I've been reading about the Proximity Beacon API and running through the tutorial.
This part of the tutorial makes use the OAuth 2.0 Playground. I believe I've followed the tutorial as described but when I get to step 3 and press send, I got HTTP/1.1 403 Forbidden error
HTTP/1.1 403 Forbidden
Content-length: 104
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
X-goog-trace-id: 289418dcecc335c0fefb7456f402b0b5
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: ESF
-content-encoding: gzip
Cache-control: private
Date: Fri, 02 Jun 2017 07:28:32 GMT
X-frame-options: SAMEORIGIN
Alt-svc: quic=":443"; ma=2592000; v="38,37,36,35"
Content-type: application/json; charset=UTF-8
{
"error": {
"status": "PERMISSION_DENIED",
"message": "Unauthorized.",
"code": 403
}
}
In my google developers console I have the Google Proximity Beacon API enabled.
When Iam sending the request , iam getting the above type of error.
I must have missed something, but I'm not seeing it. Could anyone advise?
Regards,
Rajashekar
Related
Sometimes Microsoft Graph's One Drive Content API does not return HTTP status 302, but HTTP Status 200.
Occurs occasionally from 8/26.
GET https://graph.microsoft.com/v1.0/drives/{drive-id}/root:/{file-name}.xlsx:/content HTTP/1.1
SdkVersion: Graph-dotnet-1.4.0
Authorization: bearer {token}
Cache-Control: no-store, no-cache
Host: graph.microsoft.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 28 Aug 2020 03:20:43 GMT
Cache-Control: no-cache
Location: https://{tenant-name}-my.sharepoint.com/personal/{user-name}_onmicrosoft_com/_layouts/15/download.aspx?UniqueId={unique-id}&Translate=false&tempauth={tempauth}&ApiVersion=2.1
Strict-Transport-Security: max-age=31536000
request-id: {request-id}
client-request-id: {client-request-id}
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Japan East","Slice":"E","Ring":"2","ScaleUnit":"000","RoleInstance":"TY1PEPF00000CC9"}}
Content-Length: 0
Can anyone solve the way I can generate akamai streaming token from the browser when the android app is not available?
I get this string from the app :
<--
POST /api/tibo324/getakamaitoken HTTP/1.1
Content-Length: 328
Content-Type: application/x-www-form-urlencoded
Host: tibodrm.appspot.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
<--
auth=84Kwfr741QQv%252BnUMXtW%252FcbZ6aWNQKN0mCAVccmjo%252FXaf6PaB2pz7j3QqAlxHaj%252Fut%252Bu3vSzDt8NO%250AKqNBIgM7ckBedzNMkGOBRtlFfi3gAUuUzYvFN7U9ClHQKKWtfL%252F%252FyB2o1qyvGc2tY8i8lud%252F3tqg%250AhyjUvUD3Bib11V9aQqx8JOBslArMz%252FUaXLR0skPUETIeQatFmGmhFoyuyPhgbg%253D%253D%250A&AppID=v%252B10zWNKL8RJ8SY6LUSZXg%253D%253D%250A
-->
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Dec 2017 22:24:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 118
Vary: Accept-Encoding
X-Powered-By: Express
ETag: W/"76-zi4HHRQAuAUejh/FF9M5ZFJtPek"
Via: 1.1 google
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
-->
?__token__=ip=00.000.00.000~exp=1514332929~acl=*~hmac=e9afdfe9f6b41c0ca14a16bc60a11253aecd432243789144c1ebaa70f23c615e
When I try to fetch the following URL:
https://tibodrm.appspot.com/api/tibo324/getakamaitoken?auth=84Kwfr741QQv%2BnUMXtW%2FcbZ6aWNQKN0mCAVccmjo%2FXaf6PaB2pz7j3QqAlxHaj%2FuFjEcIocduH6Z%0Awc5ZzKaqnmHhinePCNCcvQfh68bi2UvbZq04lBalY0job9%2FyVeuV1kh4hzWnP8sVuRozO27rFhSY%0AmDB8ck%2FuN0SqKEoxzycGUGhaZy3bjy88%2BhhwEMQknGNJ2j2JdMIHMT0AcLTFoQ%3D%3D%0A&AppID=v%2B10zWNKL8RJ8SY6LUSZXg%3D%3D%0A
I get a response in the browser:
Cannot GET /api/tibo324/getakamaitoken
What am I missing?
The answer is in your question: you can't GET the URL because it's accessed via POST only. And it looks like the POST requires an authentication string that's generated via the app. Making a POST without any data returns a descriptive error string:
$ http POST https://tibodrm.appspot.com/api/tibo324/getakamaitoken
HTTP/1.1 200 OK
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Wed, 27 Dec 2017 21:44:19 GMT
ETag: W/"31-zIZow+wVfq5Z3stS2NUNRdvP0go"
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 google
X-Powered-By: Express
{
"description": "no token at all",
"isValid": false
}
The inability to access the token generator through unauthenticated web calls is usually by design as the token is a protective tool Akamai provides customers to prevent access to content outside of the content provider's control.
In short, the content provider you're looking at doesn't want you to access their video outside of their application. If the application isn't able to access the video then you should reach out to the content provider to get that issue fixed rather than trying to circumvent their security scheme.
I want to call /search method of Google cloud print from my webServer.
I am using OAuth web server guide obtaining a refresh_token/access_token to use with scopes:
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
Then I am calling search Api but I am obtaining a 403 forbidden.
Request DefaultHttpRequest(chunked: false)
POST /cloudprint/search HTTP/1.1
Host: www.google.com
Content-Type: text/plain; charset=utf-8
Authorization: OAuth yb29.1.AADtN_U9PYyVhGpcS-8MpFhfGVbT4KsZKEoIX2HGePwoNXypjrSwVsS0pGzmaqhktfGBAQ
Connection: keep-alive
Accept: */*
User-Agent: NING/1.0
Content-Length: 0
Response DefaultHttpResponse(chunked: true)
HTTP/1.1 403 Forbidden
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Tue, 03 Dec 2013 17:05:09 GMT
Set-Cookie: NID=67=MQJFdl-YkMdz875n1J2yVNmeUeAvsjVtDGlNvGkNLZdNTHX3YbnStNx9Vg_MiRsmht6hj3XrwJcPJEQeFLlnYKqt2Of1xHJ5HDwNJgOB3svOdnN-JRFcPxYt4AU10eSM;Domain=.google.com;Path=/;Expires=Wed, 04-Jun-2014 17:05:09 GMT;HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked
Is the scope correct?
What am I doing wrong?
Your scopes are wrong. The correct scope is https://www.googleapis.com/auth/cloudprint
I think this related to your HTTP Header 'Authorization'.
When playing at https://developers.google.com/oauthplayground/, I see the generated requests use 'Authorization: Bearer your-token', instead of 'Authorization: OAuth your-token'.
I'm having an issue playing with the Document List API on the OAuth 2.0 Playground. All the other APIs work except for this one. The request is being sent from the playground as:
GET /feeds/default/private/full/ HTTP/1.1
Host: docs.google.com
Content-length: 0
Authorization: OAuth <the oAuth string generated>
And the response is coming back as:
HTTP/1.1 400 Bad Request
status: 400
content-length: 19
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expires: Tue, 29 May 2012 17:11:47 GMT
x-google-cache-control: remote-fetch
server: GSE
via: HTTP/1.1 GWA
cache-control: private, max-age=0
date: Tue, 29 May 2012 17:11:47 GMT
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
-content-encoding: gzip
Invalid request URI
Is the API simply deprecated because of Google Drive or is there something else I'm doing wrong?
You have to send requests to version 3 of the API, by either adding the ?v=3 query parameter to the URI or sending the GData-Version: 3.0 header.
I'm trying to use Google's OAuth in my system. I've successfully integrated Twitter and LinkedIn but i'm having hard times with Google.
I already have the consumer key, consumer secret and a valid access token. Using the G's OAuth playground I make a call to a protected resource (https://mail.google.com/mail/feed/atom). I've generated the token using this scope.
Using the authorization data in the HTTP header:
GET /mail/feed/atom HTTP/1.1
Host: mail.google.com
Accept: */*
Authorization: OAuth oauth_version="1.0", oauth_nonce="nounce", oauth_timestamp="1314727855", oauth_consumer_key="myconsumerkey", oauth_token="myvalidtoken", oauth_signature_method="HMAC-SHA1", oauth_signature="signature"
Content-Type: application/atom+xml
GData-Version: 2.0
The response I get from this is a valid HTTP call:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=UTF-8
Set-Cookie: S=gmail=yp_A23KtGOD9:gmproxy=PxCjSERnJWBbe; Path=/mail; Secure
Date: Tue, 30 Aug 2011 18:10:55 GMT
Expires: Tue, 30 Aug 2011 18:10:55 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 353
Server: GSE
<XML response here>
But, (and here comes the error), using the same access token but sending it in the URL as param (https://mail.google.com/mail/feed/atom?oauth_token=myvalidtoken):
GET /mail/feed/atom?oauth_version=1.0&oauth_nonce=nonce&oauth_timestamp=1314729533&oauth_consumer_key=myconsumerkey&access_token=myvalidtoken&oauth_token=oauthtoken&oauth_signature_method=HMAC-SHA1&oauth_signature=signature HTTP/1.1
Host: mail.google.com
Accept: */*
Content-Type: application/atom+xml
GData-Version: 2.0
I get an 401 error:
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=UTF-8
WWW-Authenticate: BASIC realm="New mail feed"
Content-Length: 147
Date: Tue, 30 Aug 2011 18:38:53 GMT
Expires: Tue, 30 Aug 2011 18:38:53 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
<HTML about my 401>
EDIT
I saw this example and I tried to use anonymous as consumer key and consumer secret. Now it works... but I need to show to the user the project's name declared in the Google's app registration page. I think i'm not using the correct consumer key and consumer secret.
Any clues on this will be appreciated. :)
Thanks in advance
https://www.rfc-editor.org/rfc/rfc5849#section-3.5.3
In OAuth 1.0, the parameter name is oauth_token not access_token...