I have my app in LinkedIn with all four default application permissions ticked. I am able to consume API v1 perfectly. When I authenticate with oAuth 2.0, my authentication is successful and I get auth2_token but I am not able to call the below endpoint.
https://api.linkedin.com/v2/me
Header: X-Restli-Protocol-Version : 2.0.0 Authorization : Bearer (
auth2_token )
I get the error
{
"serviceErrorCode": 100,
"message": "Not enough permissions to access: GET /me",
"status": 403
}
Am I missing something here?
I couldn't get access to https://api.linkedin.com/v2/me either but you can use the following URL sample to retrieve the data you need:
GET https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url)?format=json
The available fields can be found here: LinkedIn basic profile fields
To access https://api.linkedin.com/v2/me, you need to have access to v2 API.
As of 14th of Jannuary or Linkedin Applications will automatically have access to v2 API.
As of March, 1st, Linkedin is going to deprecate its v1 API, so the call https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url)?format=json will no longer work.
Related
I am testing Get Chat Microsoft Graph API (which is still in Beta) and it seems to work successfully when it is called from Graph Explorer (which uses an user token), instead when I call this API from Postman with an application token, I get 401 Unauthorized with an Unknown Error as response.
https://graph.microsoft.com/beta/users/<user-id>/chats/<conversation-id>
My App Registration on Azure has these permissions:
And the decoded application token contains:
"aud": "https://graph.microsoft.com",
"roles": ["User.Read.All", "Chat.Read.All" ]
The same token it works for the Get User API
https://graph.microsoft.com/beta/users/<user-id>
Basically, it seems to have problems only the GET Chat API when called with an application token, although the documentation says it is supported. Am I missing something in the App Registration configuration?
EDIT
As I have already explained in the comments, this question doesn't help me, since:
audit is correct
permissions are present in the token and are granted by the admin in the App registration
scope is correct
Should I check something else?
Have you seen this message on the (English) documentation page?
Before calling this API with application permissions, you must request access. For details, see Protected APIs in Microsoft Teams.
It seems like Microsoft has implemented an extra layer of security for apps accessing "Teams" endpoints.
A number of our users authenticate through the Google OAuth API (https://developers.google.com/+/web/api/rest/oauth)
What is the future of the Google's version OAuth API beyond the April 2019?
OAuth aside, we use the following endpoint to obtain the user's email and name: https://www.googleapis.com/plus/v1/people/me once we obtain the access token. Is this endpoint becoming obsolete?
Update 12/21/18
Google+ Shutdown Notice
[End Update]
OAuth 2.0 is a service provided by Google Accounts. The end of life for Google+ will not affect OAuth 2.0.
OAuth 2.0 is the foundation authentication service for Google Cloud Platform, G Suite and many other services. OAuth 2.0 is token based, and these tokens can be used on a variety of services, both Google based and third party.
A further question was asked below in the comment section about endpoints.
The Google+ endpoint for user information: googleapis.com/plus/v1/people/me will probably continue to exist for years (awaiting official announcement from Google).
I would start using the Google OAuth 2.0 endpoint (notice the alt=json): https://www.googleapis.com/oauth2/v3/userinfo?alt=json
Which returns Json that looks like this:
{
"id": "123456789012345678901",
"email": "username#example.com",
"verified_email": true,
"name": "User Name",
"given_name": "User",
"family_name": "Name",
"link": "https://plus.google.com/123456789012345678901",
"picture": "https://lh3.googleusercontent.com/.../mo/photo.jpg",
"locale": "en",
"hd": "example.com"
}
The current list of Google OAuth 2.0 endpoints:
https://accounts.google.com/.well-known/openid-configuration
What is the future of OAuth API beyond the April 2019?
Oauth is not an api it is a protocol for authentication. In this instance the authentication response is used to access googles APIs. Googles use of Oauth2 for authentication is not going any where there has been no announcement that it is being discontinued in any way. Nor do i think they would as to my knowledge it is current industry standard for authenticating to APIs
OAuth aside, we use the following endpoint to obtain the user's email and name: https://www.googleapis.com/plus/v1/people/me once we obtain the access token. Is this endpoint
The Google people api may contain the term plus in the url but it does not really have anything to do with Google plus (other than really bad naming).
[Documentation] The People api lets you list and manage the authenticated user's Contacts and retrieve profile information for authenticated users and their contacts.
Which actually has nothing to do with Google plus other than the fact that some of the users profile information may have originally been contained within Google plus which has now been moved i suspect (but i have no proof of that). I did send off an email to google asking for some clarification as to exactly which endpoints are shutting down.
Shutdown
So what is going to happen with the shutdown
Google+ will stop working
plus.activites will stop working.
plus.comments will stop working
What will happen to people overview will be a really good question. They may be renamed however i suspect they may just be left alone to access the google contacts as they do currently. (again i have no proff of this)
Get current user info
If you want to get the information about the current user then an idea would be to use the userinfo endpoint. As long as you requested the profile scope you can request the current users info from the identity server directly
Request:
GET /oauth2/v2/userinfo HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer qMgWQHD0MstTDVip7hIYipUpSQkxexF4-W0bI3geEaYk0ztVryYZyFRrZDFWkn69Hw3RlBjfOuXJ8df_iv5ATgW3y0BUkI0xMXeGq22qmfqG-4duSU
Response:
{
"picture": "https://lh5.googleusercontent.com/-a1CWlFnA5xE/AAAAAAAAAAI/AAAAAAAAl1I/UcwPajZOuN4/photo.jpg",
"name": "Linda Lawton",
"family_name": "Lawton",
"locale": "en",
"gender": "female",
"link": "https://plus.google.com/+LindaLawton",
"given_name": "Linda",
"id": "117200475532672775346"
}
I suspect that some of this is going to change. Link for example is not going to be able to link to google plus anymore. I think i will send off an email to google to see what they intend to do about that.
Email will only appear in the response if you have also requested email scope when authenticating the user.
update
blog post on api shutdown just went out and gives information on what APIs are being shut down and when.
The most commonly used APIs that are being shut down include:
Google+ REST API
Google+ Web API
Google+ Android SDK
Google+ Domains API
Google+ Pages API
This still doesn't clear up the issue with the people API being Google contacts yet part of the Google+ rest API
https://developers.googleblog.com/2018/12/google-apis-shutting-down-march-7-2019.html?m=1
In order to disable this Google + API from your apps, you need to go to https://console.developers.google.com
... and navigate to each project you are using Google+ Api and click DISABLE
This will remove any requests from Google + API.
I have scoured the web to try and find an answer to what seems to be a simple solution but unable to come across one.
I am using Postman. On the Authorisation tab, I have entered the details as defined in the Twitter Application Management.
In the header, I have a key of Authorization and value of
OAuth oauth_consumer_key="my-consumer-key",
oauth_token="my-consumer-token",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1538075001",
oauth_nonce="zXeiLqV5GzK",
oauth_version="1.0",
oauth_signature="SYdcrIrRT6jdgo57b1qP9a9THcc%253D"
When I run a GET request for https://api.twitter.com/1.1/search/tweets.json?q=test I get the expect results.
However, trying to search for a hashtag
https://api.twitter.com/1.1/search/tweets.json?q=%23test&include_entities=true I get the following in the response body
{
"errors": [
{
"code": 32,
"message": "Could not authenticate you."
}
]
}
with a status of 401: Authorization Required
Why would this be the case, would there be a step I missed in setting up or can you not search for hashtags on the free version?
Any help would be appreciated.
Solution is to use OAuth2
Twitter OAuth1 seems to have issue with url encoding.
I ended up using OAuth2 too. Requesting Bearer's Token to https://api.twitter.com/oauth2/token and giving it App Consumer API keys as authorization credentials.
Reference can be found here
We are using the YouTube Data API to get the YouTube channel information, it was working before two days now it is giving me below error:
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "dailyLimitExceededUnreg",
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.",
"extendedHelp": "https://code.google.com/apis/console"
}
],
"code": 403,
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
}
}
Is there any new update on YouTube Data API?
Can anyone help me to resolve this issue?
In order to access any Google API you need to identify your application. This rule has not been enforced on all Google APIs. If you say your request has worked in the past I suspect that they have begun to enforce this now with the YouTube API.
The problem is that you have either not authenticate your application using Oauth2 or you are not sending an API key along with this request.
You need a Google Account to access the Google Developers Console, request an API key, and register your application.
Create a project in the Google Developers Console and obtain authorization credentials so your application can submit API requests.
After creating your project, make sure the YouTube Data API is one of the services that your application is registered to use:
a. Go to the Developers Console and select the project that you just registered.
b. Open the API Library in the Google Developers Console. If prompted, select a project or create a new one. In the list of APIs, make sure the status is ON for the YouTube Data API v3.
If your application will use any API methods that require user authorization, read the authentication guide to learn how to implement OAuth 2.0 authorization.
see Getting started
I was getting the same error. The mistake I was making is not setting the API Key value while requesting. Please set the API Key attribute.
If you are using youtube data v3 api use following code snippet.
playlistItemsListByPlaylistIdRequest.setKey(YOUR_API_KEY_VALUE);
If you are using the Html request, then use following format :
https://www.googleapis.com/youtube/v3/playlistItems?part=snippet%2CcontentDetails&maxResults=8&playlistId={PLAYLIST_ID}&key={YOUR_API_KEY}
Version of google-api-java-client:
google-api-1.13.2-beta.jar
Java environment:
Java 6
Describe the problem.
I have a question.
I want to access the Google Drive using the OAuth 2.0 for Devices.
It is an error to use "https://www.googleapis.com/auth/drive" scope.
I succeed when you use the "https://docs.google.com/feeds/" in scope.
I'm wondering do I use the "https://docs.google.com/feeds/" to use the "DriveAPI" I.
Is this the correct usage?
Request:
POST https://accounts.google.com/o/oauth2/device/code HTTP/1.1
client_id=xxxxx.apps.googleusercontent.com&scope=https://www.googleapis.com/auth/drive
Response: { "error" : "invalid_scope" }
Response:
POST https://accounts.google.com/o/oauth2/device/code HTTP/1.1
client_id=xxxxx.apps.googleusercontent.com&scope=https://docs.google.com/feeds/
Response:
{
"device_code" : "4/e6HcZHKPz-eExgLb_Ll9V8qoT1NP",
"user_code" : "zzwiv48b",
"verification_url" : "http://www.google.com/device",
"expires_in" : 1800,
"interval" : 5
}
How would you expect it to be fixed?
I think that can be authenticated in the scope of the "https://www.googleapis.com/auth/drive" I.
developers.google.com
stackoverflow.com
You are missing an h in the protocol. Try https://docs.google.com/feeds/ instead of ttps://docs.google.com/feeds/. Apply the same change to all your scope urls
From the Google documentation about "Using OAuth 2.0 for Devices" (https://developers.google.com/identity/protocols/OAuth2ForDevices#allowedscopes):
When you use the OAuth 2.0 flow for devices, you can access only the following scopes:
Analytics Configuration and Reporting APIs
Calendar API
Contacts API
Cloud Print API
Cloud Storage API
Fitness REST API
Fusion Tables API
Google Sign-In
YouTube Data and Live Streaming APIs
I don't see Drive API in this list and I think it's a reason of "invalid_scope" error
I have exactly the same problem with.
I've followed the instructions in the developing document, and use "www.googleapis.com/auth/drive" as my the scope in the request.
Eventually, I got "invalid_scope" in the response.
So I've try to use "www.googleapis.com/auth/devstorage.full_control" as the scope, and it worked!The hint is from :https://cloud.google.com/storage/docs/authentication#oauth
BUT!! When I use the access token I created to list the google drive account information, I got error code 403 and the message is "Insufficient Permission".
This is what I used to request the account infornation:
curl -H "Authorization: Bearer $ACCESS_TOKEN" https://www.googleapis.com/drive/v2/about?key=$APP_KEY
That really made me confused....