I'm at a loss for what's wrong. I'm always getting com.google.gdata.client.GoogleService$SessionExpiredException: Token invalid Token invalid when making API requests.
I have the following flow:
link user account
use credentials to get video upload entries
The code I use to link the user (get permission for my application) uses the JdoDataStoreFactory to persist user tokens and refresh info between API calls.
I used the following scopes when I ask the user to authorize my apps:
https://www.googleapis.com/auth/youtube.upload
https://www.googleapis.com/auth/youtube.readonly
Using GoogleAuthorizationCodeFlow I do a loadCredentials passing in the userId from my application that I used when requesting their auth token. I then feed those credentials to YouTubeService's getFeed method, requesting the url for video feeds: http://gdata.youtube.com/feeds/api/users/default/uploads
It looks like this:
service.setOAuth2Credentials(credentials)
videoFeed = service.getFeed(new URL(USER_FEED_PREFIX + DEFAULT_USER
+ UPLOADS_FEED_SUFFIX), VideoFeed.class)
After this executes, I always get the stacktrace:
com.google.gdata.client.GoogleService$SessionExpiredException: Token
invalid Token invalid Token invalid Error
401
at
com.google.gdata.client.http.GoogleGDataRequest.handleErrorResponse(GoogleGDataRequest.java:570)
at
com.google.gdata.client.http.HttpGDataRequest.checkResponse(HttpGDataRequest.java:560)
at
com.google.gdata.client.http.HttpGDataRequest.execute(HttpGDataRequest.java:538)
at
com.google.gdata.client.http.GoogleGDataRequest.execute(GoogleGDataRequest.java:536)
at com.google.gdata.client.Service.getFeed(Service.java:1135) at
com.google.gdata.client.Service.getFeed(Service.java:998) at
com.google.gdata.client.GoogleService.getFeed(GoogleService.java:645)
at com.google.gdata.client.Service.getFeed(Service.java:1017)
The way I'm initiating my request to my service is via curl, my command looks like this:
curl http://localhost:8080/user/someUserId/content
Using Wireshark I see the following in my request:
GET /feeds/api/users/default/uploads HTTP/1.1
Authorization: Bearer <the_auth_token_for_the_user>
User-Agent: MyApp YouTube-Java/1.0 GData-Java/null(gzip)
X-GData-Client: MyApp
Accept-Encoding: gzip
GData-Version: 2.0
Cache-Control: no-cache
Pragma: no-cache
Host: gdata.youtube.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
I'm stuck.
Ok, I figured this out. I was trying to query the user's uploaded videos, and apparently for an app to do that it has to be authorized for the https://www.googleapis.com/auth/youtube scope, not the scopes I had configured
Related
I am unable to update the birthday and hireDate properties for users in my directory.
The following request returns a 500 Internal Server Error
PATCH https://graph.microsoft.com/beta/users/[removed] HTTP/1.1
SdkVersion: Graph-dotnet-1.10.0
Authorization: Bearer [removed]
Cache-Control: no-store, no-cache
Content-Type: application/json; charset=utf-8
Host: graph.microsoft.com
{"hireDate":"1989-10-02T04:00:00Z"}
HTTP Response
HTTP/1.1 500 Internal Server Error
Content-Type: application/json
...
Microsoft.Office.Server.Directory.DirectoryObjectUnauthorizedAccessException. Attempted to perform an unauthorized operation.
Azure AD App Permissions
According to your description, I assume you want update user's birthday or hireDate through the Graph API.
From the returned response, your permission was denied to update the user's profile.
We should add the following permission: 'Directory.ReadWrite.All'.
To do that, we should add the Directory.ReadWrite.All scope in your code when we request an accesstoken.
I am using Google APIs to perform various operations on my contacts. I wanted to add a contact to my contact list for this I used:
POST:
https://www.google.com/m8/feeds/contacts/default/thin?alt=json&max-results=500&v=3.0
With the header
Authorization: Bearer "access_token"
Content-Type: application/json
data:{title: "BATMAN", phonenumber: "3333", email:"tdk#gmail.com"}
The get the response alright:
HTTP/1.1 201 Created
This response was recorded by both Google OAuth 2.0 playground as well as Postman.
However when I wish to fetch the contact it is nowhere to be found. To fetch I my request is:
GET:
https://www.google.com/m8/feeds/contacts/default/thin?alt=json&max-results=500&v=3.0
With the header
Authorization: Bearer "access_token"
I get all contacts but the one just created. Would like to know where I'm going wrong?
I'm trying to implement a client that imports the events that a user has in Office 365 so that I can easily display them in the company's application.
I managed to get the user to authenticate with his / her Office 365 account and to approve my application and to also get an AccessToken, but when I try to use the token to retrieve the events from the API, I get a 401 HTTP error code, no body and in the headers I have this:
Content-Length →0
Date →Thu, 17 Mar 2016 08:56:00 GMT
Server →Microsoft-IIS/8.0
WWW-Authenticate →Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000#*", token_types="app_asserted_user_v1 service_asserted_app_v1", authorization_uri="https://login.windows.net/common/oauth2/authorize", error="invalid_token",Basic Realm="",Basic Realm=""
X-BEServer →DB4PR06MB522
X-BackEndHttpStatus →401
X-CalculatedBETarget →DB4PR06MB522.eurprd06.prod.outlook.com
X-DiagInfo →DB4PR06MB522
X-FEServer →AM3PR06CA022
X-Powered-By →ASP.NET
request-id →de1963bc-36df-4473-81f6-66ec37e8b415
x-ms-diagnostics →2000001;reason="OAuth token submitted with the request can not be parsed.";error_category="invalid_token"
The token I get from https://login.microsoftonline.com/common/oauth2/token with the following body:
grant_type=authorization_code
redirect_uri=https://example.com/redirect-uri
client_id=XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX
client_secret=[my-client-secret]
code=[code-received-from-user-auth]
The token I receive from the above call, I send through the Authorization header to https://outlook.office.com/api/v2.0/me/events like so:
Authorization: Bearer [access-token]
The response status I get from this call is 401 Unauthorized, I get an empty body and the headers are like so:
Content-Length →0
Date →Thu, 17 Mar 2016 08:56:00 GMT
Server →Microsoft-IIS/8.0
WWW-Authenticate →Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000#*", token_types="app_asserted_user_v1 service_asserted_app_v1", authorization_uri="https://login.windows.net/common/oauth2/authorize", error="invalid_token",Basic Realm="",Basic Realm=""
X-BEServer →DB4PR06MB522
X-BackEndHttpStatus →401
X-CalculatedBETarget →DB4PR06MB522.eurprd06.prod.outlook.com
X-DiagInfo →DB4PR06MB522
X-FEServer →AM3PR06CA022
X-Powered-By →ASP.NET
request-id →de1963bc-36df-4473-81f6-66ec37e8b415
x-ms-diagnostics →2000001;reason="OAuth token submitted with the request can not be parsed.";error_category="invalid_token"
Can you please tell me what I'm doing wrong?
I managed to fix the problem I had.
For future reference, the problem was that I wasn't telling the https://login.microsoftonline.com/common/oauth2/token endpoint what I needed the token for.
I had to provide a resource parameter with the base url of the resource I was going to interogate after.
In my case, it was https://outlook.office365.com.
I have an application that creates and uploads videos for customers. Before attempting the upload the customer grants authorization and the resulting access and refresh tokens are saved. It sometimes happens that the customer does not have a YouTube channel associated with their Google Account. I detect this and create a channel for them. This normally works fine. But not always. Here's an example of where creating the channel failed:
Obtaining access token for Customer
post https://accounts.google.com/o/oauth2/token
HTTP Response: 200
{
"access_token" : "_new_access_token_",
"token_type" : "Bearer",
"expires_in" : 3600
}
Uploading video '_video_name_' for Customer
post http://uploads.gdata.youtube.com/feeds/api/users/default/uploads
Authorization: Bearer _new_access_token_
GData-Version: 2.1
X-GData-Key: key=_GData_Key_
Slug: n3n1xs.mp4
Content-Type: multipart/related; boundary="51d366cb05b71"
Content-Length: 255958407
Connection: close
HTTP Response: 403
<?xml version='1.0' encoding='UTF-8'?><errors><error><domain>yt:service</domain><code>youtube_signup_required</code></error></errors>
Obtaining channel names for Customer
get https://gdata.youtube.com/feeds/api/suggest/username?hint=CustomerNameVT&fields=entry%2Ftitle
GData-Version: 2.1
X-GData-Key: key=_GData_Key_
HTTP Response: 200
<?xml version='1.0' encoding='UTF-8'?><feed xmlns='http://www.w3.org/2005/Atom'><entry><title>CustomerNameVT</title></entry><entry><title>VTCustomerName</title></entry><entry><title>VTNameCustomer</title></entry><entry><title>CustomerVTName</title></entry><entry><title>CustomerNameVT1</title></entry><entry><title>NameCustomerVT</title></entry><entry><title>NameVTCustomer</title></entry></feed>
Linking YT channel for Customer (CustomerNameVT)
put https://gdata.youtube.com/feeds/api/users/default
Authorization: Bearer _new_access_token_
Content-Type: application/atom+xml
GData-Version: 2.1
X-GData-Key: key=_GData_Key_
<entry xmlns='http://www.w3.org/2005/Atom' xmlns:yt='http://gdata.youtube.com/schemas/2007'><yt:username>CustomerNameVT</yt:username></entry>
HTTP Response: 403
<errors xmlns='http://schemas.google.com/g/2005'><error><domain>GData</domain><code>ServiceForbiddenException</code><internalReason>Forbidden</internalReason></error></errors>
Notice that the requested name is the first one suggested by the suggest username api. As far as I can see this should work. It usually does. What's wrong this time?
The API for linking a Google Account to a new channel is deprecated.
Our current recommendation is to explicitly take users through a web-based linking process, starting at https://youtube.com/create_channel (or the m.youtube.com equivalent).
I'm using the GTMOAuth-2 library to implement an OAuth 2 Authorization Code Grant flow to the Asana API, but consistently getting back a server error 500. The GTMHTTPFetcher log is as follows (selectively redacted):
fetch tokens for app.asana.com
2013-05-08 16:46:58 +0000
Request: POST https://app.asana.com/-/oauth_authorize
Request headers:
Content-Type: application/x-www-form-urlencoded
User-Agent: gtm-oauth2 <user-agent>
Request body: (199 bytes)
client_id=<client-id>&client_secret=_snip_&code=<client-secret>&grant_type=authorization_code&redirect_uri=http%3A%2F%2Fwww.google.com%2FOAuthCallback
Response: status 500
Response headers:
Cache-Control: no-store
Content-Length: 303
Content-Type: text/html; charset=UTF-8
Date: Wed, 08 May 2013 16:46:56 GMT
Pragma: no-cache
Server: nginx
Set-Cookie: <cookie>
X-Asana-Content-String-Length: 303
X-Asana-Preferred-Release-Revision: 20130508_073846_310cafc985fd5fb43121784b58d5dcd2503ffffe
Response body: (303 bytes)
<html>
<head>
<title>Error</title><script>__FILE__="(none)";var config = {
"CLUSTER": "prod",
"PRETTY_JS_CODEGEN": false,
"ENABLED_FEATURES": ""
};</script><link rel="shortcut icon" href="/-/static/luna/browser/images/favicon.ico" />
</head>
<body>
<h3>Error</h3><pre>Server Error</pre>
</body>
</html>
I've double-checked the auth and token URLs, client ID and secret, made sure the redirect URIs match on Asana and in-app. Interestingly, the authorization flow seems to get as far as authorizing the app (and the Asana site records the app as authorized), but it then never seems to return the authorization token. Is there anywhere I might be going wrong, or is this truly an internal server error?
(I work at Asana). I'm unsure where in the flow this request is being made, but it doesn't look correct. Once you've obtained the authorization code (by having the user interact with the Asana form), the library should then make a request to our /-/oauth_token endpoint, and pass us the code. So it's possible that you just need to be using the /-/oauth_token endpoint instead of the /-/oauth_authorize endpoint as you're doing.
If you look at our OAuth examples you'll note that there are two different URLs, one for authorization and one for token exchange.
Asana is probably returning a 500 because it's not expecting this and we're not doing a good enough job catching the problem.