I am trying to connect to Gmail using OAuth 2.0.
However, it is impossible to test that you can not join the risky-access-by-unreviewed-apps group.
Does Google prevent participation in the group? Or is there any other way?
The method for connection refers to the following article.
https://developers.google.com/gmail/imap/xoauth2-protocol
I asked a question in google API pending email.
After that the contents of the homepage was updated.
I can not see sentences to register in the risky-access-by-unreviewed-apps group.
I developed on iOS.
The problem was that G-Mail connection authorization not added privileges at login was not done.
I solved the problem by adding G-Mail permissions.
Additional source of authority
[GIDSignIn sharedInstance].scopes = [NSArray arrayWithObjects:#"https://www.googleapis.com/auth/userinfo.profile", #"https://www.googleapis.com/auth/userinfo.email", #"https://mail.google.com", nil];
IMAP JAVA connection test : https://github.com/google/gmail-oauth2-tools/wiki/JavaSampleCode
Related
I tried to receive all events for an Microsoft 365 User. It's a business license and a add an App with all User/Mail/Calendar Permissions (also consent granted) to Api permissions.
When running this command or some similar like in the documentation I got 403
Client error: `GET https://graph.microsoft.com/v1.0/users/xxxxxxxxxxxxxxxxxxxx/events` resulted in a `403 Forbidden` re
sponse:
{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}
What did I do wrong? I also tried the Graph Explorer (with logged in user).
Are the permissions you are assigning delegated or application permissions?
If you are using application permissions for your App Registration then you need to give access on the user's calendar to the app (probably by using a new service principal on exchange online).
If you are using delegated permissions then you should check the access token you are getting for validation in jwt.ms
Bear in mind that Graph explorer with logged in user needs different permissions than your App Registration. ( it's a different app registration altogether )
Seems like I had the same issue https://learn.microsoft.com/en-us/answers/questions/1165285/microsoft-graph-get-outlook-calendar-events-403?page=1&orderby=Helpful&comment=answer-1168253#newest-answer-comment
The fix was to remove all the other permissions and just give it
I'm currently trying implement an app to read calendars only for a group that's permitted to the app. The idea behind this is that when I want to add a another calendar all I'd have to do is add the object to a specific o365 group. I'm taking the application approach over delegation that way I don't have anything actually logging in to utilize the app. Ultimately I'd like to stay away from any of the *.All permissions for security reasons.
Steps taken :
- created o365 group
- added resource objects and one user service account (just for testing) to the group
- registered app
- generated secret
- assigned group to the app
- granted admin consent to groups.selected via the azure portal
When I run a GET for group/{id}/members :
{'error': {'code': 'Authorization_RequestDenied', 'message': 'Insufficient privileges to complete the operation.', 'innerError': {'request-id': '473410a8-4db4-49d6-8d2c-92b9fbd4edb1', 'date': '2020-03-05T14:59:28'}}}
As per the docs
https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
If you are using Application permissions to Get Members for a group. you will need User.Read.All, Group.Read.All, Directory.Read.All.
The usual issue is not granting that permissions to the application in Portal.azure.com and admin consenting it.
If you're confident with that. Then I'd eliminate your code as being the issue by using something like postman with your app id and client secret. We have a sample Postman collection here https://learn.microsoft.com/en-us/graph/use-postman . for delegated permissions you can use our Graph Explorer playground.
MS docs says:
Note: This permission is exposed in the Azure portal for a feature that is not available for general use. Do not use this permission as it is subject to change.
https://learn.microsoft.com/en-us/graph/permissions-reference
I'm wondering if we just found a bug in the MS Graph API. I'm trying to access a different user's inbox mail rules via MS Graph. Here's what I did:
1.) Registered an application on the V1 Azure AD Endpoint, with ALL delegated permissions (including MailBoxSettings.Read and MailBoxSettings.ReadWrite)
2.) Granted access to the application using a global admin account
3.) Got a Graph Bearer Token for the tenant & proper permissions:
4.) Delegated mailbox access (full access) to my Global Admin account in Exchange Online settings:
5.) Verified that I have access to the users inbox via Graph:
6.) Attempting to list messagerules for this user fails:
Note that retrieving the current (global admin) user's mail rules works without an issue:
GET /https://graph.microsoft.com/v1.0/me/mailfolders/inbox/messageRules
This tells me that there is probably a bug in MS Graph - or am I maybe missing something?
Thanks in advance
Ben
I have tried this, and I have get the same error. As my understand, we can not get the other's email rules. If you want to use this case, we can submit this issue on the github Issue
To read other users emaill inbox you need Application Type permission set rather than Delegated access.
Follow this link
https://learn.microsoft.com/en-us/graph/auth-v2-service
I am trying to implement google sign in using firebase in to my iOS app. I follow this tutorial.
https://firebase.google.com/docs/auth/ios/google-signin
I have setup the iOS app in firebase and use the google clientID and reversedClientID from the dowloaded GoogleService-Info.plist.
FYI: I have a custom sign-in button instead of the google sign in button. Anyway when i click the sign in button, google following error display in a webview.
I know my problem is the same as which described in this question.
Google 400 Error: invalid request Custom scheme URIs are not allowed for 'Web' client type
But, in my case, I have created the app in Firebase still I get the error. Any idea please...
The first step is to check if you have already the OAuth 2.0 ID for iOS. To do this please open the Credentials page in the API Console. I hope you will find iOS client for your application under OAuth 2.0 client IDs section. If not, please follow this Guide
The second step is to replace the Web Client ID with in iOS Client ID from OAuth 2.0 client IDs section. To do this, you should open the GoogleService-Info.plist and modify following keys: CLIENT_ID with [value].apps.googleusercontent.com and REVERSED_CLIENT_ID with com.googleusercontent.apps.[value].
if you're using flutterfire ui package you need to change the client id parameter in your GoogleProviderConfiguration class with the iOS client id,
you can copy it from here Credential page
example:
providerConfigs: [
GoogleProviderConfiguration(
clientId: "your copied key here"),
]
re-build you're app and you should be good to go
I've just faced this same issue using flutterfire_ui on Flutter.
The error appears to be from a couple of things. As Valeriy points out you need the ios client ID. But I still got the error if I used the scopes
openid
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
Instead change these to
openid
email
profile
Strangely the opposite is true for Android, where the WebID and the first of the scopes should be used.
It also pays to be aware of the OAuth Content Screen..
In google cloud go to APIs & Services > OAuth consent screen > Edit.
You can add scopes here and fix any missing required fields that Firebase might not be filling out (I had 1). I believe this takes a while to propagate after a change, so give it an hour.
I am trying to run the sample Google Apps Script Service Account OAuth example taken from here:
https://github.com/googlesamples/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs and keep getting a server timed-out error. I copied the exact code and just substituted in the private key, client email, and a user email. The example code looks to be current as there was an update to it on July 30th.
I have authorized https://www.googleapis.com/drive/v2/files through the admin console as well as https://accounts.google.com/o/oauth2/token and have listed these as scopes in the admin settings (and domain-wide delegation is enabled). I am using an admin account to run the script.
I keep getting the ubiquitious "Server Timed Out" error and nothing shows up in the Execution Logs.
What might be the problem? Any help would be appreciated. Thanks in advance.
Thanks, Gerardo, for pointing me in the right direction. It turned out that our organization manages permissions for the Google Developer's Console by Organizations (in the Google Admin console). Somehow a few accounts, including mine, were kicked out of the Organization that had permissions to access the Developer's Console. After adding myself back in, the sample worked without problems.