I am getting 401 Invalid Credentials error trying to use the Youtube API in the OAuth 2.0 Playground.
Response is:
{
"error": {
"code": 401,
"message": "Invalid Credentials",
"errors": [
{
"locationType": "header",
"domain": "global",
"message": "Invalid Credentials",
"reason": "authError",
"location": "Authorization"
}
]
}
}
Steps can be reproduced here.
Select Manage Youtube account API
Authorize
Get access token
Attempt to call any Youtube API (you may need to plug your own API key in as well)
The access token is valid (non-Youtube API calls work fine) and I have tried this with a number of different accounts which have Youtube accounts and channels set up (so the reply here is not what's happening).
The API works fine in the Try it Now section here so this is quite strange.
Maybe somebody can try these steps with their account and verify if the outcome is the same or not?
You have to choose the "Use your own OAuth credentials" option in the settings of the OAuth Playground (link at the top right corner).
You also need to add the following URL to the list of Redirect URIs of you project in the Developers Console:
https://developers.google.com/oauthplayground
If you do that, you don't need to pass the API key.
Related
I am trying to issue a POST request towards the google calendar api, but I fail to understand how to authenticate it.
I took the following steps to try and use a service account to do so:
I've enabled the the calendar api in the Google Cloud console
I've created a new service account, enabled G Suite Domain-wide Delegation, and downloaded the provided key.
I've added the service account email to the calendar to be able to make changes and create events.
I've tried to create a POST request to https://www.googleapis.com/calendar/v3/calendars/calendarId/events with the contents of the JSON key as the value of the Authorization header, but I receive the following error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
Am I missing some steps or have I do not understand correctly the authentication process?
I would appreciate your help.
Its not simply a matter of applying the contents of the key file to your call, all google apis need an access token in order to authenticate them.
To get an access token from a service account you need to follow the following steps. Preparing to make an authorized API call
There are steps you will need to complete inorder to get the access token you will need to make a call to the api
After you obtain the client ID and private key from the API Console, your application needs to complete the following steps:
Create a JSON Web Token (JWT, pronounced, "jot") which includes a header, a claim set, and a signature.
Request an access token from the Google OAuth 2.0 Authorization Server.
Handle the JSON response that the Authorization Server returns.
I recommend you pick your favorite server sided programming language and find a client library for it. It will make things much easier then you trying to authncate using a service account by yourself.
I'm using Google API to develop a web app, to do this I need to interact with youtube and get the channel ID. According to google documentation I use this request
https://www.googleapis.com/youtube/v3/search?part=snippet&q=LorenzoSchaeffer&type=channel&key={YOUR_API_KEY}
where in "YOUR_API_KEY" I copy and paste my API Key found in the google developer console. but I get this response
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "keyInvalid",
"message": "Bad Request"
}
],
"code": 400,
"message": "Bad Request"
}
}
while from google API explorer I get the correct output.
I don't know how to proceed, any solution?
This means either you're using the wrong API key or the API project that "owns" the API key you are using doesn't have the YouTube Data v3 API hasn't been activated for use with the project.
Go here for information on how to get started, get and API key (make sure to get an API key and not OAuth credentials): https://developers.google.com/youtube/v3/getting-started
Context
We are successfully using https://accounts.google.com/o/oauth2/auth to acquire an authentication_code with the following app permissions.
Know who you are on Google
View your email address
View your basic profile info
We are also successfully using https://accounts.google.com/o/oauth2/token to exchange that authentication code for an access_token and id_token.
Problem
With that access_token, we are using https://www.googleapis.com/plus/v1/people/me/openIdConnect to acquire profile information. This is a GET request with the following header.
Authorization: Bearer access_token
The response from Google is invariably this error:
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
This Google documentation makes two suggestions:
Refresh the access token using the long-lived refresh token.
If this fails, direct the user through the OAuth flow, as described in Authorizing Your App with Google Drive.
We have tried both of those approaches and receive the same error.
We were accidentally using the id_token in the Authorization header. We needed to make sure to use the access_token instead.
I have followed the instructions in this URl and get the userid, name and email but image information is not having. Please suggest your feedbacks.
https://developers.google.com/identity/sign-in/ios/people
Also use this url to get image https://www.googleapis.com/plus/v1/people/115950284...320?fields=image&key={YOUR_API_KEY} but it says
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "ipRefererBlocked",
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed.",
"extendedHelp": "https://console.developers.google.com"
} ], "code": 403,
"message": "There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed."
} }
You could use the server API and write not just IP of the server but also IPv6. This helped me with the same issue.
I have a Rails website that has Google OAUTH2 implemented and working.
We are developing an iOS app, which is going to talk to my web server using APIs. Some of the APIs need the user to be authenticated. The idea, is that the iOS app authenticates the user using OAUTH2 on the device, then POSTs the token over SSL from the device to the web as the authentication. I need the website to verify the token.
In the Google API console, I added the client ID for the iPhone device, and got an access token by going to:
https://accounts.google.com/o/oauth2/auth?
scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
response_type=code&
client_id={my client id}
Then, I pass the token to my site. On my site, I validate the token via:
google = OmniAuth::Strategies::GoogleOauth2.new(ENV['GOOGLE_API_KEY'],['GOOGLE_CLIENT_API_SECRET'])
client = OAuth2::Client.new(ENV['GOOGLE_API_KEY'],['GOOGLE_CLIENT_API_SECRET'], google.options.client_options)
access_token = OAuth2::AccessToken.new(client, params[:token], google.options.access_token_options || {})
google.access_token = access_token
google.auth_hash
When I attempt to auth_hash, the following error is returned:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
From here, I have no clue why I have specified invalid credentials.
ENV['GOOGLE_API_KEY'] points to the same API key as the website, and ENV['GOOGLE_CLIENT_API_SECRET'] points to the secret for the iOS client.
The URL I used above, I thought, gave me an access token. In reality, it returns to me an authorization code (which can then be used to get an access token).
The solution, is to exchange the authorization code, for an access token, then I can pass the token around and use it.
The difference between an authorization code and an access token is somewhat vague on the Google site, but you can read about how to exchange them here:
https://developers.google.com/accounts/docs/OAuth2WebServer