I use Passport.js to authenticate with Google. I define the following scope:
passport.authenticate('google', {
scope: [
'https://www.googleapis.com/auth/gmail.modify',
],
})
So, I just would like to access the Gmail API.
Now, Google responds with:
GooglePlusAPIError: Insufficient Permission
I get it working when I add the Google+ API to my projekt via the Google API dashboard and by adding the following scope to my passport.authenticate call:
'https://www.googleapis.com/auth/userinfo.email'
But why do I need the Google+ API when the only thing I would like to do is access Gmail?
I also found this website: https://developers.google.com/gmail/api/auth/web-server where they set these scopes:
SCOPES = [
'https://www.googleapis.com/auth/gmail.readonly',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
# Add other requested scopes.
]
What am I missing?
Thanks in advance!
Cheers,
Niels
Edit:
I just researched on my Google API dashboard and found the screen below. So, are these scopes mandatory?
Edit 2
The context is an Express.js app. The whole call looks like:
router.get('/google', passport.authenticate('google', {
scope: [
'https://www.googleapis.com/auth/gmail.modify',
],
}));
router.get('/google/callback', passport.authenticate('google', {
failureRedirect: '/',
}), (req, res) => {
req.session.token = req.user.token;
res.redirect('/');
});
Related
I want to call MS Graph Search API in react app, I registered the app with sites.read.all with delegated permissions.
The filter should be from SharePoint list data.
code
https://graph.microsoft.com/v2.0/search/query
{
"requests": [
{
"entityTypes": [
"listItem"
],
"query": {
"queryString": "contoso"
}
}
]
}
AFIAK there is no code or searching option for using Search API in MS graph, you can refer to this similar question:API based search using React
Or raise a feature request for the same in here: https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/idb-p/Microsoft365DeveloperPlatform
Hope this helps.
I am trying to use the google-api-nodejs library to manage some resources in the google Campaign Manager API.
I have confirmed that we currently have a GCP project configured, and that this project has the google Campaign Manager API enabled (screenshot at the bottom).
I have tried several ways of authenticating myself (particularly API keys, OAuth2, and Service account credentials). This question will focus on using an API key though, as theoretically it is the simplest (and I will raise a separate question for the issues I am facing using Service account credentials).
Now, I have generated an API key and I have restricted it to have access to the Campaign Manager API (this is visible in the screenshots below). I configured my code
following the using-api-key section of the library's repo (https://github.com/googleapis/google-api-nodejs-client/#using-api-keys):
import { assert } from "chai";
import { google } from "googleapis";
it("can query userProfiles using API Key", async () => {
try {
const api_key = "AIza ****";
const df = google.dfareporting({
version: "v3.5",
auth: api_key,
});
const res = await df.userProfiles.list({}); // error thrown on this line
console.log("res: ", res);
assert(true);
} catch (e) {
console.error("error: ", e);
assert(false);
}
});
Unfortunately, this code results in an error with the message Login required:
{
"code": 401,
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
]
}
It is worth noting that:
While the API key seems to be correctly configured (that is, it matches what is visible in the Google API), changing the value of the API key in our code does not change the result - the error is still exactly the same
Moreover, changing the auth attribute from google.dfareporting to userProfiles.list results in the same error.
const df = google.dfareporting({
version: "v3.5",
});
const res = await df.userProfiles.list({
auth: api_key, // error thrown on this line
});
If you check the documentation for userProfiles.list
You will find it states
This means in order to access this method you need to be authorized by a user using oauth2 with one of those scopes.
Api keys will only give you access to public data not private user data.
you sould check the Google api node.js client for information on authorization with this library.
const {google} = require('googleapis');
const oauth2Client = new google.auth.OAuth2(
YOUR_CLIENT_ID,
YOUR_CLIENT_SECRET,
YOUR_REDIRECT_URL
);
// generate a url that asks permissions access
const scopes = ['https://www.googleapis.com/auth/dfareporting'
];
const url = oauth2Client.generateAuthUrl({
// 'online' (default) or 'offline' (gets refresh_token)
access_type: 'offline',
// If you only need one scope you can pass it as a string
scope: scopes
});
I'm trying to connect to google home using OAuth2.0 mechanism. However, hitting with an issue where I'm not able to retrieve success message.
The failing request is - https://oauthintegrations.googleapis.com/v1/token:getForService
with the response payload as redirectState. I know about redirect but what is redirectState? I tried to search a bit over this one, but failed.
Any help would be appreciated.
Note:I have followed all the necessary steps mentioned in doc, I can receive authorisation code, but not able to make token request to desired endpoint.
The docs are https://developers.google.com/actions/identity/oauth2-code-flow and https://developers.google.com/actions/identity/account-linking.
In configuration settings we have Linking type as Oauth -> Authorization Code.
In dialog flow in Integration -> Integration Settings we have checked in for 'Sign in required' for Default Welcome Intent and have the firebase function as
app.intent('Default Welcome Intent', (conv) => {
conv.ask(new SignIn());
});
according to https://developers.google.com/actions/identity/account-linking document and I am currently using API version V2.
After the auth code is received as mentioned it does not call token url, we receive this screen :
Bad response from IdP in Auth Code Exchange & what is redirect_state
The https://gala-demo.appspot.com/app#redirect_state=XXX&state=yyy&service=abc when inspected fails at https://oauthintegrations.googleapis.com/v1/token:getForService as mentioned by #rajesh with status code 400, but when this request is made through postman it return the response. Here is the body and response for the request.
Body :
{
"credential" : {
"redirectState": "XXX"
},
"scopes": [],
"gdiState": "APP_AUTH",
"serviceId": "tapclicks-integration-adac2_dev"
}
RESPONSE :
{
"serviceInfo": {
"authUrl": "https://-domain-/authorization",
"name": "tapclicks dashboard",
"logoUrl": "https://placeholder.com/",
"clientId": "zdqexVMaVvxIMQ7Frjwa",
"tokenUrl": "https://-domian-/token_url",
"privacyPolicyUrl": "https://placeholder.com/",
"tosUrl": "https://placeholder.com/",
"id": "tapclicks-integration-adac2_dev"
},
"completionInfo": {
"appauthInfo": {
"appauthRedirectUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy",
"appauthRedirectState": "abcxxx"
},
"oauthAuthorizationUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy"
},
"gdiState": "APP_AUTH",
"header": {}
}
Can you please tell if i might be making any configuration mistake or any other info you need.
Authorization Url : https://kprb95tye7.execute-api.us-east-1.amazonaws.com/authorization/
Token Url : https://9343j46f16.execute-api.us-east-1.amazonaws.com/token_url/
Thanks
Loading shared calendar from a user works so far.
However, as soon as you want to load the events, we get the following error message:
ErrorAccessDenied
Access is denied. Check credentials and try again.
The URL looks like this:
https://outlook.office.com/api/v2.0/users/{userName}/calendars/{sharedCalendarId}/calendarView
Query:
{
"query": {
"$select": "Subject,Location,Start,End,IsAllDay,BodyPreview,Extensions",
"$expand": "Extensions($filter=Id eq \"Microsoft.OutlookServices.OpenTypeExtension.custom.string.here\")",
"startDateTime": "2018-07-09T22:00:00.000Z",
"endDateTime": "2018-11-09T23:00:00.000Z"
},
"headers": {
"Prefer": [
"odata.track-changes",
"odata.maxpagesize=200"
]
}
}
The following scopes were set:
"openid",
"profiles",
"offline_access", // for refresh token
"https://outlook.office.com/calendars.readwrite",
"https://outlook.office.com/calendars.read.shared",
"https://outlook.office.com/calendars.readwrite.shared"
The Outlook REST API requests are always performed on behalf of the current user (authenticated user). That's why the endpoint /me/calendars works but users/{userId}/calendars does not. You can not get access to another user's calendar using this API. More information is provided here.
To access the other user's calendar you should switch to Microsoft Graph API. Then you could use the following endpoints:
Using https://graph.microsoft.com/v1.0/
GET /me/calendar/calendarView
GET /users/{id | userPrincipalName}/calendar/calendarView
GET /groups/{id}/calendar/calendarView
Remember to specify permissions for accessing user's calendars.
I am trying to create a new channel using slack api https://api.slack.com/methods/channels.join but getting this response
info: ** API CALL: https://slack.com/api/channels.join
Response : { ok: false, error: 'user_is_bot' }
I tried this
controller.hears('hello', ['direct_message', 'direct_mention', 'mention'], function (bot, message) {
bot.api.channels.join({'name':'nag'}, function (err, response) {
console.log("Response : ",response);
})
});
If I am mistaken please let me know. I have started learning slack api.
The reason you are getting user_is_bot is that channels.join can not be used by a bot user. As it says in the documentation for this method:
user_is_bot: This method cannot be called by a bot user.
To create channel you will want to use channels.create. However, that method can also not be used by a bot user.
The common solution is to use the full access_token, not the bot_access_token that your Slack app received from Slack after installing it with OAuth for all methods that bot users can not use, e.g. creating a new channel.
Here is the example from the OAuth documentation on how the response from Slack with both tokens look like:
{
"access_token": "xoxp-XXXXXXXX-XXXXXXXX-XXXXX",
"scope": "incoming-webhook,commands,bot",
"team_name": "Team Installing Your Hook",
"team_id": "XXXXXXXXXX",
"incoming_webhook": {
"url": "https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX",
"channel": "#channel-it-will-post-to",
"configuration_url": "https://teamname.slack.com/services/BXXXXX"
},
"bot":{
"bot_user_id":"UTTTTTTTTTTR",
"bot_access_token":"xoxb-XXXXXXXXXXXX-TTTTTTTTTTTTTT"
}
}