error to use "https://www.googleapis.com/auth/drive" scope - oauth-2.0

Version of google-api-java-client:
google-api-1.13.2-beta.jar
Java environment:
Java 6
Describe the problem.
I have a question.
I want to access the Google Drive using the OAuth 2.0 for Devices.
It is an error to use "https://www.googleapis.com/auth/drive" scope.
I succeed when you use the "https://docs.google.com/feeds/" in scope.
I'm wondering do I use the "https://docs.google.com/feeds/" to use the "DriveAPI" I.
Is this the correct usage?
Request:
POST https://accounts.google.com/o/oauth2/device/code HTTP/1.1
client_id=xxxxx.apps.googleusercontent.com&scope=https://www.googleapis.com/auth/drive
Response: { "error" : "invalid_scope" }
Response:
POST https://accounts.google.com/o/oauth2/device/code HTTP/1.1
client_id=xxxxx.apps.googleusercontent.com&scope=https://docs.google.com/feeds/
Response:
{
"device_code" : "4/e6HcZHKPz-eExgLb_Ll9V8qoT1NP",
"user_code" : "zzwiv48b",
"verification_url" : "http://www.google.com/device",
"expires_in" : 1800,
"interval" : 5
}
How would you expect it to be fixed?
I think that can be authenticated in the scope of the "https://www.googleapis.com/auth/drive" I.
developers.google.com
stackoverflow.com

You are missing an h in the protocol. Try https://docs.google.com/feeds/ instead of ttps://docs.google.com/feeds/. Apply the same change to all your scope urls

From the Google documentation about "Using OAuth 2.0 for Devices" (https://developers.google.com/identity/protocols/OAuth2ForDevices#allowedscopes):
When you use the OAuth 2.0 flow for devices, you can access only the following scopes:
Analytics Configuration and Reporting APIs
Calendar API
Contacts API
Cloud Print API
Cloud Storage API
Fitness REST API
Fusion Tables API
Google Sign-In
YouTube Data and Live Streaming APIs
I don't see Drive API in this list and I think it's a reason of "invalid_scope" error

I have exactly the same problem with.
I've followed the instructions in the developing document, and use "www.googleapis.com/auth/drive" as my the scope in the request.
Eventually, I got "invalid_scope" in the response.
So I've try to use "www.googleapis.com/auth/devstorage.full_control" as the scope, and it worked!The hint is from :https://cloud.google.com/storage/docs/authentication#oauth
BUT!! When I use the access token I created to list the google drive account information, I got error code 403 and the message is "Insufficient Permission".
This is what I used to request the account infornation:
curl -H "Authorization: Bearer $ACCESS_TOKEN" https://www.googleapis.com/drive/v2/about?key=$APP_KEY
That really made me confused....

Related

Onedrive API rejects access token (CompactToken parsing failed with error code: 8004920A)

Hopefully I'm missing something very simple. According to this documentation to get an access token I need to hit the following url:
https://login.live.com/oauth20_authorize.srf?client_id={client_id}&scope={scope}
&response_type=token&redirect_uri={redirect_uri}
So far this appears to be working as the returned url I get contains
/#access_token=EwAYA61DBAAUcSSzo.......
According to the token flow documentation above,
You can use the value of access_token to make requests to the OneDrive API.
According to this page,
Your app provides the access token in each request, through an HTTP header:
Authorization: bearer {token}
When running curl I give it the exact token I was given before,
curl -X GET \
https://graph.microsoft.com/v1.0/drive \
-H 'Authorization: Bearer EwAYA61DBAAUcSSzoTJJs.....
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 8004920A",
"innerError": {
"request-id": "8780c600-2b7f-45a0-b484-7eca9dfd2697",
"date": "2019-01-25T19:33:22"
}
}
}
Why is the token they provided not working?
What I've tried so far:
changing the case of bearer in the header
wrapping said token in {}
generating new tokens
URL decoding said token
One thing to note: the tokens I am receiving are not JWT tokens. Googling the error code pulls up several Stack Overflow questions that seem to imply the graph api is expecting a JWT. If this is the case, am I missing a step to obtaining it?
You can't call Microsoft Graph API after completing the authentication flow for Microsoft accounts (OneDrive personal).
In addition, the authorization process with Microsoft accounts is no longer recommended according the docs and new applications should be developed using Microsoft Graph:
This topic contains information about authorizing an application using Microsoft accounts for OneDrive personal. However, this approach is no longer recommended. New applications should be developed using Microsoft Graph and follow the authorization process in Authorization and sign-in for OneDrive in Microsoft Graph.

How do I consume Linked API v2?

I have my app in LinkedIn with all four default application permissions ticked. I am able to consume API v1 perfectly. When I authenticate with oAuth 2.0, my authentication is successful and I get auth2_token but I am not able to call the below endpoint.
https://api.linkedin.com/v2/me
Header: X-Restli-Protocol-Version : 2.0.0 Authorization : Bearer (
auth2_token )
I get the error
{
"serviceErrorCode": 100,
"message": "Not enough permissions to access: GET /me",
"status": 403
}
Am I missing something here?
I couldn't get access to https://api.linkedin.com/v2/me either but you can use the following URL sample to retrieve the data you need:
GET https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url)?format=json
The available fields can be found here: LinkedIn basic profile fields
To access https://api.linkedin.com/v2/me, you need to have access to v2 API.
As of 14th of Jannuary or Linkedin Applications will automatically have access to v2 API.
As of March, 1st, Linkedin is going to deprecate its v1 API, so the call https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url)?format=json will no longer work.

Accessing users Yahoo profile with YQL

I am trying to access users Yahoo profile using YQL. For this, I am using OAuth with YQL. The query I'm using to get this data is:
q=select%20*%20from%20social.profile%20where%20guid%20%3D%20me&format=json&diagnostics=true&callback=
However, when I do this, I am getting the following error message:
Unsupported authorization scheme: "Bearer"
Are there any other things that I need to set before making the request, like headers or any other fields?
The Yahoo YQL endpoint does not support OAuth 2.0 tokens (yet?). You can use a REST API as described in https://developer.yahoo.com/social/rest_api_guide/social_dir_api.html#social_dir_intro-profiles, e.g. https://developer.yahoo.com/social/rest_api_guide/extended-profile-resource.html:
curl -H "Authorization: Bearer <token>" https://social.yahooapis.com/v1/user/me/profile?format=json

FusionTables Insert works in OAuth2 Playground, but not as HTTPS Post in other systems

Hello kind people of the internet,
We can successfully use the Google Oauth 2.0 Playground to make a simple sql POST insert to a FusionTable, but when attempt the same basic HTTPS POST operation in anything else (from back end system, another browser session, Postman chrome tool, hurl.it, etc, etc), we always get a 403 error:
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.",
I'm puzzled why the error is returned when doing an HTTPS post from other systems (other than OAuth playground)?...as at the time I'm supplying an active Access token (cut-n-pasted Access token from OAuth playground).
The successful-working-good Request block in OAuth 2.0 Playground is below (but the Access token is of course now expired):
POST /fusiontables/v1/query?sql=INSERT INTO 1CqwRGEEn4L0gN66JwGvCR5yOI8miNMVijcp4XlE (Name, Age) VALUES ('Forrest', 57) HTTP/1.1
Host: www.googleapis.com
Content-type: application/json
Authorization: Bearer ya29.AHES6ZRr9CkHptvLaYlba_u6wceIh29urI8FjFp8xMP08AcBm2qpHg
Here's the direct URL that is generated by several different REST based tools I'm attempting to use to simulate the HTTPS request to do a POST sql insert to FusionTables (which again: always generates a 403 error even with an active Access token):
https://www.googleapis.com/fusiontables/v1/query?sql=INSERT%20INTO%201CqwRGEEn4L0gN66JwGvCR5yOI8miNMVijcp4XlE%20(Name,%20Age)%20VALUES%20('Jim',%2057)=&Content-length:=0&Content-type:%20=application/json&Authorization:=%20Bearer%20ya29.AHES6ZRr9CkHptvLaYlba_u6wceIh29urI8FjFp8xMP08AcBm2qpHg
Some other notes:
-In my Google APIs Console, I'm using the "Client ID for web applications".
-I updated the FusionTable properties with the Api console email-address to allow edit capability on the fusiont table used in the above sql (1CqwRGEEn4L0gN66JwGvCR5yOI8miNMVijcp4XlE) Adding the email for edit capability to the FusionTable properties was kindly suggested by Odi for Service accounts on another related post on FusionTables).
Any help in explaining why HTTPS Post works in the OAuth playground for a sql insert to FusionTables, but not anywhere else would surely be appreciated...there must be something I'm missing, as supposedly the OAuth playground was to help illuminate how OAuth works at a detailed level so we could handle in other systems that don't necessarily have a developed OAuth library.
Update 8/23, per the suggested answer...here's a URL syntax that works in POSTMAN and uses both the OAuth API key and an active Access token which was obtained using the OAuth playground (access token is of course fake/expired).
https://www.googleapis.com/fusiontables/v1/query?sql=INSERT%20INTO%201CqwRGEEn4L0gN66JwGvCR5yOI8miNMVijcp4XlE%20(Name,%20Age)%20VALUES%20('Bob',%2031)=&Content-length:=0&Content-type:%20=application/json&key={OAuth API key}&access_token=ya29.AHES6ZST_c2CjdXeIyG8LwkprQMGGfoW45sonX0d1H51234
Try adding your API key to the POST. Even though the message refers to authentication I'm pretty sure it's not OAuth authentication but your API usage that needs to be verified.

Is SSL required to use the google plus api?

Im fairly new to Oauth2.0.
I wanted to start using the Google Plus api.
I used the following resources
"Using OAuth 2.0 to Access Google APIs" documentation.
Google Plus Oauth Api scope key
(https://www.googleapis.com/auth/plus.me).
After playing with curl and having success with other "scope keys" . I encountered the following error with the google plus scope (https://www.googleapis.com/auth/plus.me).
"Token invalid - AuthSub token has wrong scope"
Then i found the solution Google’s OAuth Pain: Token invalid – AuthSub token has wrong scope
It pointed out the following:
if you’re getting a “Token Invalid – AuthSub token has wrong scope”
error when you’re trying to use OAuth (or even AuthSub for that
matter?), make sure the scope you’re requesting is using the same
protocol as you’re using
I did what he said , took the "s" off the scope "
http://www.googleapis.com/auth/plus.me
But now it gives me this error
Does this mean that your site MUST use SSL?
Thanks for the feedback.
EDIT: Turns out i was using the wrong api
Should be https://www.googleapis.com/plus/v1/people/me?access_token=xxxx
Your site doesn't need to use SSL but all calls it makes to the Google+ API must use HTTPS. See: http://developers.google.com/+/api/oauth for more information about OAuth scopes in Google+
I found the answer, i was using the wrong url for the api
https://www.googleapis.com/plus/v1/people/me?access_token={hash}

Resources