have same values for "consumeKey & consumerSecret" parameters. I think you need to use your "consumerKey & consumerSecret" with your "tokenkey & tokensecret" to make this OAuth call. "consumer" and "token" detail combination should match then only you will be allowed to make the successful oauth call.
I guess you saw this error because you used your token with some other consumer key.
One more thing I can see that you are passing the "verifier" in your request object hence I want to know are you making a call to get the "access token" which is a 3rd leg of oauth. If yes then there could be scenario that "requestToken" is getting expired before you are making this "access_token" call as "requestToken" is actually a "temporary token" and expires quickly.
HTH...
The issue was code re-use.
As stated in the comments for the API, the API will give you a token and secret upon the first request. This only happens during authentication and then the token and secret can basically be thrown away, and the one issues at developer.linkedin can be used.
I fixed this by constructing my own request object rather than relying on the old HTTPRequestBody in the oAuth process.