I've created a Gmail account and linked it with Youtube.
I can sign in using the credentials on Youtube site,
but I'm getting this error when I use the data API
Exception:
com.google.gdata.util.AuthenticationException: Error authenticating (check service name)
Code:
YouTubeService service = new YouTubeService("", messages.get("youtube.devkey"));
try {
service.setUserCredentials("XXXXan#gmail.com", "alXXXX23");
} catch (AuthenticationException e) {
Can anyone explain why this is happening and/or what the service name is?
Moving my comment to a formal answer, since it seemed to have solved the problem:
There's a list of common reasons why ClientLogin might fail and suggested alternatives at http://apiblog.youtube.com/2011/03/clientlogin-fail.html
Related
I am follow the tutorial that Microsoft has provided for signing a user into a desktop application using Microsoft Identity Platform and calling ASP.NET Core Web API which calls Microsoft Graph. I believe I followed all of the steps, configuring my service and client per instructions. https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph
However upon trying to add a new "to-do", I get the following error: "Bad Request: An error occurred while calling the downstream API Code:InvalidAuthenticationToken
Message: Invalid x5t claim "
The error occurs on this call:
User user = _graphServiceClient.Me.Request().GetAsync().GetAwaiter().GetResult();
Any idea what the issue might be and how I troubleshoot?
Update: I am in the middle of troubleshooting this now with an admin. I am not getting roles back but he is and we now both agree the issue is on the azure application configuration, not the code... frustrating, but we are at least making progress.
Would you please try pasting the token into jwt.ms to decode it and inspect the claims?
I got a similar error due to a lack of access. Changing Delegated and Application Permission for Users solved the issue. You can try that.
I am having a difficult time creating a sharing link with Microsoft.Graph API that is blocking downloads and share the link with external pears.
I managed to create a link which is blocking users from downloading the shared files, however, whenever I try to grant access to this link to external pears I am getting an exception telling me that "One or more users could not be resolved".
Has anybody got a hint for me what I may be doing wrong?
My code is
Permission linkresult = driveItemRequestBuilder.CreateLink("blocksDownload", "users", null, null, null).Request().PostAsync().Result;
string base64Value = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(linkresult.Link.WebUrl));
string encodedUrl = "u!" + base64Value.TrimEnd('=').Replace('/', '_').Replace('+', '-');
So far this seems to work but once I want to grant access to the link with this code
IPermissionGrantCollectionPage grantedPermissions = this.GraphClient.Shares[encodedUrl].Permission.Grant(roles, recipients).Request().PostAsync().Result;
I am getting the exception:
Code: invalidRequest
Message: One or more users could not be resolved
I used to met the similar issue when sharing files to external users using graph api.
Finally resolved it by enabling external sharing in admin center.
Please make sure that the exteranl settings is set to Anyone both in organization-level and site-level.
I've gone through OAuth on a web application and obtained the access token...
Now, I figure I should use that access token to upload a video, but the API v3 doesn't seem to let me use it. I'm looking at YouTube Data API: .NET code samples. In particular, this line seems strange to me:
UserCredential credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(secrets,
new[] { "YouTubeService.Scope.YoutubeUpload" },
"user",
CancellationToken.None);
The third parameter user, I guess is the user name. I don't get that info from an OAuth2 response. I don't even know what is a YouTube user name - I only see display names when I look at people's YT profiles, and those display names are NOT unique. What is this third parameter?
The function name AuthorizeAsync implies that we have yet to obtain authorization - but then why go through OAuth in the first place? Having an access token to me means that the user already authorized our app to upload.
I also found this possibility of being able to pass the access token:
var token = new TokenResponse()
{
AccessToken = "xm239jjks9f98900....."
};
UserCredential credential = new UserCredential(new GoogleAuthorizationCodeFlow(
new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = secrets
}
), "userId", token);
//GoogleAuthorizationCodeFlow
YouTubeService youTubeService = new YouTubeService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = Assembly.GetExecutingAssembly().GetName().Name
});
Just by the name of "TokenResponse" seems like I shouldn't build it explicitly. Also, GoogleAuthorizationCodeFlow.Initializer has the parameter for userId, which gain, I don't know because that's not given to me by OAuth2.
The BaseClientService.Initializer() also has the ApplicationName, which is what? I don't think it's Assembly.GetExecutingAssembly().GetName().Name as I copied from somewhere.
I tried to run the code above and I'm getting the error "The access token has expired but we can't refresh it" - but the user has just logged in within the last few seconds, so that access token is new.
Sorry if I'm asking something obvious, but the official docs don't tell me anything and similar questions to what I'm asking here on SO remain unanswered. Please help!
UPDATE:
In my case, all of the code resides inside a custom-made Web API function, but I think it will work the same on any server-side page (.aspx.cs) or MVC controller.
I found out that we DO keep the literal string "user" no matter who might be logged into his/her Google account. I guess the internal workings of UserCredential or GoogleWebAuthorizationBroker know how to pull the right data, maybe from cookies (?), and the UploadAsync function will know to which account to upload the video to.
I also used the GoogleWebAuthorizationBroker instead of building the UserCredential and Token from scratch (which resulted in the "expired token" message).
Now, the thing that I luckily stumbled upon after desperately trying anything, is that I needed to set up an Installed Application (Native) of type Other, which is SEPARATE from the web application. That Installed Application will have its own set of client id and client secret. Using those credentials, the upload worked!
... But there are some things that are quite not right. The user will be asked to authenticate your client app again - but there will be a new tab open for that consent, and when you click Accept (or OK), you'll land an empty page that says something like "access code received". Your upload actually happened but this is a very dirty and unacceptable user experience issue.
I'm still not satisfied as what I think I did is hacky/wrong.
I ran into this exact problem. By examining the code, I discovered that you can work around the problem by setting the Issued and ExpiresInSeconds properties on TokenResponse:
token.Issued = DateTime.Now;
token.ExpiresInSeconds = int.MaxValue;
It's a hack, but it works like a charm! It seems like the authors of the .net client assumed that you'll always have a refresh token, as they make it difficult to use the access token alone. The java and python libraries are much more intuitive in this regard.
It does not seem to matter what you pass for the user strings.
THE PROBLEM
I was able to connect to Twitter the the HybridAuth library, and it stopped working. Posting to a Twitter account was also functional.
WHAT I HAVE TRIED
Resetting my Twitter app access tokens.
Creating an All new Twitter app.
Using the HybridAuth debug mode to troubleshoot.
THE ERROR MESSAGE
"Authentification failed. The user has canceled the authentication or the provider refused the connection.
Original error message: Authentification failed! Twitter returned an error. 401 Unauthorized."
MY RESEARCH
This seems to be attributed to the lack of the key and secret, but I set these in the Twitter config file.
THE CODE
$hybridauth = new Hybrid_Auth( $config );
$adapter = $hybridauth->authenticate( "Twitter" );
$hybridauth_session_data = $hybridauth->getSessionData();
store_session_data($hybridauth_session_data);
// get the user profile
$user_profile = $adapter->getUserProfile();
The exception is being thrown by the authenticate method. Before it would ask me to allow access via the app and now it throws the error.
If you need more information, please let me know.
Rick
So HERE's what happened and what you should know:
Twitter keeps track of the current time
If an API request to authenticate comes from a server that claims it is a time that is outside of 15 minutes of Twitter time, it will fail with a 401 error.
HOW I fixed it:
I set my server time to the correct time by using the USNO Master Clock. It happened to be just over 15 minutes offset.
This is just another solution which was my case:
Set the "Callback URL" in the Twitter App(If you are testing in local, you can use an example URL).
They didn't specify this as a mandatory field and they allow overriding this URL with the one in the HybridAuth request.
in case somebody else cant edit their server time too, there is a workaround for that. The most basic and probably not the cleanest way is just going to Hybrid/thirdparty/OAuth/OAuth.php locating generate_timestamp() function and adding what ever the time discprenecy there is between your server and gtm+0 to the time(). like this:
private static function generate_timestamp() {
return time() + 7200;
}
in my case, my server is gtm-2, so I had to add 2 hours (in seconds) to the time() function in order to make it work.
This is a follow on from my thread about a 401 error when using the Google Calendar API and OAuth2, which can be found here
This contains details of the account setup that leads onto my next question, so I wont repeat myself in this thread.
OK, so when when I call the following code to update a Calendar event I get a 403 forbidden error.
for (Event event : events.getItems())
{
event.setSummary("XXX" + event.getSummary());
Event updatedEvent = calendar.events().update(CALENDAR_ID, event.getId(), event).execute();
}
Here is the returned error message:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"message" : "Forbidden"
} ],
"message" : "Forbidden"
}
What have I tried? Well, I have re-read the (rather poor) Google documentation about Service Accounts, re-checked my API Console account settings, tried changing the code that builds the credential (this leads to other errors so is a regression on my previous thread).
In short, nothing works, so is there anything obvious I am missing?
Solved, thanks to this post.
You have to share the calendar from your Google Calendar account with the Service Account email that is generated in the Google API Console, e.g. 284XXXXXXXX#developer.gserviceaccount.com.
I can now update my calendar from my web service.
I was also getting the same error even after sharing the calendar as in the Justin's answer. After comparing with another working sample figured out that I have set
var SCOPES = ["https://www.googleapis.com/auth/calendar.readonly"];
instead of
var SCOPES = ["https://www.googleapis.com/auth/calendar"];
Hope this helps anyone who has done a similar mistake and getting this error.
In my case I had to enable the CalDAV API in the Google API console. It gives a 403 response if disabled.
I know this is an old question, but this might be helpful for someone.
For me, after trying all of the suggested solutions above, nothing worked. I got it to work after looking what scopes they were using in the documentation.
I was fetching for events, and it seemed that the https://www.googleapis.com/auth/calendar scope wasn't enough.
I had to add https://www.googleapis.com/auth/calendar.events as well to my scopes.
Hopefully it can help someone out there!