I am trying to learn OAuth 2.0 by walking through walking through making Google API call using Firefox 28.0 and REST Client v2.0.3.
I went to the Google Developer OAuth 2.0 Playground site.
I signed in using my Google credentials
Selected "Calendar API v3" .readonly
clicked the "Authorize APIs" button
Then I clicked "Exchage authorization code for tokens" and got the access token ab31.4.CDEfG_HI1JkKMNoPQR5S9tuvW_x2yzabcDEFGhiJklMnOpqRs-T6uvwXyza5BcdEFGHiJK3L
From the Calendar API, I use the URL https://www.googleapis.com/calendar/v3/users/me/calendarList wtih the GET HTTP action
In RESTClient I create a header with the name "Authorization" and set the value ab31.4.CDEfG_HI1JkKMNoPQR5S9tuvW_x2yzabcDEFGhiJklMnOpqRs-T6uvwXyza5BcdEFGHiJK3L to the from "Access token:" box from the OAuth 2.0 Playground.
With an empty Body I click SEND and I get an authorization error (the playground says my token is still valid for another 30 minutes)
The error's header is:
Status Code: 401 Unauthorized
Alternate-Protocol: 443:quic
Cache-Control: private, max-age=0
Content-Encoding: gzip
Content-Length: 162
Content-Type: application/json; charset=UTF-8
Date: Tue, 18 Mar 2014 19:17:35 GMT
Expires: Tue, 18 Mar 2014 19:17:35 GMT
Server: GSE
WWW-Authenticate: Bearer realm="https://www.google.com/accounts/AuthSubRequest"
X-Content-Type-Options: nosniff
X-Firefox-Spdy: 3.1
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
and the body is:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
The header needs to be set to Authorization: Bearer ab31.4.CDEfG_HI1JkKMNoPQR5S9tuvW_x2yzabcDEFGhiJklMnOpqRs-T6uvwXyza5BcdEFGHiJK3L. You need the word "Bearer" preceding the token.
Related
We have a new problem when run this request: https://learn.microsoft.com/en-us/graph/api/channel-get-filesfolder?view=graph-rest-1.0&tabs=http
That is, GET /teams/{id}/channels/{id}/filesFolder
Previously, if a Team Channel was created via the API, it wasn't linked to a folder with files, until a user clicks Files in a Teams client and thus initializes it. And until it was initialized, the request would return Not Found 404.
However, since around February 25, 2021, in case the authenication uses MFA, we now get this error: Value cannot be null. Parameter name: token. But, the Authorization Token is present in the request as we verified with a traffic capture. Once you initialize the folder by clicking Files, the request starts to return valid data.
Is this a bug? Thanks.
GET https://graph.microsoft.com/v1.0/teams/.../channels/.../filesFolder?$select=id,name,webUrl,parentReference HTTP/1.1
Content-Type: application/json
User-Agent: <...>
Authorization: Bearer ...
Host: graph.microsoft.com
Connection: Keep-Alive
HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: application/json
request-id: ...
client-request-id: ...
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"SliceC","Ring":"5","ScaleUnit":"005","RoleInstance":"AGSFE_IN_67"}}
Strict-Transport-Security: max-age=31536000
Date: Mon, 01 Mar 2021 19:38:40 GMT
Content-Length: 310
{
"error": {
"code": "BadRequest",
"message": "Value cannot be null.\r\nParameter name: token",
"innerError": {
"date": "2021-03-01T19:38:41",
"request-id": "...",
"client-request-id": "..."
}
}
}
We have Raised a Bug. We don't have ETA to share when it will be available.
I'm trying to get refresh token which doesn't expire after 24 hours on google oauthplayground but Im getting error as :
{
"error_description": "Unauthorized",
"error": "unauthorized_client"
}
I updated my redirect url in google console with https://developers.google.com/oauthplayground.
I also updated my client id and client secret in configuration setting on google oauth playground.
Some posts mentioned that it would take some time but I had done this 12 hours ago but still getting the error.
Any help would be much appreciated.
Below is complete response :
HTTP/1.1 400 Bad Request
Content-length: 68
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: scaffolding on HTTPServer2
-content-encoding: gzip
Cache-control: private
Date: Sun, 14 Jul 2019 11:35:13 GMT
X-frame-options: SAMEORIGIN
Alt-svc: quic=":443"; ma=2592000; v="46,43,39"
Content-type: application/json; charset=utf-8
{
"error_description": "Bad Request",
"error": "invalid_grant"
}
unauthorized_client
Means that the Client id and or secret you are sending either is invalid (its been deleted) or you copied it wrong from the Google developer console.
Unless you only attend to ever have one user and refresh token for your application you really shouldn't be using developer console to generate tokens. You should do this with your own application.
I am trying to get the same report that I see through their UI by using their API.
When I specify the following metrics and dimensions the query does not work:
Metrics - views, viewerPercentage, estimatedMinutesWatched, averageViewDuration, averageViewPercentage
Dimensions - insightTrafficSourceType
However, if I trim down the metrics to just: views, estimatedMinutesWatched the query works fine.
Here's the response I get in case of error from YouTube API:
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: X-Origin
Content-Type: application/json; charset=UTF-8
Date: Wed, 06 Jan 2016 09:01:17 GMT
Expires: Wed, 06 Jan 2016 09:01:17 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic,p=1
Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25"
Content-Length: 461
{
"error": {
"errors": [
{
"domain": "global",
"reason": "badRequest",
"message": "The query is not supported. Check the documentation at https://developers.google.com/youtube/analytics/v1/available_reports for a list of supported queries."
}
],
"code": 400,
"message": "The query is not supported. Check the documentation at https://developers.google.com/youtube/analytics/v1/available_reports for a list of supported queries."
}
}
I've seen this error before when an invalid filter or dimension was used. I was able to duplicate this issue with the Google API Explorer and the issue went away when I removed the 'viewerPercentage' metric. This is strange since it is shown in YouTube documentation as a supported core metric: https://developers.google.com/youtube/analytics/v1/dimsmets/mets#viewerPercentage. I wasn't able to find anything in regards to it being deprecated, so I'm unsure as to the cause beyond it appearing to be a problem with the Youtube Analytics API.
the problem is fairly simple, I cannot make a very simple request to youtube api video.update without getting a 400 response with a reason 'invalidRequest'. I'am using Youtube API Explorer (https://developers.google.com/youtube/v3/docs/videos/update). The account is authorized. Other API methods such as playlists.update and videos.list works just fine. Please help with this video.update request.
Test request sent:
PUT https://www.googleapis.com/youtube/v3/videos?part=snippet&key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer {AUTH_KEY}
X-JavaScript-User-Agent: Google APIs Explorer
{
"id": "{VIDEO_ID}",
"snippet": {
"title": "title change to test1",
"description": "description change to test"
}
}
Response received:
400 Bad Request
- Hide headers -
cache-control: private, max-age=0
content-encoding: gzip
content-length: 134
content-type: application/json; charset=UTF-8
date: Sun, 26 Jan 2014 18:48:13 GMT
expires: Sun, 26 Jan 2014 18:48:13 GMT
server: GSE
{
"error": {
"errors": [
{
"domain": "youtube.video",
"reason": "invalidRequest",
"message": "Bad Request"
}
],
"code": 400,
"message": "Bad Request"
}
}
Seems like snippet.categoryId property is required and it is not documented that you must specify it. Adding this property to a request body solved the problem.
I am currently using the Youtube API for a desktop application in C++. I am trying to implement the direct upload, which requires an authentication. I naturally choose OAuth 2.0, I followed the Google example and apparently everything worked well, I've got an access token and a refresh token, without any error returned.
However, when I try to use the access token to upload a video (I put it in the Authorization : Bearer header), I get an error 401 : Unauthorized with the description Token Invalid.
I then tried to refresh the access token right before requesting the upload (which means I try to refresh right after retrieving the access token, since the two operations are consecutive in my application's flow). The access token remained unchanged : I received the same access token from the refresh request and the exchange request.
I first thought it meant an access token should be refreshed only when it expires, but it is apparently not true : using the OAuth 2.0 Playground, it seems clear that refreshing a not yet expired token works fine and gives a different access token.
Any idea on what the problem could be ? Is the 401 error linked to the fact that I am not able to refresh the token ?
Edit : Here are the request and the response as shown in Fiddler
Request :
POST http://uploads.gdata.youtube.com/feeds/api/users/default/uploads HTTP/1.1
Accept: */*
Accept-Language: xx
Authorization: Bearer MY_ACCESS_TOKEN
GData-Version: 2
X-GData-Key: key=MY_DEV_KEY
Slug: test.avi
Content-Type: multipart/related; boundary="f93dcbA3"
Pragma: no-cache
User-Agent: SOME_STUFF
Host: uploads.gdata.youtube.com
Content-Length: 23686
Connection: Keep-Alive
--f93dcbA3
Content-Type: application/atom+xml; charset=UTF-8
<?xml version="1.0"?><entry xmlns="http://www.w3.org/2005/Atom" xmlns:media="http://search.yahoo.com/mrss/" xmlns:yt="http://gdata.youtube.com/schemas/2007"><media:group><media:title type="plain">Bad Wedding Toast</media:title><media:description type="plain">I gave a bad toast at my friend's wedding.</media:description><media:category scheme="http://gdata.youtube.com/schemas/2007/categories.cat">People</media:category><media:keywords>toast, wedding</media:keywords></media:group></entry>
--f93dcbA3
Content-Type: video/avi
Content-Transfer-Encoding: binary
<My file binary data>
--f93dcbA3--
Response
HTTP/1.1 401 Unauthorized
X-GData-User-Country: FR
WWW-Authenticate: Bearer realm="https://accounts.google.com/o/oauth2/auth",service="youtube"
Content-Type: text/html; charset=UTF-8
Content-Length: 13
X-GUploader-UploadID: AEnB2UrVDA94Fk5VFn1ng-2q9VFOo2KifLvIEHFOxQ4m66IUSC8sRf3mo5S8UH94mLyupbfANeLQvxMPhPLo6L0wlcaguQW9CQ
Date: Wed, 17 Jul 2013 09:51:23 GMT
Server: HTTP Upload Server Built on Jul 8 2013 15:32:26 (1373322746)
Token invalid
Edit 2 : Request and response using Youtube API v3
Request :
POST /upload/youtube/v3/videos?part="snippet" HTTP/1.1
Host: www.googleapis.com
X-gdata-key: DEV_KEY
Content-length: 42190
Content-type: multipart/related; boundary="===============1679429526=="
Authorization: ACCESS_TOKEN
--===============1679429526==
Content-type: application/json
{
"snippet":
{
"title": "test"
}
}
--===============1679429526==
Content-type: video/avi
<BINARY DATA - 41984B>
--===============1679429526==--
Response :
HTTP/1.1 400 Bad Request
Content-length: 229
Via: HTTP/1.1 GWA
X-google-cache-control: remote-fetch
Server: HTTP Upload Server Built on Jul 8 2013 15:32:26 (1373322746)
Date: Wed, 17 Jul 2013 22:14:03 GMT
Content-type: application/json
{
"error": {
"errors": [
{
"domain": "global",
"reason": "badContent",
"message": "Unsupported content with type: video/avi"
}
],
"code": 400,
"message": "Unsupported content with type: video/avi"
}
}