I'm having problem with the youtube partner api.
I have written an application that correctly establishes an oauth connection between myself and previously authorised Content Manager page and can view my associated channels, create and manage assets etc.
I have a colleague from a different organisation with a separate content manager account that manages around 20 separate channels. They can use the app to successfully complete the oauth flow. However when we try and iterate their channel listings they receive the following error:
Google_Service_Exception: { "error": { "errors": [ { "domain": "youtube.common", "reason": "cmsUserAccountNotFound", "message": "The CMS user is not allowed to act on behalf of the specified content owner." } ], "code": 403, "message": "The CMS user is not allowed to act on behalf of the specified content owner." }
If they add my account as an administrator of the Content Manager account, I can however see their pages. They have permission to manage all pages under the account (and are the administrator)
My question is:
Is this because they don't have permission to use the API (although they have authorised the App that has requested permissions)?
If we create a service account and add it to their Content Manager account and change the oauth flow to this, will this resolve the issue?
...Or is there something else I'm missing?
Many thanks in advance for advice.
Related
Required: MS Graph App that has access to companyB.sharepoint.com drive/file items for a member of CompanyA
I am from Company/Organisation A. I have been granted access to a sharepoint site of Company/Orgtanisation B.
https://companyB.sharepoint.com/sites/company_name/XXXX%20Files/Forms/AllItems.aspx
Via a browser this works as expected (i.e. access to the sharepoint site)
I have created a Multi-Tenant App (Azure dev portal) and have been able to receive a user delegated access token. refresh token works fine.
The App (Overview) => Supported Account types: Multiple organisations.
Using the Graph Explorer (Authenticated for company A user) https://developer.microsoft.com/en-us/graph/graph-explorer
https://graph.microsoft.com/v1.0/sites/companyB.sharepoint.com:/sites
returns
{
"error": {
"code": "invalidRequest",
"message": "Invalid hostname for this tenancy",
"innerError": {
"date": "2022-04-12T04:36:00",
"request-id": "qqq21a6d3-xxx-xxx-xxx-xxx390a4yyy",
"client-request-id": "qqq382fa-xxx-xxx-xxx-xxx708yyy"
}
}
}
What I'm trying to achieve is to get access to and obtain a list of files contained in the Sharepoint site under CompanyB. Then being able to walk through the files, add/edit/delete files to these directories (or whatever terminology MS uses for Sites and Files/Folders within a site)
I cannot seem to find the 'SiteID' or 'DriveId' that the URL references point to...
Would it be feasible to create an APP under Company B (ie create a dev account for them) and create a simpler, non verified, organisation only app under company B and then login as a user from Company A?
Any pointers of examples of anyone that has done this is appreciated.
We have created a WP that we have published to Teams that would give owners the possibility to modify the external sharing setting ("AllowToAddGuests") from a tab in their Teams.
We are experiencing a problem when we try to do the set of AllowToAddGuests using an owner account.
The Teams app has :
{
"resource": "Microsoft Graph",
"scope": "Directory.ReadWrite.All"
}
As per MS Graph docs
https://learn.microsoft.com/en-us/graph/api/directorysetting-update?view=graph-rest-beta&tabs=http
should work fine with delegated.
If I execute the graph call in the graph explorer using the owner user it gives the same access error.
All permissions are granted at admin level.
If a global admin is used, then all works fine.
The error I am receiving is the following:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2020-07-02T15:18:56",
"request-id": "84fe9be9-a4b0-4023-93e6-68dd780ce2ea"
}
}
}
Has the owner the possibility to change the flag AllowToAddGuests or should I do this via an App reg?
Thanks for the answers.
Alex
I am posting this here so that if anybody looks for the same information, they have it here.
At the time of this writing, the answer we got from Microsoft is that for this call to work, the user performing the call (in our case one of the owners) needs to also be a Group Administrator. For our use case this was not doable as any user in the company can potentially be an owner of a MS Teams.
The solution we have chosen is to use application permission with Directory.ReadWrite.All to perform the call. This works as expected now.
Microsoft has also promised they will update the documentation in order to include the current information.
I've created a medium application for API access a while ago, and I've been using it to connect medium accounts to my website and let them publish stories from my website. But it stopped working recently, and I can't access my app anywhere. I should mention that my medium account isn't premium, so I've been thinking that's the problem. The thing is I can't find any info anywhere about medium preventing free users from creating apps. This is where I've managed my apps in the past: Link, but now I get 403. Does anyone have any info about this?
edit: What I forgot to say is, when I try to connect my account, I receive the access/refresh token, but then when I try the "https://api.medium.com/v1/me" endpoint I get
{
"errors": [
{
"message": "Application not found",
"code": 6005
}
]
}
When I try to list channel messages I get:
[...] "code": "UnknownError", "message": "Failed to execute backend request." [...]
This error is for all teams I don't belong to.
I have this error when trying to call the API from Microsoft Flow (with HTTP GET) but also with Graph Explorer: the account I used has FULL permission but still asks to check my permission:
Failure - Status Code 403, 656ms Looks like you may not have the permissions for this call. Please modify your permissions
And the registered application has the delegated permission needed to call this endpoint regarding the documentation:
GET /teams/{id}/channels/{id}/messages
https://learn.microsoft.com/en-us/graph/api/channel-list-messages?view=graph-rest-beta
Is it a bug because of the "beta" or something I've missed?
After searching and testing I can confirm that I was miss understanding how the delegated permission works.
The user need to have the permission to read the chat message meaning that the user need to be at least a member of the team who is concerned by the call.
I confirmed it by testing on a teams/groups where the account is not member of (result = Satus code 403) and everything is working with success after adding the account in the teams/groups
Does this mean that at the moment to be able to List channel messages from all teams in organisation we need to have a unique account member of each teams (=account used in the microsoft-graph call) ?
if anyone faced same situation this video helps to understand more easly the concept : https://www.youtube.com/watch?v=UPkHvy3eRCM
Trying to access Youtube v3 api using the following link:
https://www.googleapis.com/youtube/v3/search?part=snippet&maxResults=5&q=funny& key=AIzaSyDFiabJG7l7aLfdvsLL1_DqKbZipKLvaI4
which returns
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured"
}
],
"code": 403,
"message": "Access Not Configured"
}
}
The Google Cloud Console is billing enable account for the registered app with a Browser Key as follows;
Access data that comes from a browser, and that is not associated with an account
Api Key
AIzaSyDFiabJG7l7aLfdvsLL1_DqKbZipKLvaI4
Allowed referrers - Any referrer is allowed.
Activated on
Dec 3, 2013 11:11 PM
What are the factors which would cause this condition?
Any referer allowed
Please click Edit Allowed Refers and the removed the bundle id (com.something) and again click update .
And then use same api key hope it will work
I think you haven't enabled access for "YouTube Data API v3" on your project.
Following procedure may solve your issue:
Access to Google Cloud Console
Select your project which uses YouTube Data API v3
Navigate to "APIs & auth" > "APIs", and toggle the switch next to API name.
In some cases, even with the project properly configured it gives the same error. In this case you may need to try one of the following:
Regenerate the key
Edit the allowed referrers
Remove any referrers altogether (if it complies with your project requirements, of course)
Use a Server Key instead of a Browser Key
See this question for more information