I am just getting started with using AWS inside an iOS app, as a server backend.
After following the documentation here, I am now hitting this issue, having the message below in the debugger:
CognitoIdentityCredentials is not authorized to perform: dynamodb:ListTables on resource: *
Searching the net has driven me to a number of posts, but none of them has been clear enough to help me solve the problem.
You don't grant permissions to the role that Cognito assumes. See "Set Permissions" of this guide http://docs.aws.amazon.com/mobile/sdkforios/developerguide/dynamodb_om.html. Learn more about IAM roles here http://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html.
Related
I am follow the tutorial that Microsoft has provided for signing a user into a desktop application using Microsoft Identity Platform and calling ASP.NET Core Web API which calls Microsoft Graph. I believe I followed all of the steps, configuring my service and client per instructions. https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph
However upon trying to add a new "to-do", I get the following error: "Bad Request: An error occurred while calling the downstream API Code:InvalidAuthenticationToken
Message: Invalid x5t claim "
The error occurs on this call:
User user = _graphServiceClient.Me.Request().GetAsync().GetAwaiter().GetResult();
Any idea what the issue might be and how I troubleshoot?
Update: I am in the middle of troubleshooting this now with an admin. I am not getting roles back but he is and we now both agree the issue is on the azure application configuration, not the code... frustrating, but we are at least making progress.
Would you please try pasting the token into jwt.ms to decode it and inspect the claims?
I got a similar error due to a lack of access. Changing Delegated and Application Permission for Users solved the issue. You can try that.
my mailer can't work because of this error. I can't understannd why. I use G-suite for my email.
Thanks very much for your help !
I had the same problem, recently Google really blocked the access to less secure apps.
But, you could resolve it turning on the 2 steps verification log in, and then the option app password should be allowed. this feature was created to applications that cant' make the 2 steps verification. Google will register a diferent password to be only accessed from this app.
https://www.google.com/settings/security
https://support.google.com/accounts/answer/185833?hl=pt-BR
Reason: Google was blocking access from unknown location (app in production)
Solution: go to following link and turn on https://www.google.com/settings/security/lesssecureapps
Does this link work?
https://appcenter.intuit.com/Playground/OAuth/IA
I am trying to get my QB online token secret required for working with a ruby gem. I have a valid QB account and I have entered my app's consumer key & secret. All I am trying to do is follow the instructions required to get the example app working from
https://github.com/minimul/qbo_api
Every time I click on the Connect to Quickbooks button, I just get an error message.
Oops! An error has occurred.
Please close this window and try again.
Error Code: no_access_to_this_field
Message: Team Intuit IA Application not allowed to get access to QuickBooks
I have changed the urls in my app and I still cannot get past the error message. I am at a loss since this seems to be a very basic step to start working with the gem. Please tell me the newbie mistake I am making.
Is there any other SDK I need to install? I do not have a Desktop version...just the online version.
So if anyone here happens to not figure out this answer already, its because I set the "Access Token Duration:" option on the Intuit Playground to 120 seconds...the default option.
I changed it to 1200 seconds by mistake, and the login works just fine now! I don't understand why that works, so if someone could answer that I could understand it better!
Thanks #William Lorfing
This can happen if you are using the playground to generate Oauth tokens for either QuickBooks or Payments access and you are not setting the correct data source.
See the answer here: https://intuitdeveloper.lc.intuit.com/questions/1247785
regards
Jarred
We are using the google API library (objective-c) to try and access YouTube data. I have created an iOS key from Google Console, limited it to a specific bundle id and enabled it. Requests are failing with the error below. I know that it is a known issue while using bundle identifier to generate the key, but want to confirm if this issue still persists or it is resolved now and expected to work?
I tried experimenting from my side and came to the conclusion that it is still an issue. But just want to confirm if anyone tried recently and succeeded or have any workaround for this issue.Just want to ensure an extra security measure if it is resolved by now.
Error Domain=com.google.GTLJSONRPCErrorDomain Code=403 "The operation
couldn’t be completed. (Access Not Configured. Please use Google
Developers Console to activate the API for your project.)"
UserInfo=0xa3aa0e0 {error=Access Not Configured. Please use Google
Developers Console to activate the API for your project.,
GTLStructuredError=GTLErrorObject 0x8a74630: {message:"Access Not
Configured. Please use Google Developers Console to activate the API
for your project." code:403 data:1},
NSLocalizedFailureReason=(Access Not Configured. Please use Google
Developers Console to activate the API for your project.)}
Issues previously discussed:
Access not configured YouTube API
Access Not Configured Error, Even Though Access is Configured
I am trying to run the sample Google Apps Script Service Account OAuth example taken from here:
https://github.com/googlesamples/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs and keep getting a server timed-out error. I copied the exact code and just substituted in the private key, client email, and a user email. The example code looks to be current as there was an update to it on July 30th.
I have authorized https://www.googleapis.com/drive/v2/files through the admin console as well as https://accounts.google.com/o/oauth2/token and have listed these as scopes in the admin settings (and domain-wide delegation is enabled). I am using an admin account to run the script.
I keep getting the ubiquitious "Server Timed Out" error and nothing shows up in the Execution Logs.
What might be the problem? Any help would be appreciated. Thanks in advance.
Thanks, Gerardo, for pointing me in the right direction. It turned out that our organization manages permissions for the Google Developer's Console by Organizations (in the Google Admin console). Somehow a few accounts, including mine, were kicked out of the Organization that had permissions to access the Developer's Console. After adding myself back in, the sample worked without problems.