I followed all process to get access_token on linkedin to get company API.
Query i fired:https://api.linkedin.com/v1/companies/company_id/updates?oauth2_access_token=generated access token&format=xml&event-type=status-update&count=5 and its giving error as:
4031437462043823R8LEL3EUI20Member yy does not have permission to get company xx
Note:User has been given admin rights on company page.
Related
I've been using Microsoft Graph to try to update the profile photo of a guest user. I've tried using postman and our own front-end and always end up with the following exception:
Code: ErrorInsufficientPermissionsInAccessToken
Message: Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.
Inner error:
AdditionalData:
I am, however, able to successfully retrieve the guest user's photo with a GET on both: users/{userid}/photo/$value and me/photo/$value, but unable to update it using a PUT or PATCH request on either of the URLs on both /beta/ and /v1.0/.
The request has the following scopes defined:
"scp": "AllSites.Read Calendars.Read Calendars.ReadWrite Calendars.ReadWrite.Shared Contacts.Read Directory.AccessAsUser.All EWS.AccessAsUser.All Files.Read.All Group.Read.All Group.ReadWrite.All Mail.Read Mail.Send MailboxSettings.Read MyFiles.Read Notes.Read Notifications.ReadWrite.CreatedByApp openid People.Read People.Read.All Place.Read.All Presence.Read.All profile Sites.Read.All Sites.Search.All Tasks.ReadWrite TermStore.Read.All User.Read User.Read.All User.ReadWrite UserActivity.ReadWrite.CreatedByApp UserNotification.ReadWrite.CreatedByApp"
Note the: User.ReadWrite as specified in the docs: profilephoto-update
I am specifically using the Id as opposed to the UserPrincipleName, so specifically: /users/{id}/photo/$value,
but I get the error on both of them regardless. I am making the PUT request as follows:
var photoBytes = Convert.FromBase64String(photoData);
var stream = new MemoryStream(photoBytes);
var graphServiceClient = new GraphProvider(graphToken).GraphServiceClient;
return graphServiceClient.Users[userId].Photo.Content
.Request()
.PutAsync(stream);
I am able to change the profile photo of a non-guest user, but I'm unable to do so with a guest user. Is it possible that there is an issue with Microsoft.Graph itself or am I missing something.
Thanks for reaching out to us , could you please try to add User.ReadWrite.All permission and retry again .
Thanks
is there a way to add an external member to the group [not the guest user who is part of the ADD]
the graph api seems to accept only the ADDconversation member ,
is it possible to add an external user ?
You need to invite them first, you can do so via the Azure AD (preview) module:
To send an invitation to your test email account, run the following PowerShell command (replace "John Doe" and john#contoso.com with your test email account name and email address):
New-MgInvitation -InvitedUserDisplayName "John Doe" -InvitedUserEmailAddress John#contoso.com -InviteRedirectUrl "https://myapplications.microsoft.com" -SendInvitationMessage:$true
The command sends an invitation to the email address specified.
Ref: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-invite-powershell
Or the corresponding Graph API endpoint:
POST https://graph.microsoft.com/v1.0/invitations
Content-type: application/json
{
"invitedUserEmailAddress": "admin#fabrikam.com",
"inviteRedirectUrl": "https://myapp.contoso.com"
}
Ref: https://learn.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=http
I want to build a web application. Clients can use the web application to read their google Adwrods accounts information( campagins or budgets ).
First, I use oath2 get client's refresh_token and access_token.
Using the refresh_token, I can get all adwords id under the client by (https://github.com/googleads/google-ads-ruby)
client = Google::Ads::GoogleAds::GoogleAdsClient.new do |config|
config.client_id = "client_id"
config.client_secret = "client_secret"
config.refresh_token = "refresh_token"
config.login_customer_id = "XXX-XXX-XXXX"
config.developer_token = "XXXXXXXXXXXXXXXX"
end
accessible_customers = client.service.customer.list_accessible_customers().resource_names
When I want to get client Adword account information,
resource_name = client.path.customer("XXXXXXXX")
customer = client.service.customer.get_customer(resource_name: resource_name)
I get "GRPC::Unauthenticated: 16:Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential", but the config file can't let me set access_token.
So, where can i set client's access_token, or which step i missed?
The error is telling you that client has not been set up correctly. It could be a bunch of issues from Google account to wrong information. I would check and make sure all the info you are passing in Google::Ads::GoogleAds::GoogleAdsClient.new is correct.
Also, you only need to pass 'login_customer_id' for manager accounts only, it doesn't sound like you are a manager account.
From https://github.com/googleads/google-ads-ruby/blob/master/google_ads_config.rb
# Required for manager accounts only: Specify the login customer ID used to
# authenticate API calls. This will be the customer ID of the authenticated
# manager account. If you need to use different values for this field, then
# make sure fetch a new copy of the service after each time you change the
# value.
# c.login_customer_id = 'INSERT_LOGIN_CUSTOMER_ID_HERE'
I have a requirement that I want to list all the accounts and then write all the credentials in my ~/.aws/credentials file. Fir this I am using boto3 in the following way
import boto3
client = boto3.client('organizations')
response = client.list_accounts(
NextToken='string',
MaxResults=123
)
print(response)
This fails with the following error
botocore.exceptions.ClientError: An error occurred (ExpiredTokenException) when calling the ListAccounts operation: The security token included in the request is expired
The question is , which token is it looking at? And if I want information about all accounts what credentials should I be using in the credentials file or the config file?
You can use boto3 paginators and pages.
Get an organizations object by using an aws configuration profile in the master account:
session = boto3.session.Session(profile_name=master_acct)
client = session.client('sts')
org = session.client('organizations')
Then use the org object to get a paginator.
paginator = org.get_paginator('list_accounts')
page_iterator = paginator.paginate()
Then iterate through every page of accounts.
for page in page_iterator:
for acct in page['Accounts']:
print(acct) # print the account
I'm not sure what you mean about "getting credentials". You can't get someone else's credentials. What you can do is list users, and if you want then list their access keys. That would require you to assume a role in each of the member accounts.
From within the above section, you are already inside a for-loop of each member account. You could do something like this:
id = acct['Id']
role_info = {
'RoleArn': f'arn:aws:iam::{id}:role/OrganizationAccountAccessRole',
'RoleSessionName': id
}
credentials = client.assume_role(**role_info)
member_session = boto3.session.Session(
aws_access_key_id=credentials['Credentials']['AccessKeyId'],
aws_secret_access_key=credentials['Credentials']['SecretAccessKey'],
aws_session_token=credentials['Credentials']['SessionToken'],
region_name='us-east-1'
)
However please note, that the role specified OrganizationAccountAccessRole needs to actually be present in every account, and your user in the master account needs to have the privileges to assume this role.
Once your prerequisites are setup, you will be iterating through every account, and in each account using member_session to access boto3 resources in that account.
Hello we are attempting to invite people (assign permissions for driveItems), that are members of the directory (tenant) using their IDs as returned by the /users endpoint. But unfortunately this results in the following error: One of the provided recipients could not be found.
The body of a request:
{'recipients': [{'objectId': u'21509bcb-d48c-4d66-8222-9da2c5ed2f7c'}],
'requireSignIn': True,
'roles': ['read'],
'sendInvitation': True}
The response:
{u'error': {u'code': u'itemNotFound',
u'innerError': {u'date': u'2018-03-09T02:42:46',
u'request-id': u'a0f919f2-02f6-4a95-ac60-18b8a3522ba2'},
u'message': u'One of the provided recipients could not be found'}
Using a users email works but the weird thing about that is, when we retrieve the driveItem's permissions after the invite the permission for that user doesn't contain the email BUT the ID with which we tried initially to invite him (and that fails).
Are the IDs, that must be specified for objectId, different or is this an internal issues?