Develop Reference

Google Calendar API - can't get resources via service account

how can I exactly get google calendar resource list through service account?
Google docs (https://developers.google.com/admin-sdk/directory/reference/rest/v1/resources.calendars/list) states I need to send such request:
https://admin.googleapis.com/admin/directory/v1/customer/[CUSTOMER]/resources/calendars?key=[YOUR_API_KEY] HTTP/1.1 with header Authorization: Bearer [YOUR_ACCESS_TOKEN]
When I use Google API Explorer, then it asks me to login by my admin account and then returns list of resources. However when I try to do it manually, then I'm still getting Not Authorized to access this resource/api error.
I created service account, downloaded json file and then I'm trying this:
scope = 'https://apps-apis.google.com/a/feeds/calendar/resource/'
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(json_key_io: File.open('path-to-service-account.json'), scope: scope)
authorizer.fetch_access_token!
Afterwards response looks like this:
{"access_token"=>"ya29.c.Kp8BFggA7me9IxxxxxxxxxxxxBGVdd0ezOTZqRMze7YH...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................", "expires_in"=>3599, "token_type"=>"Bearer"}
Not sure if I should use access_token with all those dots. However then I'm trying to do this GET request:
https://admin.googleapis.com/admin/directory/v1/customer/[CUSTOMER]/resources/calendars?key=[YOUR_API_KEY] HTTP/1.1
I set CUSTOMER as a short string like Cxxxxxx2x (found in console), but then I have a problem with key and Authorization.
Should key be value found in Google Console > Service Accounts > Service Account Key ID (around 40 letters in hex format)?
And then should I set Authorization: Bearer as access_token with or without dots? I found somewhere, that there should be access_token in path but as a jwt (access_token.as_jwt) but it is not working either.
Any ideas what I'm doing wrong when API Explorer works? :)

AADSTS50146 error when attempting to retrieve Oauth access_token

Looking for some AzureAD help with this error -
"error": "invalid_request", "error_description": "AADSTS50146: This
application is required to be configured with an application-specific
signing key.\r\nTrace ID:
6fb978c1-0d74-478c-991c-3ad48ca65f00\r\nCorrelation ID:
81c05804-175c-456b-8d45-d5365818b599\r\nTimestamp: 2019-12-17
19:28:29Z",
I get the error above in one AzureAD env. when trying to do a OAuth2.0 token request. I have another test AzureAD where the same request works fine.
Doing a POST to https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token with clientId, clientSecret and grant_type=client_credentials.
Found this via google - https://github.com/MicrosoftDocs/azure-docs/issues/5394 but wanted to understand how does one go about configuring the "scope" parameter in AzureAD.

You probably have additional/mapped claims.
If you do not want to bother with creating application-specific signing keys,
you need to set "acceptMappedClaims": true in the manifest.
Setting "accessTokenAcceptedVersion": 2 can also help.

The api permissions in Azure AD portal is the value of scope.
You can also expose an API, then you can add your own scope.

How to request access token from Battle.net OAuth with authorization code?

I have a hobby project in mind to use battle.net login. I'm wondering how I can obtain the access token from the API after receiving the authorization code.
This is Oauth flow question rather than a battle.net question.
Currently I can successfully authorize the user for my app which is registered in dev.battle.net and then I try to use the authorization code returned from the battle.net login to obtain the access token by sending a request to https://<region>.battle.net/oauth/token.
However I keep receiving this error:
{
"error": "unauthorized",
"error_description": "An Authentication object was not found in the SecurityContext"
}
I use postman extension to send post requests to that uri. I authenticate my request with my client id and secret. I pass redirect_uri (https://localhost), granty_type (authorization_code), code(the code returned from the previous authorization step). However I keep getting the error above.
I couldn't find much about battle.net online. There are other oauth related help articles but couldn't really find my way.
Wondering if you can help me with this easy stuff. I'm just wondering what I'm skipping here.
Here is the documentation:
https://dev.battle.net/docs/read/oauth
https://localhost is added in my mashery dev account's app settings.

Me again, I resolved this problem after trying almost every combination in the universe:)
Steps to apply:
Don't use the same authorization token for different access token trials, they are not valid
Always use https on every domain you test including localhost, you
redirect_uri must be https as well.
You must use the "basic authentication" in the header of your POST request while requesting the token from the authorization code you obtained from the previous step.
This is one of the most important ones: For requesting token, Pass redirect_uri, client key and secret as POST form parameters to the authenticated request. This is interesting because it's already an authenticated request; why would i need to pass my secret again? Anyways, that's how it works.
Here are the full text:
http://hakanu.net/oauth/2017/01/26/complete-guide-of-battle-net-oauth-api-and-login-button/
This is working prototype:
https://owmatch.me
Thanks.

Getting invalid oauth access token: where is the token I need?

I would like help obtaining/locating the correct access_token value for an API call.
I'm configuring an application that wants to search Facebook using the graph-api search request at https://graph.facebook.com/fql, for which I need an access_token. The application is a backend server so there's no UI and no users.
I registered a new 'app' using the developer pages 'Create a New App' link, so I now have an app at: https://developers.facebook.com/apps/<> and from that I get an 'app secret' token. Digging into the Advanced settings page for the app there is also a Client token.
However using either token results in the following JSON error:
{"error":{"message":"Invalid OAuth access token.","type":"OAuthException","code":190}}
Can anyone point me to where I've gone wrong?
==
The following 'curl' request demonstrates the command working correctly, but it's only usable token-less like this occasionally, so the app needs &access_token=...stuff... adding to the parameters.
$ curl 'https://graph.facebook.com/fql?q=select%20url,%20share_count,%20like_count,%20comment_count,%20click_count,%20total_count%20from%20link_stat%20where%20url%20=%20"http%253A%252F%252Felifesciences.org%252Fcontent%252F2%252Fe01233"'
{"data":[{"url":"http\u00253A\u00252F\u00252Felifesciences.org\u00252Fcontent\u00252F2\u00252Fe01233","share_count":0,"like_count":0,"comment_count":0,"click_count":0,"total_count":0}]}

The 'app secret' and 'Client token' will not work.
What you need is an Access Token, refer to this.

Generating Linkedin Access Token

I have been trying with the simple REST Client as well as the REST Plugin for Mozilla. I am getting
"HTTP/1.1 401 Unauthorized" response with
"{"error":"unauthorized_client","error_description":"the client is not authorized"}" in the body.
I have been successful in getting the auth code, and the below is the POST request for access token, (Scope is r_fullprofile)
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AQTQeBxBzbU2aNWaQM6Ff3Z3bUd8Gyg10W9G2DdqXgWiP0q7-M55c5PLtppP7Ni3Y-6A9C8yDkj9K4VfJ7QkRUFjuV-3AknA5jAahpsFJv3wYfr8XD8&redirect_uri=https://www.google.com&client_id=75wl6j5zndvfkp&client_secret=secret
The redirect_uri=https://www.google.com is the one used for getting auth code as well.
Do we need to perform any URL encoding before making the POST request?
When I log into the linked in to my app, it has the below tokens,
OAuth User Token: c3ae4cee-1b23-xxx-9d2a-206f578dee4d
OAuth User Secret: 76bc48cc-c94f-xxx-bf9d-a663f7003383
I am not sure where it is used. we are using API & secret key to get auth code.
Thanks in Advance.

This is a 2-step process.
First, go to:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=YOUR-API-ID&scope=r_basicprofile&state=STATE&redirect_uri=YOUR-ENCODED-REDIRECT-URI
Then, within 10 secs of receiving the response, go to:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&redirect_uri=YOUR-ENCODED-REDIRECT-URI&client_id=YOUR-API-ID&client_secret=YOUR-API-ID&code=THE-CODE-OBTAINED-IN-FIRST-STEP
The response of the second request will have the actual access token you need to use.

When I followed the two steps I faced an issue where I got an error as
{"errorCode":0,"message":"Access to posting shares denied","requestId":"TYWULO2WPZ","status":403,"timestamp":1497353538016}
So I had to remove the &scope=r_basicprofile since it was preventing reading all the Default Application Permissions

I faced a similar problem and the problem was with the initial authorization code. You should mention the scope=rw_company_admin or whatever it is that you want to authorize to while doing the initial redirect URL call. Something like this -
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=your_client_id&redirect_uri=https%3A%2F%2Fwww.google.com/&state=12345&scope=rw_company_admin%20r_emailaddress%20w_share%20r_basicprofile