Following is what I am trying to do -
client = Google::APIClient.new
client.authorization.client_id = 'XXXX'
client.authorization.client_secret = 'XXXXX'
client.authorization.scope = 'https://www.googleapis.com/auth/calendar'
client.authorization.redirect_uri = 'http://www.aaaaa.com/'
calendar = client.discovered_api('calendar', 'v3')
In order to get access_token to make further requests, i make a call to
client.authorization.fetch_access_token!
Response I get is :
Signet::AuthorizationError: Authorization failed. Server message:
{
"error" : "invalid_request"
}
from D:/main/tools/jruby/lib/ruby/gems/1.8/gems/signet-0.4.4/lib/signet/oauth_2/client.rb:865:in `fetch_access_token'
Later I changed made a few changes and set the grant_type to password and supplied user name and password.
client.authorization.grant_type = 'password'
client.authorization.username = 'aaaaa'
client.authorization.password = 'aaaaa'
Still facing the same issue.
Documentation is not of much help. Is there any setting that I am missing?
You probably already figured this out, but I think I know what the problem is. You must first navigate (in a browser) to client.authorization.authorization_uri, which is where you will be asked to grant access to the Google account. After that, you will be redirected to client.authorization.redirect_uri, which is http://www.aaaaa.com/ in the code you provided. There will be an authorization code appended on to the URL: http://www.aaaaa.com?code=<code here>. You must set client.authorization.code equal to that authorization code. Once you have done that, you should be able to call client.authorization.fetch_access_token! and then make calls to the API.
Related
There's so many different flows in the Microsoft docs that I have no clue what one is needed for me. I am using React and Python. (I understand node, so if someone explains using node/express its fine)
What user should see:
A page with a button to login, nav is there but wont work till logged in. The login creates a popup to sign in with Microsoft account. Once signed in, the user will be able to use nav to see dynamics information.
What I am trying to do:
This app needs to sign in a user and obtain the users email through 'https://graph.microsoft.com/v1.0/me'.(no client secrets needed) Then I need to send that email in this request;
(The tenant == {company}.crm.dynamics.com.)
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
This backend request needs to have a client secret to obtain the information. So I believe my backend also needs to be logged on to a service account. I believe I need to get a token for my backend to make requests on behalf of the service account.
What I have:
I have a React frontend that is signing a user in and calling 'https://graph.microsoft.com/v1.0/me' correctly and getting that email. Once I get the email, I am sending it to my backend.
Now I have no clue how to proceed and have tried many things.
What I have tried for backend:
Attempt 1: I get a token but error: {'error': {'code': '0x80072560', 'message': 'The user is not a member of the organization.'}}. Problem is, this id is the Azure AD ID. It should def work
#app.route('/dynToken', methods=['POST'])
def get_dyn_token():
req = request.get_json()
partnerEmail = req['partnerEmail']
token = req['accessToken']
body = {
"client_id": microsoft_client_id,
"client_secret": client_secret,
"grant_type": "client_credentials",
"scope": SCOPE_DYN,
}
TENANTID = '{hash here}'
res = requests.post(
f'https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token', data=body).json()
dyn_token = res['access_token']
headers = {
"Prefer": "odata.include-annotations=\"*\"",
"content-type": "application/json; odata.metadata=full",
"Authorization": f"Bearer {dyn_token}"
}
try:
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
print(allInfo)
Attempt 2:
Same code but instead of f'https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token' its
f'https://login.microsoftonline.com/common/oauth2/v2.0/token'. Error: An exception occurred: [Errno Expecting value] : 0. Because it returns an empty string.
Now I don't know if I am even on the right path or where to go. I know the routes work themselves if the token is correct. I used only SSR with no react and these routes work. But I need the React to be there too. I just don't know what flow to use here to get what I need. The docs make it easy for /me route to work. But the {company}crm.dynamics.com docs don't really provide what I am trying to do.
Additional info after comment:
What 'f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq '{email}'', headers=headers" is trying to get are API keys. Full code :
try:
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
partner_value = allInfo['value'][0]['_company_partner_value']
response = requests.get(
f'https://{TENANT}api/data/v9.0/company_partnerses({partner_value})', headers=headers).json()
return {'key': response['company_apikey'], 'secret': response['company_apisecret']}
Then once it has the keys:
def api_authentication(apikey, apisecret):
headers = get_headers() #<-- same headers as above with using dyn_token
response = requests.get(
f'https://{TENANT}api/data/v9.0/company_partnerses?$filter=company_apikey eq \'{apikey}\' and company_apisecret eq \'{apisecret}\'&$select=company_apikey,company_apisecret,_company_account_value,_company_primarycontact_value,blahblah_unassignedhours,company_reporturl', headers=headers).json()
return response
Afterwards I am able to get all the information I am looking for to send back to my frontend for the client to see. (By making multiple request to crm with these keys)
The client_credentials grant that you are using should work, provided the CRM trusts the token issued to the client (your python backend). Please use MSAL library instead of hand crafting the token request. It will save you time and eliminate errors.
I am trying to use etsy API and validate with oauth gem. I have successfully got a successful token by doing this in the first request url:
scopes = ["email_r", "feedback_r", "listings_r", "transactions_r"]
oauth_consumer = OAuth::Consumer.new(Rails.application.secrets.etsy_api_key,
Rails.application.secrets.etsy_api_secret,
site: "https://openapi.etsy.com/v2"
)
oauth_consumer.options[:request_token_path] = "/oauth/request_token?scope=#{scopes.join('%20')}"
request_token = oauth_consumer.get_request_token(oauth_callback: new_etsy_authentication_url)
redirect_to request_token.params[:login_url]
Then the user passes the etsy validation pages and on callback url I have the following:
current_user.update(etsy_auth: {
oauth_token: params["oauth_token"],
oauth_verifier: params["oauth_verifier"],
oauth_created_at: Time.current.to_i
})
Where I save etsy oauth_token and oauth_verifier successfully.
The problem starts after that. I've tried many things to do a request to user but I always got oauth_token=rejected. Here a sample of what I've done so far:
oauth_consumer = OAuth::Consumer.new(Rails.application.secrets.etsy_api_key,Rails.application.secrets.etsy_api_secret,site: "https://openapi.etsy.com/v2")
access_token = OAuth::AccessToken.new(oauth_consumer, oauth_token: current_user.etsy_auth["oauth_token"], oauth_secret: current_user.etsy_auth["oauth_verifier"])
access_token.request(:get, "/users/__SELF__")
Should I do another request before that, to actually got another temporary oauth_token and oauth_secret?
I've tried doing this:
request_token = oauth_consumer.get_request_token and I got a temporary oauth_token and oauth_token_secret as well oauth_consumer_key (which I am not sure how I should use). I got the temporary tokens and tried many combinations without much success, I am always getting oauth_token=rejected . I've still haven't figured out if and where should I use oauth_consumer_key and if oauth_verifier is actually the oauth_secret.
What am I missing? Any help is appreciated.
I finally managed to find what needed to do. After the initial request to Etsy, I have to store oauth_token and oauth_secret. Then Etsy returns as well the oauth_verifier.
For fetching and doing each request after that, you need to send all three of them to work.
I'm trying to use Google's API to sign up and log in users to my rails webapp. I've been playing around with the authentication, but I'm getting stuck on this error after I get the authorization code.
Here's what I'm trying to do:
path = Rails.root.to_s + PATH_TO_JSON_FILENAME_FROM_GOOGLE_API
client_secrets = Google::APIClient::ClientSecrets.load(path)
auth_client = client_secrets.to_authorization
auth_client.update!(
:scope => 'https://www.googleapis.com/auth/drive.metadata.readonly',
:redirect_uri => REDIRECT_URI
)
auth_client.code = ACCESS_CODE_RETURNED_BY_GOOGLE_WHEN_USER_LOGS_IN
auth_client.fetch_access_token!
A few questions:
All I really want to be able to pull is the users name, and their email address. I'm unclear on what the proper value for :scope should be.
For the redirect_uri I'm setting it to one of the redirect uri's that are in my Google API console. Something along the lines of http://localhost:3000/auth/callback. Despite this, I'm getting the following json response:
{
"error" : "redirect_uri_mismatch"
}
Thoughts on what I might be doing wrong here?
Finally figured this out. I needed to set the redirect_uri to postmessage, because that's how I originally requested the authorization code. Here's my complete solution:
I load the Google Authentication library with the following:
function start() {
gapi.load('auth2', function() {
auth2 = gapi.auth2.init({
client_id: 'MY_CLIENT_ID',
});
});
};
I created an HTML button, which on click makes the call to the following function:
function(e){
e.preventDefault();
auth2.grantOfflineAccess({'redirect_uri': 'postmessage'}).then(this.signInCallback);
},
Right now the signInCallback function is just logging my authorization code so I can test out the ruby server code I'm writing:
function(authResult) {
console.log(authResult.code);
}
Here's what my ruby file looks like:
client = Google::APIClient.new
client.authorization.client_id = MY_CLIENT_ID
client.authorization.client_secret = MY_CLIENT_SECRET
client.authorization.redirect_uri = "postmessage"
client.authorization.code = CODE_THAT_WAS_LOGGED_TO_CONSOLE
client.authorization.fetch_access_token!
A little more info: you have to use 'postmessage' calling grantOfflineAccess. I tried putting in one of the actual redirect uri's from my developer console, and it didn't like that (see this SO question for more). What I figured out is that if you do this, then you need to do the same thing on the server side when you try to exchange the authorization code for an access token.
Redirect URI mismatch error definitely means that the redirect URI is not the same that is registered. Make extra sure that the URIs are identical.
So I have a web app with ruby on rails that connects to google drive's API. Up until now, it used to receive the refresh token, since one of the paramenters I was using was offline. But recently it stopped getting it. The url that is being sent is this:
Redirected to https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=ID&options=%7B:access_type=%3E%22offline%22,%20:approval_prompt=%3E%22force%22%7D&redirect_uri=http://localhost:3000/oauth2callbackdrive&response_type=code&scope=https://www.googleapis.com/auth/drive%20https://www.googleapis.com/auth/userinfo.email
The code that is redirecting to the URI has this:
client = Google::APIClient.new
client.authorization.client_id = GOOGLE_CLIENT_ID
client.authorization.client_secret = GOOGLE_CLIENT_SECRET
client.authorization.scope = SCOPES
client.authorization.redirect_uri = GOOGLE_CLIENT_REDIRECT_URI
auth_url = client.authorization.authorization_uri(:options => {:access_type => :offline, :approval_prompt => :force}.to_s)
redirect_to auth_url.to_s
On the callback function I have this:
client = Google::APIClient.new
client.authorization.client_id = GOOGLE_CLIENT_ID
client.authorization.client_secret = GOOGLE_CLIENT_SECRET
client.authorization.scope = SCOPES
client.authorization.redirect_uri = GOOGLE_CLIENT_REDIRECT_URI
client.authorization.code = params['code']
client.authorization.fetch_access_token!
And on the same function I insert into the database:
CloudAccount.create(username: username,access_token:client.authorization.access_token, refresh_token:client.authorization.refresh_token,register_id:userID,cloud_name:'drive')
Problem is, the client.authorization.refresh_token, which had a value before, now is returning empty and so it's being inserted into the DB as NULL. Which affects uploads/refresh/downloads when the access_token expires.
What can I do or what am I doing wrong?
Thanks.
I was having a similar issue (Getting a refresh token from google api). I think if you use:
prompt='select_account consent'
then that forces a new approval screen and you get a new refresh_token.
Reference: https://developers.google.com/identity/protocols/OAuth2UserAgent
I'm trying to make authenticated calls to the Bitbucket REST API, with Oauth authentication. I've successfully retrieved an oauth_token and an oauth_token_secret (although they are the same as the request_token and request_token_secret, which seems strange but not outside of the spec). When I make an API call to another endpoint, I get a 401 (not authenticated). I've tried using header authentication and/or passing the oauth_token and oauth_token_secret as HTTP params with the sane result.
Here's the code:
account_name_url = 'https://api.bitbucket.org/1.0/user'
feedback_oauth_hook = OAuthHook(
access_token='REDACTED',
access_token_secret='ALSO_REDACTED',
consumer_key=CLIENT_ID,
consumer_secret=CLIENT_SECRET,
header_auth=True
)
params = {
'access_token': auth_tokens['access_token'],
'access_token_secret': auth_tokens['access_secret']
}
response = requests.get(account_name_url, data=params, hooks={'pre_request': feedback_oauth_hook})
import oauth2 #pip install oauth2
accessToken = oauth2.Token(OAUTH_TOKEN, OAUTH_TOKEN_SECRET)
consumer_key = YOUR_COMSUMER_KEY
consumer_secret = YOUR_CONSUMER_SECRET
consumer = oauth2.Consumer(consumer_key, consumer_secret)
client = oauth2.Client(consumer, accessToken)
api_url = "https://api.bitbucket.org/1.0/user"
resp, content = client.request(api_url, "GET")
print resp, content
The above python code works for me.
I print the request info, notice that it contains oauth_version=1.0 which is required.
I tried removing it, then 401 was returned. I think BitBucket should document this.