Getting authentication errors when I try and obtain my upload authorization token
https://developers.google.com/youtube/2.0/developers_guide_protocol_error_responses
Using a packet sniffer, my first error message is>
401 Token invalid - Invalid token: Cannot parse AuthSub token:
In addition to perhaps improperly formatted Auth key value, I'm wondering exactly what headers I should be including for my upload auth request.
I am using the following though think clientId has been deprecated
"Authorization", "GoogleLogin auth=\"" + authToken + "\""
"X-GData-Client", clientId
"X-GData-Key", "key=" + devKey
After changing
"Authorization", "AuthSub token="+authToken
to
Authorization", "GoogleLogin auth="+authToken
in my request I no longer get 'Cannot parse AuthSub token' error message but
I still get
Error #2032: Stream Error. URL: http://gdata.youtube.com/action/GetUploadToken
<errors>
<error>
<domain>yt:authentication</domain>
<code>Unknown</code>
</error>
</errors>
Stumped. Would really appreciate any feedback as I'm not even certain now where my error(s) exist!
ok working but not really sure how:)
Am using these 2 headers in my POST request to
'http://gdata.youtube.com/action/GetUploadToken'
"Authorization", "GoogleLogin auth="+authToken
"X-GData-Key", "key=" + devKey
And also needed to associate my youtube user developer credentials with a channel
https://groups.google.com/forum/#!msg/youtube-api-gdata/76x8vaADJWM/36O05FD7mC0J
A packet sniffer or at least adding support to read the XMl error responses is essential!
I resolved this problem by providing the correct developer key
Related
I try to use Google Photos API to upload my images, base on the steps of the following link.
https://developers.google.com/photos/library/guides/upload-media
After following the Using OAuth 2.0 for Web Server Applications, I just get the Oauth2.0_token response(a JSON format with access_token, refresh_token...). However, after I put this token string with "Bearer " into request headers, the response is error 401, the error message is "code 16 Authentication session is not defined".
I cannot find any information to deal with it, thank for any help.
You probably have incorrect permissions. Make sure you request the token with the appropriate scope. For write-only access you need 'https://www.googleapis.com/auth/photoslibrary.appendonly'
src: https://developers.google.com/photos/library/guides/authentication-authorization#what-scopes
One reason this might be happening is that you initially authorized your user for read-only access. If you went through the authorization flow with a .readonly scope, your bearer token reflects that authorization (and the token is retained in your credentials file). If you change your scope but don't get a new auth token you will get this error when trying to upload. Simply redo the authorization flow with the new scope defined:
SCOPES = 'https://www.googleapis.com/auth/photoslibrary'
store = file.Storage('path_to_store')
if not creds or creds.invalid:
flow = client.flow_from_clientsecrets('google_credentials.json', SCOPES)
creds = tools.run_flow(flow, store)
and your store will be populated with a new token that can be used for uploading.
You say you "just get the Oauth2.0_token response(a JSON format with access_token, refresh_token...)" and "put this token string with "Bearer " into request headers".
Unfortunately documentation on this isn't super clear in a lot of places. What you are supposed to provide after "Bearer" is the "access_token" field only, not the entire JSON string with all the token fields in it. For reference, this is a single string of random looking characters which probably starts with "ya29." and is pretty long - in my case it's 170 characters.
I am using OAuth 2.0 for authorization according to this documentation :(https://developers.vendhq.com/documentation/oauth.html#oauth) and having this error:
"error": "invalid_request", "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
Request
Method : POST
Content-Type: application/x-www-form-urlencoded
URL : https://{domain_prefix}.vendhq.com/api/1.0/token
Parameters :
code = {code}
client_id = {app_id}
client_secret = {app_secret}
grant_type = authorization_code
redirect_uri = {redirect_uri}
As per the RFC6749, section 4.1.3, the encoded body of a POST request should look like code={code}&client_id={app_id}&client_secret={app_secret}&grant_type=authorization_code&redirect_uri={redirect_uri}.
Example:
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb&client_id=CLIENT_ID_1234&client_secret=CLIENT_SECRET
Do not forget to encode the redirect Uri: http://foo.bar/ => http%3A%2F%2Ffoo.bar%2F
Concerning the authentication error, it may be because the authorization server do not support client secret in post request (or your client is not allowed to use it).
Then try to add the Authorization header with basic authentication scheme.
The value of this header is Basic {ENCODED_AUTHENTICATION} with {ENCODED_AUTHENTICATION} =base64(client_id + ':' + client_secret)
With this header, the client_id and client_secret in the post request have to be removed. Your request parameters become code={code}&grant_type=authorization_code&redirect_uri={redirect_uri}.
You will need to check the URL to which you are attempting to send your POST to. The service that you are attempting to contact does not exist or is currently unavailable.
I am trying to connect to QuickBooks Online, but when I try to request a token from https://oauth.intuit.com/oauth/v1/get_request_token
I am getting a signaure_invalid message. My signature matches what what googles signature generator makes: http://oauth.googlecode.com/svn/code/javascript/example/signature.html
So I am really at a loss for what QuickBooks is expecting and I am not providing. I have tried including the oauth_callback in the signature, but this did not make a difference. Does anyone have some pointers for where are I am wrong?
Here are my test app details:
ConsumerKey: qyprd46Is0FZ3v1tuE4unkw3iq6cUB
oauth_timestamp: 1398355877
oauth_nonce: X3e3aflZMeKPDwMI
oauth_callback: /qbGetOAuthToken
oauth_signature_method: HMAC-SHA1
Signature Base String: POST&https%3A%2F%2Foauth.intuit.com%2Foauth%2Fv1%2Fget_request_token&oauth_consumer_key%3Dqyprd46Is0FZ3v1tuE4unkw3iq6cUB%26oauth_nonce%3DX3e3aflZMeKPDwMI%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1398355877%26oauth_version%3D1.0
Authorization Header:
Authorization: OAuth oauth_signature_method="HMAC-SHA1",oauth_nonce="X3e3aflZMeKPDwMI",oauth_timestamp="1398355877",oauth_consumer_key="qyprd46Is0FZ3v1tuE4unkw3iq6cUB",oauth_version="1.0",oauth_signature="SJNPyQU7yuhcVvoLRUgyzw9KTlA%3D",oauth_callback="%2FqbGetOAuthToken"
For everyone's benefit-
The developer resolved this issue by twice encoding the callback URL.
How properly create oauth signature base string?
I've a problem when trying to do a webrequest to UGC and authenticate using oAuth. I'm making a webrequest such as:-
WebRequest wr = WebRequest.Create("http://ugc.service/odata.svc/Ratings(Id=200)");
wr.Headers["authorization"] = "OAuth " + auth;
Where auth is my token returned from the access_token.svc. According to the documentation the token returned from the service should be something like:-
HufXeuUt%2FYYElA8SYjJOkUkrXxV9dyXRirmKhjW%2Fb%2FU%3D
However, what I'm being returned from access_token.svc is more like:-
{"access_token":"client_id%3dtestuser%26expiresOn%3d1361898714646%26digest%3d%2fW%2fvyhQneZHrm1aGhwOlgLtA9xGWd77hkxWbjmindtM%3d","expires_in":300}
I've parsed the JSON to extract various strings and attempted to pass these through to the authorization but whatever I try I get an error in the logs - "ERROR OAuth2AccessToken - Digest is wrong." Exactly what part of the token and in what format should I be passing through to authorization?
Many thanks
John
Like you mentioned, the protocol is this:
You make a post request to the access token end-point to get a token (you need to provide here your client_id and your client_secret as headers or as query parameters);
You get an answer similar to this: {"access_token":"sometoken","expires_in":300};
2.1 Worth knowing is that the token is url encoded and in UTF-8 format so, on Java side you need to do URLDecoder.decode("sometoken", "UTF-8"); while on .NET side you need to do HttpUtility.UrlDecode("sometoken", System.Text.Encoding.UTF8);;
Your next request needs to include the authorization header. On Java side you do builder.header("authorization", "OAuth " + decodedTokenString); while on .NET side you can use Client.Headers["authorization"] = "OAuth " + DecodedTokenString;
Worth mentioning is that the SharedSecret defined in the cd_webservice_conf.xml (/Configuration/AuthenticationServer/SharedSecret/) of the TokenAccessPoint needs to be the same as the SharedSecret defined in the cd_ambient_conf.xml (/Configuration/Security/SharedSecret/) of the (WebService)EndPoint.
Are you sure you decoded properly the token gotten from the server? Are you sure that you configured the proper SharedSecret in the two configuration files?
Hope this helps.
I am following oauth authorization flow(http://developer.yahoo.com/oauth/guide/oauth-requesttoken.html) for accessing Yahoo's Contact API . I am able to get consumer key and consumer secret for my application from first step.
However I am getting "File Not Found" in 2nd step while giving URI request.
My URI request is given below===>
https://api.login.yahoo.com/oauth/v2/
get_request_token?oauth_nonce=rs2130523f788f313f76314ed3965ea6
&oauth_timestamp=1325661943
&oauth_consumer_key=dj0yJmk9VndXdnhUbkJMc2MyJmQ9WVdrOVUzcFdkbnA0TXpnbWNHbzlNamMxTXpJeU9UWXkm
cz1jb25zdW1lcnNlY3JldCZ4PTkw
&oauth_signature_method=plaintext
&oauth_signature=1daaeb467916f4331023fc5fce3cb6b6c27ac7ed
&oauth_version=1.0
&xoauth_lang_pref="en-us"
&oauth_callback="http://mysitename.freetzi.com/index.html"
Can you please tell why I am getting "File not found"?
The response status code is 401 if there is something wrong with your parameters. So you got the "File not found" error. But you can see the error message in the http header with Firebug. Your problem is if the oauth_signature_method is plaintext, you should add a %26 after your oauth_signature
Like this
&oauth_signature_method=plaintext
&oauth_signature=1daaeb467916f4331023fc5fce3cb6b6c27ac7ed%26
&oauth_version=1.0
Hope this helps.