I am trying to upload a video to youtube from an iPhone "installed application" with GData for ObjectiveC.
Currently I receive an error on my upload ticket: ServiceException - error code 500.
From the documentation I cannot figure out what this error means and what I am doing wrong:
500 (Internal error) - A 500 response code indicates that YouTube
experienced an error handling a request. You could retry the request
at a later time.
I received only this error for more then a week (so this is not a temporary outage) and I've tryied with different product registrations for the Youtube API.
Can anyone spot what I am doing wrong in my request ?
Below you can find the log from GData's GTMHttpDebugLogs:
uploadTicket:finishedWithEntry:error:
2012-10-18 17:13:26 +0000
Request: POST https://uploads.gdata.youtube.com/resumable/feeds/api/users/default/uploads
Request headers:
Accept: application/atom+xml, text/xml
Authorization: AuthSub token=<authorization subtoken refreshed every time>
Cache-Control: no-cache
Content-Length: 793
Content-Type: application/atom+xml; charset=utf-8
GData-Version: 2.0
Slug: video-filename.mp4
User-Agent: <bundle>/2.0.0 GData-ObjectiveC/1.12 iPhone/5.1 (gzip)
X-GData-Key: key=<my developer key
X-Upload-Content-Length: 4005670
X-Upload-Content-Type: video/mp4
Request body: (793 bytes)
<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:gml="http://www.opengis.net/gml" xmlns:app="http://www.w3.org/2007/app" xmlns:georss="http://www.georss.org/georss" xmlns:gd="http://schemas.google.com/g/2005" xmlns:media="http://search.yahoo.com/mrss/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:yt="http://gdata.youtube.com/schemas/2007"><yt:accessControl action="list"/><media:group><media:description>Video description here</media:description><media:keywords/><media:category scheme="http://gdata.youtube.com/schemas/2007/categories.cat">Music</media:category><media:title>Video title here</media:title></media:group></entry>
Response: status 500
Response headers:
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 171
Content-Type: application/vnd.google.gdata.error+xml
Date: Thu, 18 Oct 2012 17:13:19 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Server: HTTP Upload Server Built on Oct 3 2012 16:52:30 (1349308350)
X-GData-User-Country: US
X-GUploader-UploadID: <### I made this upload id anonymous ###>
Response body: (171 bytes)
<errors xmlns='http://schemas.google.com/g/2005'><error><domain>GData</domain><code>ServiceException</code><internalReason>Internal Error</internalReason></error></errors>
-----------------------------------------------------------
This is being caused by <yt:accessControl action="list"/> in your request, which isn't a valid value. It should be something like <yt:accessControl action='list' permission='denied'/>
That being said, the API should handle that gracefully and not return an internal server error. I'll file a bug with the relevant folks internally to fix that.
Related
I'm trying to follow the documentation "https://developers.google.com/accounts/docs/OAuth_ref" to migrate oAuth to oAuth2 but keep getting an error
In the "APIs & auth" - "Credentials" Section in our API developers console we have 1 Client ID for web application set up along with a number of service account client Ids.
The client Ids appear to be in a format xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com for each client ID that is set up.
If I use the exact Id for the 'client ID for web application' in the format [xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com] then I get an error
{
"error" : "invalid_client"
}
If I use the more generic client ID [ xxxxxxxxxxxx.apps.googleusercontent.com
] then I get the following error
{
"error" : "disabled_client",
"error_description" : "The OAuth client was disabled."
}
Here is my post request from Fiddler
POST https://accounts.google.com/o/oauth2/token HTTP/1.1
Authorization: OAuth realm="",oauth_consumer_key="<consumerKey>",oauth_token="<token>",oauth_timestamp="1400680750",oauth_nonce="6637551",oauth_signature_method="HMAC-SHA1",oauth_signature="I%2FCOsR1BrGQHnqTeyhX4GUrKrv8%3D"
Content-Type: application/x-www-form-urlencoded
Host: accounts.google.com
Content-Length: 151
Expect: 100-continue
Connection: Keep-Alive
grant_type=urn:ietf:params:oauth:grant-type:migration:oauth1&client_id=<clientID>.apps.googleusercontent.com&client_secret={<client_secret>}
Here is the base string I use for oauth_signature
POST&https://accounts.google.com/o/oauth2/token&client_id=<clientID>.apps.googleusercontent.com&client_secret=<clientSecret>&grant_type=urn:ietf:params:oauth:grant-type:migration:oauth1&oauth_consumer_key=<consumerKey>&oauth_nonce=2648138&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1400681371&oauth_token=<token>
Here is the response I get from Google
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Wed, 21 May 2014 13:59:16 GMT
Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked
5b
{
"error" : "disabled_client",
"error_description" : "The OAuth client was disabled."
}
0
Any suggestions?
Here a related post: https://groups.google.com/forum/#!topic/google-analytics-data-export-api/yveoPwSVzCQ
As for Owen's suggestion, I am pretty sure the error is not related to oauth1 vs oauth2 client type validation but rather to the provided oauth2 credentials (client id and client secret).
It turns out that the POST body that I was sending to google was incorrect.
Originally I had sent
grant_type=urn:ietf:params:oauth:grant-type:migration:oauth1&client_id=<clientID>.apps.googleusercontent.com&client_secret={<client_secret>}
Note the { } around the client_secret. When I removed these then I no longer got the errors.
Now I can pass in the client_id in the format xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com and the client_secret without { } and I get a sucessful response.
The reason for the other error that I had been receiving was that the client id in the format xxxxxxxxxxxx.apps.googleusercontent.com was an old client_id that had been deleted and was no longer visible on the Google Developer console.
When using httpClient to connect to twitter I Always get this response
responseString{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version:
1.1, Content:System.Net.Http.StreamContent, Headers: { strict-transport-security: max-age=631138519 Date: Fri, 31 Jan 2014
00:35:10 UTC Set-Cookie: guest_id=v1%3A139112851013762159;
Domain=.twitter.com; Path=/; Expires=Sun, 31-Jan-2016 00:35:10 UTC
Server: tfe Content-Length: 63 Content-Type: application/json;
charset=utf-8 } }
System.Net.Http.HttpResponseMessage
I googled
strict-transport-security: max-age
found people suggested to change the access setting of the twitter app to Read, Write and Access direct messages, i Did so but nothing changed , so if any one faced the same problem or any body has suggestions , it would be appreciated
There are multiple reasons this might happen. I have this question on the LINQ to Twitter FAQ with several suggestions on how to debug:
https://linqtotwitter.codeplex.com/wikipage?title=LINQ%20to%20Twitter%20FAQ
I don't know what I do wrong, but everytime I tried to obtain the token (after user authentication of course), the result is always Invalid grant_type parameter or parameter missing
Possibly related to Box API always returns invalid grant_type parameter on obtaining access token
Here is my fiddler result:
POST https://api.box.com/oauth2/token HTTP/1.1
Host: api.box.com
Content-Length: 157
Expect: 100-continue
Connection: Keep-Alive
grant_type=authorization_code&code=nnqtYcoik7cjtHQYyn3Af8uk4LG3rYYh&client_id=[myclientId]&client_secret=[mysecret]
Result:
HTTP/1.1 400 Bad Request
Server: nginx
Date: Thu, 07 Mar 2013 11:18:36 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: box_visitor_id=5138778bf12a01.27393131; expires=Fri, 07-Mar-2014 11:18:35 GMT; path=/; domain=.box.com
Set-Cookie: country_code=US; expires=Mon, 06-May-2013 11:18:36 GMT; path=/
Cache-Control: no-store
Content-Length: 99
{"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}
Even following the curl example gives the same error. Any help would be appreciated.
Edit: tried with additional redirect_uri params but still the same error
POST https://api.box.com/oauth2/token HTTP/1.1
Content-Type: application/json; charset=UTF-8
Host: api.box.com
Content-Length: 187
Expect: 100-continue
Connection: Keep-Alive
grant_type=authorization_code&code=R3JxS7UPm8Gjc0y7YLj9qxifdzBYzLOZ&client_id=*****&client_secret=*****&redirect_uri=http://localhost
Result:
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sat, 09 Mar 2013 00:46:38 GMT
Content-Type: application/json
Connection: keep-alive
Set-Cookie: box_visitor_id=513a866ec5cfe0.48604831; expires=Sun, 09-Mar-2014 00:46:38 GMT; path=/; domain=.box.com
Set-Cookie: country_code=US; expires=Wed, 08-May-2013 00:46:38 GMT; path=/
Cache-Control: no-store
Content-Length: 99
{"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}
Looks like Box requires a correct Content-Type: application/x-www-form-urlencoded request header in addition to properly URL encoding the parameters. The same seems to apply to refresh and revoke requests.
Also, per RFC 6749, the redirect_uri is only
REQUIRED, if the "redirect_uri" parameter was included in the authorization request
as described in Section 4.1.1, and their values MUST be identical.
I was facing a similar issue.
The problem is not with Content-Type.
The issue is with the lifecycle of code you receive.
One key aspect not mentioned in most places is that the code you get on redirect lasts only 30 seconds.
To get the access token and refresh token, you have to make the post request in 30 seconds or less.
If you fail to do that, you get the stated error. I found the info here.
Below code worked for me. Keep in mind, the 30-second rule.
import requests
url = 'https://api.box.com/oauth2/token'
data = [
('grant_type', 'authorization_code'),
('client_id', 'YOUR_CLIENT_ID'),
('client_secret', 'YOUR_CLIENT_SECRET'),
('code', 'XXXXXX'),
]
response = requests.post(url, data=data)
print(response.content)
Hope that helps.
You are missing the redirect URI parameter. Try:
POST https://api.box.com/oauth2/token HTTP/1.1
Host: api.box.com
Content-Length: 157
Expect: 100-continue
Connection: Keep-Alive
grant_type=authorization_code&code=nnqtYcoik7cjtHQYyn3Af8uk4LG3rYYh&client_id=[myclientId]&client_secret=[mysecret]&redirect_uri=[your-redirect-uri]
I have also face same issue implementing oauth2. I have add Content-Type: application/x-www-form-urlencoded. When I add content-type my issue solved.
Check and add valid content-type.
Not sure who might need this in the future but be sure you're sending a POST request to get the access token and not trying to retrieve it by using GET or if you're testing- pasting in the address bar won't work, you need to send a POST request with the data in the BODY and not as query parameter.
Also the code usually lasts for a few seconds, so you need to use it as soon as its sent back.
In trying to upload a scorm package via the REST API the upload is not working.
PUT /d2l/api/lr/(D2LVERSION: version)/objects/
http://docs.valence.desire2learn.com/res/lor.html
We are always refused based on 403 permission.
Are there any settings I should look at? Also looking for a trace of this working.
As long as the account you are authenticated with can perform the function in the web UI it is expected that the API will also function.
If you are getting keys back from the login process but this call is failing you could try a basic call from the sample such as "whoami". If that works your keys are correct.
If the keys are correct and some GET calls are working, you may need to pass a different method to the signing call in the sdk. (The method is part of the signature).
Here is an example of a working trace. 403 errors often have a body that will provide additional information. Note the security parameters are: x_a,x_b,x_c,x_d,x_t parameters on the call.
PUT http://smihai-7:44459/d2l/api/LR/1.0/objects/?repositoryId=1&x_t=1339183935&x_a=L2Hd9WvDTcyiyu5n2AEgpg&x_c=tfJFhSUaczOeOGqDFPXPq8NSBPj2sOhz4U3RacqWRMY&x_b=TestToken&x_d=BEl7kdCcrjenkpBt9ri5dkt4bdEgCo6xfZDWIpkKctA HTTP/1.1
Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml
User-Agent: RestSharp 101.3.0.0
Host: smihai-7:44459
Content-Type: multipart/form-data; boundary=-----------------------------28947758029299
Content-Length: 1203
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
-------------------------------28947758029299
Content-Disposition: form-data; name="Resource"; filename="Hello World Module.zip"
Content-Type: application/zip
PK???u?h?]G?g???????????Hello World Topic.htmlM??
?#??A??wwo?xH+???h????b
[o+ ????oD??RYW9u??????}J,?q
d2?[!%E|Crj?Wo{34??Xg??s???L?3??+??/?????*??W?W3?Fyb w?>?cR?Zrf?*???b??PK???u?h?N2?T??n?????imsmanifest.xml?V??0?#?Q??m#TI?.b ?XF??5?????k,?$~???6I??Vt??s?=g?x???%7)??J?i4 P?f\???????????DR?W`]?(?WL???g??d???s?,.&i?q????r??jT?kI??E?C?fsmd6-?q??G? .?f?i??4???!??v\???o?7$\jH%
??K??~P??m?`E?¥a)?C????v???6????#???U~?????x???[fe?.?3????~W???;B_?,???V#B?HE???:??q?e???s??_E? 1wK??<R????T??.9YE??SkP`?????*UT??3???j??#'??#2?;?e_c?#g.????}?p?>?c??????\?
????~,u????\s?M*L?U???E??
??????Kzp\E?X#?%\p???\??R
X-????%??C??????7?|??/&?=???h????l?\?\???????P???s??))??Td??K?????{?Y?+????v?gTN??h$?
?E'E?aB?UD????PK-????u?h?]G?g?????????????????????????Hello World Topic.htmlPK-????u?h?N2?T??n???????????????????imsmanifest.xmlPK??????????E????
-------------------------------28947758029299--
And the response is like this:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 69
Content-Type: application/json; charset=UTF-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-XSS-Protection: 0
Date: Fri, 08 Jun 2012 19:32:22 GMT
{"IdentId":4,"Version":1,"ExecutionMessage":null,"ExecutionStatus":0}
By default, Asp.Net MVC (at least my setup) seems to send a header with the value
Cache-Control: private, s-maxage=0
I need to remove the s-maxage=0 part. The reason is that IE6 seems to handle the content-disposition: attachment header wrong if this header is present.
The end effect I observe is that if the user chooses to Open the downloaded file instead of saving it, it is not actually saved. The difference between the working non-mvc version and the non-working mvc version is just this header.
Working response:
HTTP/1.1 200 OK
Server: ASP.NET Development Server/9.0.0.0
Date: Thu, 10 Feb 2011 19:35:47 GMT
X-AspNet-Version: 2.0.50727
Content-Disposition: attachment; filename=results.txt
Cache-Control: private
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 210
Connection: Close
<<DATA>>
Non-working response:
HTTP/1.1 200 OK
Server: ASP.NET Development Server/9.0.0.0
Date: Thu, 10 Feb 2011 20:24:04 GMT
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 1.0
Content-Disposition: attachment; filename=results.txt
Cache-Control: private, s-maxage=0
Content-Type: text/plain
Content-Length: 90
Connection: Close
<<DATA>>