I followed the instructions on https://developers.google.com/youtube/v3/guides/authentication#OAuth2_Calling_a_Google_API
to check my access to the YouTube v3 API.
I got an access_token from this:
curl --data "code=4/XXX.YYY" \
--data "client_id=foo123.apps.googleusercontent.com" \
--data "client_secret=YYY" \
--data "redirect_uri=urn:ietf:wg:oauth:2.0:oob" \
--data "grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
which returned:
{
"access_token" : "ya29.XYXYXY",
"token_type" : "Bearer",
"expires_in" : 3600
}
If I now check access with curl or in the browser
https://www.googleapis.com/youtube/v3/video?access_token=ya29.XYXYXY
I just got back "Not Found".
If I use another (phantasy) access_token or leave out the parameter the result is always the same, just "Not Found". I tried with "http" and "https".
Am I doing something wrong? Is the service just temporarily not available? Should I use v2?
Thanks for your time,
Axel.
Found it myself. The documentation is misleading for me. The sample it uses
https://www.googleapis.com/youtube/v3/video?access_token=ya29.XYXYXY
doesn't say that you need further parameters. The response "Not found" from the server is not helpful. Furthermore "video" must be "videos".
A correct test would be
https://www.googleapis.com/youtube/v3/videos?access_token=ya29.XYXYXY&id=12345678&part=snippet
Related
Even though I read a numerous duplicate issues here on Stackoverflow, still can't figure out for the life of me what I'm doing wrong.
Problem: I successfully receive an authorization code from, but when I request an access token using this code I get the following error:
{
"error": "invalid_request",
"error_description": "Invalid parameter value for redirect_uri: Missing scheme: http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback"
}
Configuration:
I use http://localhost:3030/google/oauth2/callback as a callback URL
It's setup in the google developer console:
This is a "raw curl" request that I send to obtain a token:
curl --location --request POST 'https://oauth2.googleapis.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'code=4%2F0AY0e-g6zyewnsWjPEXoxZWawsp1E634ZlefYoBeYO1nXxBwjPQNCGVf7SGb4MxfNcjUApw' \
--data-urlencode 'redirect_uri=http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback' \
--data-urlencode 'client_id=....' \
--data-urlencode 'client_secret=....' \
--data-urlencode 'grant_type=authorization_code'
P.s. as you can see I "UrlEncoded" redirect_url as well as code since it does contain slashes. To be on the same side, I tried to encode client_id, client_secret and grant_type as well, but since they only contain ASCII characters they came out the same.
What I have done:
Researched through similar problems on SO: jenkins issue, ios issue, php issue, missing http issue,nodejs issue - similar to this one followed up by discussion, this, that, and all other ones present here - will omit them for brevity.
I've tried to set
http://localhost/google/oauth2/callback:3030 as well as
http://127.0.0.1:3030/google/oauth2/callback and
http://127.0.0.1/google/oauth2/callback:3000 (although specifying a port in the end is super weird and changing localhost to 127.0.0.1, but was suggested in one of the similar threads), none of these worked.
Read all the docs from google
Played with OAuth2 Playground (where it works obviously), but doesn't work for me
Tried multiple variations for body + different content types the same problem, but sometimes I also get
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
Any help would be appreciated.
After some time I was able to successfully obtain a token. Turns out that I didn't craft request to Google API correctly. Also, for the "curl" request it should be --data rather than --data-urlencode. The following request worked for me:
curl --request POST \
--url https://oauth2.googleapis.com/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data code=4%2F0AY0e-g4TLGE7c7VyMe8-95baQzeh0uERiKuGnHG5Sqccb4MCsmJOzV_a2jSbI9bm62VZ6Q \
--data redirect_uri=http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback \
--data client_id=********* \
--data client_secret=********* \
--data grant_type=authorization_code
or
curl --request POST \
--url https://oauth2.googleapis.com/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'code=4%2F0AY0e-g4TLGE7c7VyMe8-95baQzeh0uERiKuGnHG5Sqccb4MCsmJOzV_a2jSbI9bm62VZ6Q&redirect_uri=http%3A%2F%2Flocalhost%3A3030%2Fgoogle%2Foauth2%2Fcallback&client_id=*********&client_secret=*********&grant_type=authorization_code'
One more observation: When you test, you can use the authorization code only once (for security reasons). Sometimes even if you send multiple "unsuccessful requests" with the same code, Google's API will reject all subsequent requests with that code (you need to go through the OAuth2 again flow to obtain a new one). The most "frustrating" part that confused me is that the response for the wrong code looks like this:
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
instead of being something like "Code is not valid" or "Code has expired".
So, if you encounter an error above it means the request was crafted correctly, but the code is wrong.
I am calling the Twilio Verify Rest API using JSON in the body, but it is returning an error " Your AccountSid or AuthToken was incorrect."
Here is my setup:
I used a Base64 encoder> entered my AccountSID:Auth token> and entered it into the "Value" as seen in the screenshot below.
I am not sure exactly what I am doing wrong. Any help?
Make sure to send the body of your request as application/x-www-form-urlencoded, not JSON.
Example:
curl -X POST https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Verifications \
--data-urlencode "To=+15017122661" \
--data-urlencode "Channel=sms" \
-u ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:your_auth_token
After successfully authenticating, I want to refresh my authorization token, so I issue the following request
curl -X POST \
https://login.microsoftonline.com/<my-tenant>/oauth2/v2.0/token \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-F grant_type=refresh_token \
-F refresh_token=<my-refresh-token> \
-F client_id=<my-client-id> \
-F client_secret=<my-client-secret>
However, instead of returning with a new token, I get the following response:
{
"error": "server_error",
"error_description": "AADSTS50000: There was an error issuing a token.\r\nTrace ID: bb72ee21-7df2-4949-8375-e6d97b621300\r\nCorrelation ID: 719ea759-622b-4d63-be17-56fd6c255195\r\nTimestamp: 2018-06-15 09:07:13Z",
"error_codes": [
50000
],
"timestamp": "2018-06-15 09:07:13Z",
"trace_id": "bb72ee21-7df2-4949-8375-e6d97b621300",
"correlation_id": "719ea759-622b-4d63-be17-56fd6c255195"
}
The tenant, client id and client secret are all the same as those used when obtaining the refresh token. Yet, something is apparently missing or incorrect - but what?
You are missing the mandatory scope parameter as described here.
You also need to provide a redirect_uri, although you just make a POST request.
And the redirect_uri must match the redirect_uri used in the original authorization call.
When refreshing an access token you have to provide a scope for which you would like to get the token. Also make sure that you understand you can only refresh the access_token, not the id_token. And access_token always has a purpose (scope).
Everything described in the documentation.
I've installed the Authorization extension in my Auth0 account, so authorization functionality works perfectly but now I want to access all the groups I've created there in that authorization extension. So I've followed Authorization docs but when I use the token I've generated for that it throws 403: Insufficient scope error in response.
These are the steps I've gone through:
1.Requested a token:
curl -X POST \
https://my_domain.auth0.com/oauth/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-d '{
"client_id":"auth0-authorization-extension-api-client-id",
"client_secret":"auth0-authorization-extension-api-secret",
"audience":"urn:auth0-authz-api",
"grant_type":"client_credentials"
}'
Response:
{"access_token":"encoded_access_token","expires_in":86400,"token_type":"Bearer"}
2.Requested group list:
curl -X GET \
https://domain.us.webtask.io/some_hash/api/groups \
-H 'authorization: Bearer access_token'
Response:
{
"statusCode": 403,
"error": "Forbidden",
"message": "Insufficient scope"
}
Hopefully this isn't a problem still for you, but if it is:
Go to your Auth0 dashboard
Click on APIs
You should have an API called auth0-authorization-extension-api
Select Non-interactive clients tab
Select the client you want to give access to and change toggle to Authorized
There's a drop down arrow beside the authorized toggle, click that and under scopes give access to read:groups. You may need read:users too.
Hope that helps, thanks
Kevin
I try to use OAuth with google. I receive a code using a POST request to this URL:
https://accounts.google.com/o/oauth2/v2/auth
Then I try to get a access token by sending a POST request to this URL:
https://www.googleapis.com/oauth2/v4/token
But this returns me a HTTP 404 "Not found" error. Is this URL wrong?
The URI that I've gotten to work for an Oauth2 token right now is
https://www.googleapis.com/oauth2/v3/token
I saw the same "v4" referenced in documentation, but couldn't get it to work either.
If you're developing your own OAuth 2.0 clients on the Google infrastructure, I'd recommend Google's OAuth 2.0 Playground which takes you through each request and response for their API's.
Oauth has been deprecated by Google. For OAuth 2.0, Try their well-known OpenID Configuration link which shows:
"authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth"
This works for me
curl --location --request POST 'https://www.googleapis.com/oauth2/v4/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=1234567891011-t28d34tfmfk5i5865hm7kij8nvl7vdax.apps.googleusercontent.com' \
--data-urlencode 'client_secret=KFcsEpfLjg64ta6TtQ1QibOC' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=1/gb5fEFSu_iwbvbsXZdK8ddrJjNTD1RrXbQqdsT6wuJK'
It looks newer and it worked when I tried.
https://oauth2.googleapis.com/token
https://developers.google.com/identity/protocols/oauth2/web-server#httprest_3