Develop Reference

Google::Apis::ClientError: forbidden: The caller does not have permission when using service account call with ruby google api

I'm trying use a service account with google's api to work with classroom data with the goal of synchronizing our web service for schools with the google classroom data.
I have delegated domain wide authority to the service account and have activated the Google Classroom API. I have downloaded the json Key file used below.
I have added https://www.googleapis.com/auth/classroom.courses to the scope of the service account.
My test code in app/models/g_service.rb:
class GService
require 'google/apis/classroom_v1'
def get_course
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
json_key_io: File.open('/Users/jose/Downloads/skt1-301603-4a655caa8963.json'),
scope: [ Google::Apis::ClassroomV1::AUTH_CLASSROOM_COURSES ]
)
authorizer.fetch_access_token!
service = Google::Apis::ClassroomV1::ClassroomService.new
service.authorization = authorizer
puts "\n service\n #{service.inspect}"
response = service.get_course( '99999' )
puts "\n response \n#{response.inspect}"
end
end
The results in the console are:
>> GService.new.get_course
service
#<Google::Apis::ClassroomV1::ClassroomService:0x007fe1cff98338 #root_url="https://classroom.googleapis.com/", #base_path="", #upload_path="upload/", #batch_path="batch", #client_options=#<struct Google::Apis::ClientOptions application_name="unknown", application_version="0.0.0", proxy_url=nil, open_timeout_sec=nil, read_timeout_sec=nil, send_timeout_sec=nil, log_http_requests=false, transparent_gzip_decompression=true>, #request_options=#<struct Google::Apis::RequestOptions authorization=#<Google::Auth::ServiceAccountCredentials:0x0xxxxxxx #project_id="sssssssss", #authorization_uri=nil, #token_credential_uri=#<Addressable::URI:0x000000000 URI:https://www.googleapis.com/oauth2/v4/token>, #client_id=nil, #client_secret=nil, #code=nil, #expires_at=2021-01-13 20:56:46 -0800, #issued_at=2021-01-13 19:56:47 -0800, #issuer="xxxxxxx.iam.gserviceaccount.com", #password=nil, #principal=nil, #redirect_uri=nil, #scope=["https://www.googleapis.com/auth/classroom.courses"], #state=nil, #username=nil, #access_type=:offline, #expiry=60, #audience="https://www.googleapis.com/oauth2/v4/token", #signing_key=#<OpenSSL::PKey::RSA:0xxxxxxxxx>, #extension_parameters={}, #additional_parameters={}, #connection_info=nil, #grant_type=nil, #refresh_token=nil, #access_token="-------------------------------------------------------------------------------------->, retries=0, header=nil, normalize_unicode=false, skip_serialization=false, skip_deserialization=false, api_format_version=nil, use_opencensus=true>>
Google::Apis::ClientError: forbidden: The caller does not have permission
It appears everything is working fine until the service.get_course('99999') call.
I've tested this call using the https://developers.google.com/classroom/reference/rest/v1/courses/get online tool and it works fine.
I've poured over the documentation but have been unable to resolve this.
Can anybody please let me know what I am missing?
I'm running rails 3.2 and ruby 2.1

Considering the error you're getting, I think you are not impersonating any account.
The purpose of domain-wide delegation is that the service account can impersonate a regular account in your domain, but in order to do that, you have to specify which account you want to impersonate. Otherwise, you are calling the service account by itself, and it doesn't matter that you've enabled domain-wide delegation for it.
In the Ruby library, you can specify that using the :sub parameter, as shown in the section Preparing to make an authorized API call at the library docs:
authorizer.sub = "<email-address-to-impersonate>"
Note:
Make sure the account you impersonate has access to this course, otherwise you'll get the same error.
Related:
Delegating domain-wide authority to the service account
Google API Server-to-Server Communication not working (Ruby implementation)

graph api get public events with rails/koala works only for some sites

This is my code
Koala.config.api_version = 'v2.3'
#oauth = Koala::Facebook::OAuth.new 'app_id', 'app_secret'
#graph = Koala::Facebook::API.new #oauth.get_app_access_token
#events = #graph.get_object('141991029192409/events')
which works fine. If I try to fetch the events from another site like
#events = #graph.get_object('161335993890217/events')
I get this error
GraphMethodException, code: 100, message: Unsupported get request.
Please read the Graph API documentation at
https://developers.facebook.com/docs/graph-api [HTTP 400]

That page is likely restricted in some way (alcohol related content, age, location) – and that means you need to use a user access token instead of the app access token. (Or a page access token, if you have admin control over that page.)
With a user access token, Facebook uses the information about that user to determine whether or not they are allowed to see the page. An app access token could be used by “anyone”, and therefor can not be used to access such restricted pages.

Koala::Facebook::ClientError Exception: type: GraphMethodException, code: 100, message: Unsupported get request

I did research on this issue, however, nothing worked for me.
I am using Facebook Realtime subscription and graph API to track my facebook page (using page token).
When a user posts a photo/video I am getting following data pushed by fb to my server:
{"field"=>"feed",
"value"=>
{"item"=>"photo",
"verb"=>"add",
"photo_id"=>302522856593533,
"post_id"=>"824413870916335_302522856593533",
"sender_id"=>100005074631221}}
When I use post_id (824413870916335_302522856593533) to make call to graph API for fetching details of the post, I am encountering following error:
*** Koala::Facebook::ClientError Exception: type: GraphMethodException, code: 100, message: Unsupported get request.
Please read the Graph API documentation at
https://developers.facebook.com/docs/graph-api [HTTP 400]
However, if user posts without photo/video, I am able to get post details successfully. In case, admin posts photo/video, I am able to get details of that post too.
I am sure about the correctness of page token and code. I think, there must be something related to settings.

I have multiple pages to fetch. Tested with both of these methods Koala wiki provides
#graph = Koala::Facebook::GraphAPI.new # pre 1.2beta
#graph = Koala::Facebook::API.new # 1.2beta and beyond
Some pages have ids and some have not in their uris so in a page like this:
https://www.facebook.com/pages/Istanbul-Kuafor/241559912664906
fc.get_object("Istanbul-Kuafor")
gives me the error message you mentioned so I use
fc.get_object("241559912664906")
if page doesn't have an id(some pages don't, somehow), I use the page name and it works this time.

Withings API Status Code 2555

I'm trying to integrate Withings with a rails apps. I'm using an Omniauth provider someone wrote called omniauth-withings. I was able to configure the provider to allow me to visit /auth/withings which redirects to the Withings authorization page. After I allow access, the browser is redirected to the callback url /auth/withings/callback. I have this routed to a controller action that attempts to get the measurement data from Withings using the simplificator-withings gem.
Withings.consumer_secret = ENV['withings_app_key']
Withings.consumer_key = ENV['withings_app_secret']
auth_hash = request.env['omniauth.auth']
user_id = auth_hash.extra.raw_info.body.users.first.id
withings_user = User.authenticate(user_id, auth_hash.credentials.token, auth_hash.credentials.secret)
measurements = withings_user.measurement_groups(:device => Withings::SCALE)
The problem happens when I call User.authenticate(), I get this:
An unknown error occurred - Status code: 2555
Is there something I'm missing here?

I was getting the same error with a django app. It turns out I was using the wrong token and secret. I was using the oauth_token and oauth_token_secret returned from step 1 of the authorization process, rather than the oauth_token and oauth_token_secret from step 3. Make sure you are using the values from step 3. The API documentation shows the same values returned from these calls, but they will be different. Hopefully this helps you too.

Authentication Error When Trying to Access Jawbone API (RoR)

I am trying to access the Jawbone API in my Rails app using omniauth + jawbone. I have a button that initiates the OAuth login for the user and I create a user model for this user with a token and a refresh token on my database. (It seems like the OAuth for Jawbone is working since I get the user's information).
I then query the Jawbone API with HTTParty with the user token given to me after the user logs in via Jawbone, but I get the following error:
{"meta"=>{"code"=>401, "error_detail"=>"You must be logged in to perform that action", "error_type"=>"authentication_error", "message"=>"Unauthorized"}, "data"=>{}}
The code I'm using to query the Jawbone API is:
token = current_user.token
#result = HTTParty.get('https://jawbone.com/nudge/api/v.1.0/users/#me/moves',
:headers => { "Authorization: Bearer" => "#{token}"}
)
I've been searching on the Jawbone API documentation, but can't seem to find an answer. On the Jawbone documentation it says an authentication error means "The request requires an authenticated user and no user was logged in." So does logging in via OAuth not actually log them in even though I now have a token?
Thanks for the help! I've been struggling with this.

For those that are struggling, it's not
{ "Authorization: Bearer" => "{{token}}" }
The correct header is
{ "Authorization" => "Bearer {{token}}" }
Here is a working code.

You can try this { "Authorization: Bearer " => "#{token}"}.
I have added an extra space after Bearer. I had a problem like this and I had to put an extra space. One more thing you should use the updated api which is: "https://jawbone.com/nudge/api/v.1.1/users/#me/moves"