I was following this tutorial to make a sheet that publishes rows as messages to Pub/Sub topic.
However, I got this error:
{
error: {
code: 403,
message: 'User not authorized to perform this action.',
status: 'PERMISSION_DENIED'
}
}
What might be the cause?
The problem was caused by multiple accounts.
I created the spreadsheet and applied permissions with my usual account, and that account doesnot have access to the GCP project.
After re-create the spreadsheet with my dev account, which own the GCP project, everything worked!
Authentication problem seems to be the cause
Please go through this link , this might help you to resolve the issue.
Related
I am follow the tutorial that Microsoft has provided for signing a user into a desktop application using Microsoft Identity Platform and calling ASP.NET Core Web API which calls Microsoft Graph. I believe I followed all of the steps, configuring my service and client per instructions. https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph
However upon trying to add a new "to-do", I get the following error: "Bad Request: An error occurred while calling the downstream API Code:InvalidAuthenticationToken
Message: Invalid x5t claim "
The error occurs on this call:
User user = _graphServiceClient.Me.Request().GetAsync().GetAwaiter().GetResult();
Any idea what the issue might be and how I troubleshoot?
Update: I am in the middle of troubleshooting this now with an admin. I am not getting roles back but he is and we now both agree the issue is on the azure application configuration, not the code... frustrating, but we are at least making progress.
Would you please try pasting the token into jwt.ms to decode it and inspect the claims?
I got a similar error due to a lack of access. Changing Delegated and Application Permission for Users solved the issue. You can try that.
I have an application that uses the Microsoft Graph API to read and write emails from a mailbox.
I'm making a request to URL
GET https://graph.microsoft.com/v1.0/users/{user_id}/mailFolders/PublicFoldersRoot/childFolders
This used to work, but since April 2021 it broke and now returns an error
{
"error": {
"code": "ErrorMailboxMoveInProgress",
"message": "Mailbox move in progress. Try again later., Cross Server access is not allowed for mailbox UUID"
}
}
No mailboxes have been initiated to move in my account.
I found the same thread on this issue, but there is no solution yet. Mailbox move in progress.
I didn't find out any workaround. Please help if you know how to fix this.
Apologies for the inconvenience caused to you.
Could you please check if there are any mailboxes being moved?
You can use Poweshell Cmdlet Get-MoveRequest to check if there are any active requests.
If there aren't any, this could be an intermittent issue and should resolve itself without your intervention
However, if this is critical and affecting your production workloads, please reach out to Support as it would be difficult to debug this remotely.
You can also check if there are any service issues affecting your subscription from the Service Health page
Hope this helps. Thanks!
I am trying to run the sample Google Apps Script Service Account OAuth example taken from here:
https://github.com/googlesamples/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs and keep getting a server timed-out error. I copied the exact code and just substituted in the private key, client email, and a user email. The example code looks to be current as there was an update to it on July 30th.
I have authorized https://www.googleapis.com/drive/v2/files through the admin console as well as https://accounts.google.com/o/oauth2/token and have listed these as scopes in the admin settings (and domain-wide delegation is enabled). I am using an admin account to run the script.
I keep getting the ubiquitious "Server Timed Out" error and nothing shows up in the Execution Logs.
What might be the problem? Any help would be appreciated. Thanks in advance.
Thanks, Gerardo, for pointing me in the right direction. It turned out that our organization manages permissions for the Google Developer's Console by Organizations (in the Google Admin console). Somehow a few accounts, including mine, were kicked out of the Organization that had permissions to access the Developer's Console. After adding myself back in, the sample worked without problems.
I am attempting to wire up Azure AD to a test MVC site.
I have followed the steps in the blog posts by Rick Rainey here and by Rick Anderson here (which appear to essentially be the same).
When I run the project, and try to sign on, I receive an error page with the messages "Sorry, but we're having trouble signing you in.", "We received a bad request.", and "AADSTS50000: There was an error issuing a token.". I have searched the web for the last error message and found a couple of things but nothing that provided any detail.
Any suggestions as to what might be missing? Everything (such as the application, and database) appear to have been created and configured in Azure as expected / described.
I was able to get it working (with the help of Rick Anderson). The issue was that I was not (completely) following directions and was trying to use the wrong account. When I created a new directory, it pulled in the Azure AD account that I was logged in with. This wasn't a Microsoft account (as mentioned in the article) but it still didn't work. When I created a user in the directory, this user was able to logon.
This is a follow on from my thread about a 401 error when using the Google Calendar API and OAuth2, which can be found here
This contains details of the account setup that leads onto my next question, so I wont repeat myself in this thread.
OK, so when when I call the following code to update a Calendar event I get a 403 forbidden error.
for (Event event : events.getItems())
{
event.setSummary("XXX" + event.getSummary());
Event updatedEvent = calendar.events().update(CALENDAR_ID, event.getId(), event).execute();
}
Here is the returned error message:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"message" : "Forbidden"
} ],
"message" : "Forbidden"
}
What have I tried? Well, I have re-read the (rather poor) Google documentation about Service Accounts, re-checked my API Console account settings, tried changing the code that builds the credential (this leads to other errors so is a regression on my previous thread).
In short, nothing works, so is there anything obvious I am missing?
Solved, thanks to this post.
You have to share the calendar from your Google Calendar account with the Service Account email that is generated in the Google API Console, e.g. 284XXXXXXXX#developer.gserviceaccount.com.
I can now update my calendar from my web service.
I was also getting the same error even after sharing the calendar as in the Justin's answer. After comparing with another working sample figured out that I have set
var SCOPES = ["https://www.googleapis.com/auth/calendar.readonly"];
instead of
var SCOPES = ["https://www.googleapis.com/auth/calendar"];
Hope this helps anyone who has done a similar mistake and getting this error.
In my case I had to enable the CalDAV API in the Google API console. It gives a 403 response if disabled.
I know this is an old question, but this might be helpful for someone.
For me, after trying all of the suggested solutions above, nothing worked. I got it to work after looking what scopes they were using in the documentation.
I was fetching for events, and it seemed that the https://www.googleapis.com/auth/calendar scope wasn't enough.
I had to add https://www.googleapis.com/auth/calendar.events as well to my scopes.
Hopefully it can help someone out there!