HTTP PATCH request for marking the email as read and for locking the message in mailbox are not working with only ROPC grant.
Other Mail write operations like Delete message is not working only with ROPC grant.
With other grants like Authorization Code grant, they are working.
It was working since last week and it suddenly stopped working.
Mail.ReadWrite and Mail.ReadWrite.Shared API permissions are given to our Azure client and also granted admin consent as well. Please find the API permissions screenshot attached: API Permissions screenshot for our Azure application.
Could you please check this at your earliest time possible?
--
Thanks
Prasanth
Related
We have a web page using microsoft single sign on. When we redirect the user to login to our application, we send them to :
https://login.microsoftonline.com/common/oauth2/authorize?scope=user.read&response_type=code&client_id=a5342222-a222-222d-87c3-222222222222&redirect_uri=${ourappurl}/office365handler
We want to be able to access the user's proxyAddresses (their alias emails) as often users are not using their upn to receive emails. When the user logs in, we are unable to call
https://graph.microsoft.com/v1.0/me?$select=proxyAddresses
as we get Access Denied.
Do we need to redirect the user to login.microsoftonline.com with additional scopes? If so, which scope do we need? We've gone over the docs but can't find anything relevant.
Thanks!
• As you are encountering ‘Access denied’ Status code 400 message after running the query in Microsoft Graph Explorer while retrieving the details of proxy addresses of the signed in users, you have not provided appropriate permissions to Microsoft Graph API for accessing and reading the users data in your tenant. To do so, please provide the below permissions to Microsoft Graph API and Explorer application and ensure that Admin consent is allowed for each permission requested below: -
Go to Azure AD in your tenant --> Enterprise Applications --> Graph Explorer --> Permissions --> In that, search for the below permissions and select them, please select these permissions under ‘admin consent’ tab as below: -
‘ Directory.AccessAsUser.All, Directory.ReadWrite.All, User.Read, User.ReadBasic.All, User.ReadWrite, User.ReadWrite.All’(These permissions are required at least to read users’ data in Azure AD)
Once, these permissions are granted, you will be able to run the graph query and gain the output correctly. Also, please find the below graph query to read any users’ proxy addresses through graph explorer.
' https://graph.microsoft.com/v1.0/users/user#domain.com?$select=proxyaddresses '
I am using Google Analytics API to fetch analytics data. I tried to authenticate it using following steps:
Created OAuth client ID in https://console.developers.google.com/ credentials section.
In consent screen I had set publishing status as testing
In OAuth 2.0 Playground I got the refresh token using above generated client id and client secret
Then I am using it to generate access token through it.
But after a few days, the refresh token expires although it is mentioned that the refresh token's validity is life long.
If your app is in testing mode then user tokens will expire in 7 days. Please find this explanations here: https://support.google.com/cloud/answer/10311615#zippy=%2Ctesting
I needed to send mails from a gmail account that I have access to, using nodemailer. It works for a couple of days before my refresh token is mysteriously revoked, even though the account belongs to me. A google search brought me here and I had been watching for a while hoping someone would help with a solution.
As you mentioned, this seems to happen with only test/unverified apps and I'm guessing google revokes tokens for such applications in your account after a few days. After much trials and errors, here is what I did.
NOTE: This is solution is only applicable to accounts you own, otherwise you must verify your app to access other people's accounts
Generate a new refresh token (existing one is most likely revoked) as described in this SO post
Go to the security tab of your google account dashboard
Under the Recent security activity section, you should see a security alert for your app.
Click on the context menu next to the notification and click DISMISS
At this point you'll be presented with a dialog of options where you indicate the level of trust you have for the app. I just went ahead and said I trusted the developer/app, obviously. And that's it! The refresh token should persist after this.
I could not find anything related anywhere else.
The other answer pointed me in the right direction but for me the option was located somewhere else: security > security checkup/security issues found > context menu next to your app > dismiss
This issue seems to be for unverified apps, Simply delete the token file from your project and rerun the project, it will create a new token.
My problem was when I've added access_token instead of refresh_token.
What I did:
Go to https://console.cloud.google.com/apis/credentials/consent and change from the testing status to published.
Delete the current token file.
Authorize the API again by signing into your gmail account. You will be sent to a warning screen. From there, you can choose to proceed.
When done you'll get a new token file
The solution is to delete your token.json file to force Google to find a new token.
I was able to get it to work WITHOUT a verified app. Perhaps the refresh() method will work once my app is verified. Not sure on that one.
My end goal is to register my API to receive notifications of leads generated by LinkedIn for my business's Company Page. The docs here say I need to register at https://api.linkedin.com/v2/leadNotificationUrls using the r_ads_ge_automation permission. I'm trying to acquire this type of access token by using a web browser to hit https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=client_id_for_my_application&redirect_uri=https://my.company.net/api/oauth/linkedin&state=Testing12345&scope=r_ads_leadgen_automation, then logging in as a user that is an admin for the respective company page, then acquiring authentication code, and finally requesting an access token.
The problem is that when I try to hit https://www.linkedin.com/oauth/v2/authorization (with the query params above), I get an error response stating "r_ads_leadgen is not authorized for your application". I can't find any kind of application configuration that is supposed to give this permission to my application.
Can anyone help? Thank you
Permissions are offered to select Partners only. Have you applied to a Partner Program https://business.linkedin.com/marketing-solutions/marketing-partners/become-a-partner?
Hi generated secret file using OAuth 2.0 client ID. In that secret file, I do not see any google mail address to authenticate or access permissions to that mail address. Still facing below error.
Arg, there was an API error : 403 : User does not have sufficient permissions for this profile.
How come I know, to which user, we do not have sufficient previliges?
Please help me with this
You have created an Oauth2 client for use with your application. When the application runs a user will need to login using their Google account and grant the application (client) access to their data. I have an article that explains how google oauth2 works if you are interested. Oauth2 for beginners
User does not have sufficient permissions for this profile.
Means that the user you have authenticated with does not have access to the Google Analytics profile you are trying to request data form. Try doing an Accountsummires.list this will return a list of the Google Analytics accounts that the current authenticated user has access to and the ones you will be able to request data from.
Question: How come I know, to which user, we do not have sufficient privileges?
You have a profile id you are trying to access find someone who has access to that profile and have them run your application. When they have logged in and authenticated they will be able to see the data.
Asking the question here as the linkedin help forum directed to post things related to API on stackoverflow.
I am developing a feature on our org website to show the top 5 company page feeds setup in linkedin. Ive already setup the required access in developer.linkedin and the whole flow works in the developer.linkedin REST console to fetch the feed.
I am currently recieving this error when i try from my machine to fetch the auth token with a valid client id and secret created.
https://www.linkedin.com/oauth/v2/accessToken?grant_type=client_credentials&client_id=OMITTED&client_secret=OMITTED
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens" }
The documentation also mentions that this flow isn't available by default and the users will need to contact linkedin.
https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow
"By default, your application will not have the ability to use LinkedIn's client credentials flow. Contact us to have your application granted permission to use this flow."
What would be the next steps in requesting access to this flow for my org?.
As outlined here:
By default, your application will not have the ability to use LinkedIn's client credentials flow. Contact us to have your application granted permission to use this flow.
The next step would be to contact them directly or Apply to become a Partner
and if accepted you'll be granted access to additional data outside of the scope of the user authentication flow (which basically means you'll be able to make calls directly from your application to access certain information)
I think the answer is well explained by API-University, since the creation of an application in order to get the access_token, will solve the communication issue.
Link to the explanation: https://api-university.com/blog/api-usage/how-to-use-the-linkedin-api-and-oauth/