I am struggling to get oauth2 working between postman and the Google Apps Admin Sdk. I have created a client app in the google console and set the Authorized redirect URIs to https://www.getpostman.com/oauth2/callback and my settings in postman are as follows
Auth URL - https://accounts.google.com/o/oauth2/v2/auth
Access Token URL - https://www.googleapis.com/oauth2/v4/token
Client Id - some id here
Client Secrent - some secret here
Scope - https://www.googleapis.com/auth/admin.directory.user.readonly
Token Name - Google
Grant Type - Authorization Code
Request Access Token Locally - Checked
This returns a token - xyz - after logging in.
I do a GET request with the token in the url
https://www.googleapis.com/admin/directory/v1/users?key=xyz
The error I am getting is below
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
From what I have read this should work. Where else do I have to login? What am I doing wrong?
After playing around I figured out my url was incorrect. Changing key to access_token did the trick.
Just a side note, ensure you specify the domain or customer parameter otherwise you will receive a bad request error.
Related
I'm trying to to a request to the Google Calendar API using Postman. Following this Google documentation:
https://developers.google.com/calendar/v3/reference/?apix=true
I'm doing a:
GET https://www.googleapis.com/calendar/v3/calendars/{my_calendar_id_here}
On the Postman Authorization tab i'm specifying that i want to use OAuth 2.0 and i also put my access token (which i use to make Calendar API calls from code, works fine). However, Postman responds with the following body:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED"
}
}
I really don't understand what i'm doing wrong, and other answers don't seem to target my particular scenario. I'd be grateful if someone could point out what am i doing wrong.
I would recommend replicating the request in Google's OAuth 2.0 Playground. Then using the confirmed to be working access token to troubleshoot Postman.
For Postman you could also pass the access token as a request header and if that resolves the issue.
Postman Headers Tab Input:
| Key | Value |
|---------------|-----------------------|
| Authorization | Bearer {access_token} |
I have already managed to add some posts to my blog using google api and oauth and ran into some problems. I have tried for days - or weeks - to find the best question to ask and I believe I have isolated the problem. Apparently the secret key only works only for one hour. but after an hour at this line:
$service->blogs->getByUrl("theurlofmyblog.blogspot.com");
I get this error:
Google_Service_Exception in REST.php line 118:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
Some of the experts on forums have suggested that one must go to this address https://developers.google.com/oauthplayground/ and get a referesh token. But nobody has mentioned that how should we use that token. Do I put it inside the json file? There must be something like this - don't laugh please, this is supposed to be a suedo code -:
if(the key is expired)
use my referesh key and get me another key
Any experience?
As described in Google’s OAuth 2.0 documentation, you should receive a refresh token during the authentication flow. You should store that token someplace, then use it to get a new access token when necessary.
The exact procedure to exchange a refresh token for a new access token will depend on what OAuth client library you are using. In Signet (Google’s OAuth library for Ruby), for example, it’s done as part of fetch_access_token.
I want to add user in circle. I have retrieved access_token as described in Using OAuth 2.0 to Access Google APIs with scopes :
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.circles.read
https://www.googleapis.com/auth/plus.circles.write
https://www.googleapis.com/auth/plus.stream.write
Then i am calling HTTP request as described in Circles: addPeople
https://www.googleapis.com/plusDomains/v1/circles/<circleId>/people?userId=<userID>
but in response i am getting -
{
"error": {
"errors": [
{
"domain": "plusDomains",
"reason": "forbiddenScope",
"message": "Access to the Google+ Domains API is not allowed as the user has consented to incompatible scopes. See: https://developers.google.com/+/domains/authentication/."
}
],
"code": 403,
"message": "Access to the Google+ Domains API is not allowed as the user has consented to incompatible scopes. See: https://developers.google.com/+/domains/authentication/."
}
}
I have enabled Google+ API, Google+ Domains API in project's API's & Auth section.
Thanks in advance!
I'm working on a scripts that checks if the user is already subscribed to my channel. The idea is to get all the channels the user had subscribed into then check if my channel id is one of them. First I get the access token correctly using POST and it works fine than send these as GET but the result is "failed to open stream: HTTP request failed! HTTP/1.0 403 Forbidden false". Doc page: https://developers.google.com/youtube/v3/docs/subscriptions/list#request_url
$data =file_get_contents('https://www.googleapis.com/youtube/v3/subscriptions?part=snippet
&maxResults=50&access_token='.$token.'&mine=true&key=My API Key');
var_export($data);
and pasting the full url
https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true&access_token={Access_Token}
I get this
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Add a heaer:
Authorization: Bearer ya29.DwG_A_V6cybZ2KGqRwPMBF02w0sYw9msqSKoCBI53So0zzIHFRKlwEv68C4aI_NdadQ4wKHUrV2pBA
key is your client id
Google restricts access with API keys. If you go over the free limits, they charge you. You need to get a Google API key and add it to the URL like this: &key=YOUR_API_KEY
Create the API key from Google's console (you'll need to sign up and create a project): https://console.cloud.google.com/apis/credentials
Your new URL for the request would be:
https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true&access_token={Access_Token}&key=YOUR_API_KEY
I was having this error, and I solved it when I found out I needed to add the Youtube scope to my OAuth sign-in request: "https://www.googleapis.com/auth/youtube"
I have OAuth login in my app. After that I have access_token.
I check token in google token info service:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<access_token>
And It returns:
{
"issued_to": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"audience": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit https://www.googleapis.com/auth/admin.directory.user",
"expires_in": 3299,
"access_type": "online"
}
As you can see I have admin user directory permission.
Then I send GET request for getting information about user
curl -X GET https://www.googleapis.com/admin/directory/v1/users/test_user#test.com?access_token=<access_token>
And google returned me right user information. After that I decided to get list of users.
curl -X GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<access_token>
And google returned me:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
But I don't understand why google returned me so error.
Could you please help me with this problem?
Thanks.
There are two solutions here.
1.This is the simple one. Put the URL params in quotes. This should do the trick - (fake access token used)
curl "https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI"
You don't need to pass in -X GET as that is the default.
2.In general it is bad practice to send the access_token in the URL as this URL may get logged somewhere along the way for innocuous reasons. You can also do this through HTTP Header of Authorization -
curl -H "Authorization: Bearer asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer