I am trying to read a worksheet from my google drive, so after a lot of searching and reading (and importing jar files) i managed to get this without any errors. The problem is that i cant get the client Secret that i need. Everybody on the web says that it is on the json file or at the google's developer console when i created the id, but it is not.
My json file is like this
{
"private_key_id": ".....",
"private_key": "-----BEGIN PRIVATE KEY-----......\n-----END PRIVATE KEY-----\n",
"client_email": "xxxx#developer.gserviceaccount.com",
"client_id": "xxxx.apps.googleusercontent.com",
"type": "service_account"
}
Thanks
It turns out that I had to choose Installed Application instead of Service Account. With that option the client secret was created.
Related
if I have a service account set up and am initializing the app in a firebase function with the service account credentials to do some database maintenance work, how can I restrict the rules in the database so that only the service account is able to access that path in the database, how can I go about it?
The only available options in the auth object appear to be token, uid, and provider.
The only fields available in the service account json file are:
{
"type": "service_account",
"project_id":
"private_key_id":
"private_key":
"client_email":
"client_id":
"auth_uri":
"token_uri"
"auth_provider_x509_cert_url"
"client_x509_cert_url"
}
Service accounts always bypass all security rules. It's not possible to write any security rules that limit the permissions of a backend SDK initialized with a service account.
I need to get OAuth2 Access Token from Azure Active Directory. For this, I am using certificate based method. I have uploaded .crt file to Azure AD and got the certificate thumbprint from the Azure AD UI.
Now I am generating JWT token from JWT.io and trying it using postman. But I always get the following error:
"AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client"
I am not sure what could be causing this. In JWT.io I am entering Base64 encoded thumbprint of public certificate (which I uploaded on Azure AD) as x5t parameter. This thumbprint I got from Azure portal UI as mentioned above.
In JWT.io I am entering public (crt) and private (key) certificates under "Verify Signature" and can see that the signature has matched.
Please let me know if anyone has any idea about this.
As far as I know, this error is usually caused by the fact that you did not encode the thumbprint correctly. After you obtain the thumbprint, please check your code to ensure that it is properly Base64 encoded.
Check the format of your JWT token at https://jwt.io/, you can refer to this and certificate credentials:
Header
{
"alg": "RS256",
"typ": "JWT",
"x5t": "<Base64 Thumbprint>"
}
Payload
{
"iss": "<clientid>",
"sub": "<clientid>",
"exp": 1570838377 (expiration time),
"jti": "<random unique identifier>",
"aud": "https://<token-endpoint>"
}
Drop your private key in to the bottom verify-er which will sign your JWT in the "Encoded" window.
I found some cases for your reference, I hope it can help you:
https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/320069/authentication-to-dynamics-365-using-azure-apps
and
https://github.com/AzureAD/passport-azure-ad/issues/453
I wanted to share with you that I get this exact same error if I request an access token using a new certificate, right after I just added the new certificate to my AAD app via MS Graph (/addKey). If I immediately try again without changing anything, it is successful. It doesn't seem to matter how long I wait before the 1st try, it's like it needs to fail once before the new cert is ready for use. If I upload certs in the GUI, the issue never surfaces.
I know it's not the same issue you're having, but it's worth knowing what else AAD will give this exact error message for.
I am trying to issue a POST request towards the google calendar api, but I fail to understand how to authenticate it.
I took the following steps to try and use a service account to do so:
I've enabled the the calendar api in the Google Cloud console
I've created a new service account, enabled G Suite Domain-wide Delegation, and downloaded the provided key.
I've added the service account email to the calendar to be able to make changes and create events.
I've tried to create a POST request to https://www.googleapis.com/calendar/v3/calendars/calendarId/events with the contents of the JSON key as the value of the Authorization header, but I receive the following error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
Am I missing some steps or have I do not understand correctly the authentication process?
I would appreciate your help.
Its not simply a matter of applying the contents of the key file to your call, all google apis need an access token in order to authenticate them.
To get an access token from a service account you need to follow the following steps. Preparing to make an authorized API call
There are steps you will need to complete inorder to get the access token you will need to make a call to the api
After you obtain the client ID and private key from the API Console, your application needs to complete the following steps:
Create a JSON Web Token (JWT, pronounced, "jot") which includes a header, a claim set, and a signature.
Request an access token from the Google OAuth 2.0 Authorization Server.
Handle the JSON response that the Authorization Server returns.
I recommend you pick your favorite server sided programming language and find a client library for it. It will make things much easier then you trying to authncate using a service account by yourself.
When I try to access Rounaz Cricket API, server send me back
{
"data": null,
"status": false,
"status_code": 403,
"status_msg": "AccessDenied",
"version": "2.0.2"
}
I get access key from my app and hit auth api and get access token
my API is:
https://rest.cricketapi.com/rest/v3/players_list/?access_token=xxxx&board=india&competition=international-t20&year=2018
The response would indicate an issue with your access token. Perhaps it has expired, or there is another issue with your account.
Presumably this is the documentation you used to generate the access token?
https://www.cricketapi.com/docs/Core-API/Auth-API/
I would try to generate a new access token, although if that continues to fail, the cricketapi.com support might be a better place to obtain a solution. Especially if its account related.
I'm creating a web app in MVC c# where you can login using your AD account and read secrets. The problem is that there are lots of Key Vaults - each with specific permissions. I've managed to do this with one particular vault and list the secrets in the vault using the vault URL using an AD login.
I would like to be able to list the vaults that the user has access too. I understand this is very easy to do in Powershell but I cannot find out how to do this in C#.
Is there a way to do this? Thanks!
As far as I know, there is no such REST we can get all the key vaults across the different subscription at present.
As a workaround, we need to list Key Vault under all the subscriptions and resource group. And check the accessPolicies to see whether the Key Vault is accessible.
For example an accessPolicie likes below, we can check whether users' object match the objectId in accessPolicie.
{
"tenantId": "",
"objectId": "",
"permissions": {
"keys": [],
"secrets": [
"Get"
],
"certificates": []
}
},
To list Key Vault under all the subscriptions and resource group you can refer the REST below:
GET: https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.KeyVault/vaults?api-version=2015-06-01
authorization: bearer {access_token}
And if you have any idea or feedback about Azure, you can submit them from here.