i try to access to BigQuery via the REST API from my webserver by this request for example:
https://www.googleapis.com/bigquery/v2/projects/project%3Aid/queries?fields=rows&key={YOUR_API_KEY}
As {YOUR_API_KEY} I use the API key for server apps from the Google API Console but I get a "401 Unauthorized"
What's the right way to do this request from a server without user interaction for authentication?
Google BigQuery does not support access via API key authorization. Instead, you should be using the OAuth flow that matches what you are trying to do with your application. See the BigQuery Authorization documentation here.
Without knowing anything about your implementation language I can only point you towards the google documentation: https://developers.google.com/bigquery/ which is fairly comprehensive.
Should you be using c# then you can check here on SO Google OAuth2 Service Account Access Token Request gives 'Invalid Request' Response
Related
I am having trouble understanding how to accomplish this. I have Firebase functions running on my application. I am using an external API in which I can configure Webhooks to hit an endpoint on my Firebase functions to perform an action. To make sure that the call comes from this external API, they recommend using an oauth2 flow. Mainly they ask me for:
Provide us (the external API) with an ID and an access token;
these are used to access a URL which provides a bearer token;
this bearer token is then used to access the provided webhook URL until the bearer
token expires after a pre-determined period of time.
And there are 4 input fields:
1. OAuth2 access token url
2. OAuth2 client id
3. OAuth client secret
4. OAuth2 Scope. <---- NOT SURE WHAT THIS ONE MEANS
My question is how do I generate the access token and the client id for this external API?
What value should I put for the oAuth2 scope?
Thanks!
I was able to figure this out using auth0. In one of their documentations, they cleared explained what I was trying to accomplish. Posting here to future reference in case any one needs it.
Thanks all!
reference: https://auth0.com/docs/authorization/flows/client-credentials-flow#learn-more
You can generate the client ID and client secret in the Console > Credentials.
Cloud Functions API oAuth2 scope is https://www.googleapis.com/auth/cloud-platform.
I would like to get some clarification on whether or to what degree OAuth 2.0 can be used with EWS applications. Here is my situation: I maintain an application that accesses Office 365 data. It uses EWS with Basic authentication. In response to the plan to no longer support Basic authentication and to deprecate EWS, I developed a new version of the application that uses Microsoft Graph and OAuth 2.0. I had no problem getting OAuth to work. However there are still some significant shortcomings in Graph (for our needs) so what I would like to do now is support OAuth in our original EWS application.
My hope was that I could just take a token generated in the same way I do in the Graph application, and feed it into my EWS calls in the "Authorization: bearer ..." header of the http call. (I am not using the EWS managed API or any kind of authentication library, just making direct http calls using libcurl). Unfortunately this results in http error 401 Unauthorized.
Here is how I am obtaining the token:
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
with data:
client_id={client_id}&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret={client_secret}&grant_type=client_credentials
This produces http 200 and a returned token:
eyJ0eXAiOiJKV1QiLCJub25jZSI6...
As I said, using this token in the Authorization header of the EWS call fails with http 401. However, using the same token with a Graph call works. I did try replacing the scope with ""https://outlook.office365.com/.default" but it produced the same results.
I have looked at the API permissions granted to my application in the Azure portal. They are all of type Microsoft Graph. I don't see any "EWS" permissions available to request. Could this be my problem?
Any help on this issue will be appreciated, thank you.
Update: I did go ahead and add all the "Legacy Exchange" API permissions, and re-authorized my test tenant for the application. Still no luck. I am trying to execute the "GetFolder" EWS API. Only the graph.microsoft.com scope works to get a token, so maybe that needs to change?
I would suggest you start with https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth
For EWS if you are using the Client Credentials grant (which is what you using in you example) then the only permission that will work is the full_access_as_app which is under the legacy Exchange Application permissions. The scope you need to use is https://outlook.office365.com/.default . You can check the token your generating in https://jwt.io/ . Eg the Audience should be for outlook.office365.com and the scope should have full_access_as_app.
The one last thing you need to do in your EWS code is to include the EWS impersonation header set to the Mailbox you want to impersonate (or access) eg
<soap:Header>
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:PrimarySmtpAddress>alisa#contoso.com</t: PrimarySmtpAddress>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
I have already used google sheets API before, but it seems now they have new policy, so I can't add the required scope that allows you to write data (in my case - metadata) to a spreadsheet (https://www.googleapis.com/auth/spreadsheets) without verification. (I get 403: "Request had insufficient authentication scopes.")
Is there any way to write data to a spreadsheet, even just for developing (maybe write only to a sheet that I have created as the owner of the project) without verification, or maybe I'm doing something wrong?
According to the Google Sheets API documentation:
When your application requests private data, the request must be authorized by an authenticated user who has access to that data.
Every request your application sends to the Google Sheets API needs to identify your application to Google. There are two ways to identify your application: using an OAuth 2.0 token (which also authorizes the request) and/or using the application's API key.
Therefore, the scope you are using, the https://www.googleapis.com/auth/spreadsheets is the one which allows reading and/or writing acces to the user's sheets and their properties and it requires authorization.
So what you can do to solve your issue, is to use a service account.
You should create one for your project in the API console and then your application will make authorized requests by using the account's credentials to request the access token from the OAuth 2.0 server. Hence, the authentication procedure won't be necessary every time since the application will be calling the API on behalf of the service account.
Furthermore, I suggest you take a look at these links, since they might be of help:
Authorize Request with Google Sheets API v4;
Using OAuth 2.0 for Server to Server Applications;
Using OAuth 2.0 to Acces Google's APIs.
I am trying to use the bitbucket API for getting details of my repositories, issue, etc., but I am not able to find a clear way of authenticating the API request.
I would like to have a simple way of authenticating the endpoints like
https://api.bitbucket.org/2.0/repositories/usamarehank_dckap?access_token={my_access_token}
Here I obtained the access token from the app password section of my account.
I am getting an error on doing so like
{"type": "error", "error": {"message": "Access token expired. Use your >refresh token to obtain a new access token."}}
I tried using consumer key creation but I am not sure where to plug those values in the request and with the OAuth it asks for client_id which I am pretty sure not giving in the docs where to get them.
How would I basically do a simple access_token request just like github API without any OAuth?
Right, this access_token is part of the OAuth authentication process: https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html
To use just these app passwords you can create via your profile, you need to use simple Basic Authentication with that app password.
You can read a bit more about it here: https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication
I am developing a google app engine - java project where I want to integrate Salesforce APIs.
I want to authorize user with Oauth 2.0 and want to retrieve contacts of the authorized user.
Salesforce API returns code in response of the first request and then again I request for the access token from the code.
With the access token when I call any of the service API it gives me following error
[{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}]
I found the issue.
In configurations Administration Profile was missing to be connected with Apps whose client ID and secret I was using.
you are not getting valid access token.
generate the proper url to get the access token
https://developer.salesforce.com/page/Digging_Deeper_into_OAuth_2.0_at_Salesforce.com
For more proper information, you can have a look of this