Firestore REST API with Firebase Id token - ios

I am trying to create new document at firestore, using bearer token, retrieved from from Auth SDK (ios, but actually I am using FirebaseAuth for osx, that's why I have no other choose except using REST, because there is no FirebaseFirestore support for osx).
The rules are
service cloud.firestore {
match /databases/{database}/documents {
match /places {
allow create, update, delete, read: if true;
}
}
}
For retrieving token
Auth.auth().currentUser?.getIDTokenForcingRefresh(true, completion ..
After I get token as a string and put it to header Authorization: Bearer MY_RETRIEVED_TOKEN
Link I requesting
https://firestore.googleapis.com/v1beta1/projects/MYPROJECTID/databases/(default)/documents/places?fields=fields&documentId=kk&key=API_KEY_FOR_WEB_APP_FROM_FIREBASE_PROJECT_SETTING
So here I am passing key from Firebase project settings for Web
Body of this POST request
{
"fields": {
"nn": {
"stringValue": "hhh"
}
}
}
But it the end I get 403 in response.
{
"error": {
"code": 403,
"message": "Missing or insufficient permissions.",
"status": "PERMISSION_DENIED"
}
}
Already broken up my mind trying to find an error. Thanks in advance!

I had the same problem few days ago.
You should try to modify your rules like code bellow:
service cloud.firestore {
match /databases/{database}/documents {
match /places/{document=**} {
allow create, update, delete, read: if true;
}
}
}
In this case you set rules for all document's of places.
Also you can test your rules in Rules Simulator. This works quite good.
I hope this will help you

Related

General Exception when creating Site Pages through Graph API

I'm having an issue where i'm receiving a general exception when trying to create site pages through Microsoft Graph API beta endpoints even in Graph Explorer, I'm at a loss at what it could be as i'm using the sample provided in the documentation.
I'm using the following request:
POST https://graph.microsoft.com/beta/sites/{siteId}/pages
{
"name":"Events.aspx",
"title":"Team Events",
"publishingState": {
"level":"checkedOut",
"versionId":"0.1"
},
"webParts":[
{
"type":"rte",
"innerHTML":"<p>Here are the teams upcoming events:</p>"
}
]
}
and its returning this response
{
"error": {
"code": "generalException",
"message": "General exception while processing",
"innerError": {
"date": "2020-11-18T05:11:16",
"request-id": "09efb46d-f393-46c8-a8ff-450815c85d35",
"client-request-id": "0ef11da8-832e-47d8-ed5d-1192343af8fa"
}
}
}
I had exactly the same problem, and stumbled across this StackOverflow post.
Creating pages on sharepoint site with microsoft graph
Basically, there is an issue with the docs. The innerHTML key needs to be wrapped inside a data key.
So you would be calling the following:
{
"name":"Events.aspx",
"title":"Team Events",
"publishingState": {
"level":"checkedOut",
"versionId":"0.1"
},
"webParts":[
{
"type":"rte",
"data": {
"innerHTML":"<p>Here are the teams upcoming events:</p>"
}
}
]
}
If you are making your request exactly as shown in the question, the issue may be the URL. The {siteId} part of your POST URL is a placeholder.
You will want to replace {siteId} with your site ID
For example, if your siteID is ABC123, then the URL for your POST would be:
https://graph.microsoft.com/beta/sites/ABC123/pages

Microsoft Graph API Online Meeting Delete not working

I successfully created an online meeting with the following API.
POST https://graph.microsoft.com/beta/communications/onlineMeetings
Content-Type: application/json
{
"startDateTime":"2019-09-09T14:33:30.8546353-07:00",
"endDateTime":"2019-09-09T15:03:30.8566356-07:00",
"subject":"Application Token Meeting",
"participants": {
"organizer": {
"identity": {
"user": {
"id": "550fae72-d251-43ec-868c-373732c2704f"
}
}
}
}
}
But when I am trying to delete the meeting its not working. I tried with the following APIs:
DELETE https://graph.microsoft.com/beta/me/onlineMeetings/{meeting id}
and
DELETE https://graph.microsoft.com/beta/{user id}/onlineMeetings/{meeting id}
Please help.
The api documented here works for me, eg:
DELETE https://graph.microsoft.com/beta/me/onlineMeetings/550fae72-d251-43ec-868c-373732c2704f_19:meeting_M2IzYzczNTItYmY3OC00MDlmLWJjMzUtYmFiMjNlOTY4MGEz#thread.skype
I get an http 204 in response.
Note that even after deleting the meeting using the above api, I am still able to join the meeting from the teams client, this may be a different bug perhaps. However, trying to delete the same meeting id again gives a 404 not found, which is expected.

Office API getAccessTokenAsync result yields InvalidAuthenticationToken response from Graph

i have been trying to tackle this issues for a while now, i am workin on an Office-js addin for Outlook and is trying to access Microsoft Graph data through my addin.
But i have been unable to authenticate the token i recieve from getAccessTokenAsync.
If i attempt to use the authenticator from Office-JS-Helpers i can get access, but i would prefer to use the built in function of the addin for it.
the code i am trying to use is this:
Office.initialize = () => {
var options = { forceAddAccount: true, forceConsent: true } as Office.AuthOptions;
Office.context.auth.getAccessTokenAsync(options, getAccessTokenAsyncCallback);
}
function getAccessTokenAsyncCallback(accessTokenResponse) {
console.log(accessTokenResponse.value)
client = MicrosoftGraph.Client.init({
authProvider: (done) => {
done(null, accessTokenResponse.value);
},
debugLogging: false
})
client.api("/me")
.get((err, res, rawResponse) => {
console.log(err)
console.log("rawResponse")
console.log(rawResponse)
})
}
and my WebApplicationInfo in my manifest is:
<WebApplicationInfo>
<Id>{AppUID}</Id>
<Resource>api://localhost:3000/{AppUID}</Resource>
<Scopes>
<Scope>profile</Scope>
<Scope>user.read</Scope>
</Scopes>
</WebApplicationInfo>
</VersionOverrides>
and the rights has been set up in my app on the Application Registration Portal.
as far as i can see when validating/decoding the JSON Web Token i recieve from getAccessTokenAsync, it should be valid.
but whenever i try to connect using this token i get this response:
{
"statusCode": 401,
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"requestId": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T05:37:43.000Z",
"body": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T07:37:43"
}
}
}
i simply can't figure out what the issue is here, am i wrong in that the token returned from getAccessTokenAsync is the one i need for this?
oh yes and i am running up against an Office365 environment with Outlook 2016 version 1807 build 10325.20118 click to run
The token that is returned by getAccessTokenAsync, called the bootstrap token, does NOT give your add-in access to MS Graph directly. Instead it gives the Office host application, Outlook in this case, access to your add-in's web application. Your add-in's web application then uses that token to get an access token to Microsoft Graph. It does this by using the "on behalf of" OAuth flow. Please see the extensive documentation at this node: SSO in Office Add-ins and, for Outlook-specific guidance, also see Authenicate a user in an Outlook Add-in with an SSO token.

Authentication fails on google home (oauth2)

I'm trying to connect to google home using OAuth2.0 mechanism. However, hitting with an issue where I'm not able to retrieve success message.
The failing request is - https://oauthintegrations.googleapis.com/v1/token:getForService
with the response payload as redirectState. I know about redirect but what is redirectState? I tried to search a bit over this one, but failed.
Any help would be appreciated.
Note:I have followed all the necessary steps mentioned in doc, I can receive authorisation code, but not able to make token request to desired endpoint.
The docs are https://developers.google.com/actions/identity/oauth2-code-flow and https://developers.google.com/actions/identity/account-linking.
In configuration settings we have Linking type as Oauth -> Authorization Code.
In dialog flow in Integration -> Integration Settings we have checked in for 'Sign in required' for Default Welcome Intent and have the firebase function as
app.intent('Default Welcome Intent', (conv) => {
conv.ask(new SignIn());
});
according to https://developers.google.com/actions/identity/account-linking document and I am currently using API version V2.
After the auth code is received as mentioned it does not call token url, we receive this screen :
Bad response from IdP in Auth Code Exchange & what is redirect_state
The https://gala-demo.appspot.com/app#redirect_state=XXX&state=yyy&service=abc when inspected fails at https://oauthintegrations.googleapis.com/v1/token:getForService as mentioned by #rajesh with status code 400, but when this request is made through postman it return the response. Here is the body and response for the request.
Body :
{
"credential" : {
"redirectState": "XXX"
},
"scopes": [],
"gdiState": "APP_AUTH",
"serviceId": "tapclicks-integration-adac2_dev"
}
RESPONSE :
{
"serviceInfo": {
"authUrl": "https://-domain-/authorization",
"name": "tapclicks dashboard",
"logoUrl": "https://placeholder.com/",
"clientId": "zdqexVMaVvxIMQ7Frjwa",
"tokenUrl": "https://-domian-/token_url",
"privacyPolicyUrl": "https://placeholder.com/",
"tosUrl": "https://placeholder.com/",
"id": "tapclicks-integration-adac2_dev"
},
"completionInfo": {
"appauthInfo": {
"appauthRedirectUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy",
"appauthRedirectState": "abcxxx"
},
"oauthAuthorizationUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy"
},
"gdiState": "APP_AUTH",
"header": {}
}
Can you please tell if i might be making any configuration mistake or any other info you need.
Authorization Url : https://kprb95tye7.execute-api.us-east-1.amazonaws.com/authorization/
Token Url : https://9343j46f16.execute-api.us-east-1.amazonaws.com/token_url/
Thanks

Micorsoft Graph API Responsibilites Update

I am attempting to update the responsibilities field on a user account through the Graph API.
I am attempting to do this using the following request:
PATCH https://graph.microsoft.com/v1.0/users/<upn>
{
"responsibilities":[
"ApprovalLimit:0"
]
}
When i make this request, I get the response:
{
"error": {
"code": "-2147024809, System.ArgumentException",
"message": "Invalid attribute update\r\nParameter name: attributeUpdates",
"innerError": {
"request-id": "1be313f3-880b-47de-858d-1bea74951715",
"date": "2017-03-06T09:29:21"
}
}
}
However, when I attempt to update the schools collection, which is also a String collection, this works without issue.
This is the same with both beta and v1.0 and also with the /me endpoint rather than /users/<upn>.
Is this a bug within the API?
Any ideas about how to set this?
Thanks in advance.
I am also able to reproduce this issue too. Based on the error message, it seems this attribute is not support update at current version of Microsoft Graph.
If you want to this attribute is update-able, I suggest that you submit the feedback from here.

Resources