Unable to link account in Device Access Console - nest-device-access

I created project in device access console and established my OAuth. When I add my project and id into the script I receive the following error in the browser:
Can't link to NewHA
I am new to this - so any advise is appreciated

first when you make the first request:
redirect_uri=https://www.google.com&
access_type=offline&
prompt=consent&
client_id=oauth2-client-id&
response_type=code&
scope=https://www.googleapis.com/auth/sdm.service```
the `project_id` references to the sandbox project_id.
https://developers.google.com/nest/device-access/authorize?authuser=4#link_your_account
"Open the following link in a web browser, **replacing project-id with your Device Access Project ID** and oauth2-client-id with the OAuth2 Client ID from your GCP Credentials"
**another issue you may have** can happen from the account you used to open the device-access-Project. **it must be a private and not G suit account** (ending with #gmail.com and not #comapyName.com).
this is because the nest doesn't let you create a G Suit account (https://stackoverflow.com/questions/64074857/pcm-no-access-to-partner)
and you can't invite a private nest user to your google home while using the G suit user (as this isn't possible)-
https://support.google.com/googlenest/thread/426784?hl=en&msgid=560455
so even if you created the 'sandbox' with the G-suitaccount you can't use it to invite a private user (and will have to re open the account and pay again 5$)

Related

Client doesn't have sufficient permission

I am currently running
library(googlesheets4)
sheets_auth()
dat=read_sheet("https://docs.google.com/spreadsheets/d/1R9XuH9Wej-p6HdkFGV2IsHuCmA9w0s7M3-jzE3S-Qrs/edit#gid=950673024", sheet="Summary", range=cell_rows(1:777))
and getting the following output.
Suitable tokens found in the cache, associated with these emails:
* dcallow#umd.edu
* ddcc2442#gmail.com
The first will be used.
Using an auto-discovered, cached token.
To suppress this message, modify your code or options to clearly consent to the use of a cached token.
See gargle's "Non-interactive auth" vignette for more details:
https://gargle.r-lib.org/articles/non-interactive-auth.html
The googlesheets4 package is using a cached token for dcallow#umd.edu.
>
> dat=read_sheet("https://docs.google.com/spreadsheets/d/1R9XuH9Wej-p6HdkFGV2IsHuCmA9w0s7M3-jzE3S-Qrs/edit#gid=950673024", sheet="Summary", range=cell_rows(1:777))
Error: Client error: (403) PERMISSION_DENIED
* Client does not have sufficient permission. This can happen because the OAuth token does not have the right scopes, the client doesn't have permission, or the API has not been enabled for the client project.
* The caller does not have permission
I am unsure if the issue is that it is forcing me to use the first email? Is it possible to change to the second token? But I am also confused about why I am no longer being asked to go into my google account to authenticate things?
Any ideas why this might be occurring? I am new to API's.
This could be because while you logged in using gs_auth, you must have selected the wrong permissions. To re assign your permissions, first deauth using gs_deauth() and then use gs_auth() and in the next option, enter 0 in the Selection: to re-initialize your accesses to google account.
Make sure in the browser window while assigning the permissions, you select the checkbox to read, write the spreadsheets.
Please comment if you're unable to do it.
Keep Coding!
For me the solution was:
googlesheets4::gs4_deauth()
googlesheets4::gs4_auth()
Then when you call the second one, DO NOT press 1 to select your email, instead press 0 to fetch a new token:
The googlesheets4 package is requesting access to your Google account.
Select a pre-authorised account or enter '0' to obtain a new token.
Press Esc/Ctrl + C to cancel.
1: your.email#gmail.com
you can try with this
library(googlesheets4)
gs4_auth_configure(api_key = "A..............bMGBUA")
you should create a api key in credentials
https://console.cloud.google.com/apis/credentials
i wait that it can help you
You can also
'Set GoogleSheet link to 'Anyone on the internet with this link can view' under the 'Share' button on the googlesheet page.
Then:
googlesheets4::gs4_deauth()
CellROSConc <- read_sheet("https://docs.google.com/spreadsheets/d/1bxTIKTNfv-n3Y-JMJCOlt14Ec3e4tSdBQZg-HiuypOY/edit?usp=sharing")

does "app_key" means the same as "app_code" for HERE geocoding credentials on Python?

I am trying to geocode some addresses with python
so I created a freemium account on https://developer.here.com
my code is this
(...)
here = Here(here_config.app_id, here_config.app_code, timeout=5)
here.geocode(string_to_geocode)
I am getting the following error message:
HTTP Error 401: Unauthorized
my doubt comes from the difference between the terms "app_code" on my code sample and "app_key" on my credential screen.
Is there another step I need to do in order to get a "app_code" or is my "app_key" already supposed to be it?
P.S. on that same screen Here provides me an option of getting JAVASCRIPT keys, HERE SDK FOR IOS (PREMIUM EDITION) [this option cleary has a button that says "generate app_key and app_code", however, I am not developing a cellphone app, but a python program.
What am I missing ?
here_credential_screen
App ID and App Code have been replaced. We encourage all users to switch to API Key or OAuth 2.0 (JSON Web Tokens) authentication. Please be aware that as part of adapting to the new authentication method, some endpoints have also changed.
please check the new domains here
You can either use your ApiKey or App_Id/App_Code.
for example like this-
https://geocoder.ls.hereapi.com/6.2/geocode.json?apiKey={YOUR_API_KEY}&searchtext=425+W+Randolph+Chicago
https://developer.here.com/documentation/geocoder/dev_guide/topics/quick-start-geocode.html

OpenAM J2EE agent installation bringing down tomcat

OpenAM version -12 , Agent version 3.5 and 3.3 , tomcat version 7
I have tried to follow the link https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012 to set up my J2EE Agent. Let me paste the steps after asking the question(see at the end)
but I am getting the error as asked below
Not able to configure J2ee agent on adding my customized data store for users
I have tried to use 3.5 version installed and uninstalled multiple times and tried previous version.
There is a nice discussion on this topic at http://database.developer-works.com/article/16009911/%22Cannot+obtain+Application+SSO+token%22+error
but it did not help me much.
I am using LDAP so I have used LDAP realm and subjects are showing up ok. Also I am observing that the policy tab has changed quite a bit from how it is described in the Blogs.
Now with the roadblock I am not sure how to proceed as the error is not giving me any clue what to do. I even added the file named AMConfig.properties in the classpath with username and password of the agent and tried the username and password of the OpenAM admin too as suggested in the discussion mentioned. but that too did not help.
The issue is the Tomcat now is not starting and giving error that AMConfig.properties properties are needed
I know the OpenAM Realm setup is good as I am able to login via this realm to another application (Liferay) where I just have to give the URL for use OpenAM integration. but after uninstallation of the agent the tomcat starts without any error and i am able to login to the application
-------------------Step copied from 1st link(modified)--------------------------
1. Configure your OpenAM agent (tried both 3.5 and 3.3 version on tomcat 7)
a. Log into OpenAM as the admin user and navigate to "Access Control -> (Your Realm) - where in my case LDAP Realm (other application using it without issue)
b. Select Policies -> New Policy
c. Enter Share as the policy name and then create 2 new URL Policy agent rules
d. 1st Resource Name = http://:/share/*
e. 2nd Resource Name = http://alfresco.domain.com:8080/share/*?*
f. Add a subjects - already part of LDAP Realm
g. Now select Agents -> J2EE - > (your J2EE agent)
h. Select the Application tab
i. Login Processing -> Login Form URI - add /share/page/dologin
j. Logout Processing -> Application Logout URL - add Map Key = share - Corresponding Map Value = /share/page/dologout
k. Not Enforced URI Processing - Add 2 entries - /share and /share/
l. Profile Attributes Processing - Select HTTP_HEADER and add Map Key = uid - Corresponding Map Value = SsoUserHeader (This is what I called my header in the alfresco-global.properties file - see below)
Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader
NOTE- It does not seem possible to configure SSO where the Guest login has been disabled. There are webscripts used on the Alfresco repository that need guest login.
That concludes the setup for Alfresco and OpenAM
For Share you need to have the following section uncommented in your share-config-custom.xml
alfresco/web-extension/alfresco-system.p12
pkcs12
alfresco-system
alfrescoCookie
Alfresco Connector
Connects to an Alfresco instance using cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
alfrescoHeader
Alfresco Connector
Connects to an Alfresco instance using header and cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
SsoUserHeader
alfresco
Alfresco - user access
Access to Alfresco Repository WebScripts that require user authentication
alfrescoHeader
http://alfreso.domain.com:8080/alfresco/wcs
user
true
Notice I am not using the SSL cert and in my alfrescoHeader connector I have used SsoUserHeader (as setup in OpenAM) and the endpoint uses the alfrescoHeader connector
Now you need to add the OpenAM filter to the Share web.xml file
Add the following filter just before the Share SSO authentication support filter
Agent
com.sun.identity.agents.filter.AmAgentFilter
Add the following filter mapping to the filter-mapping section
Agent
REQUEST
INCLUDE
FORWARD
ERROR
----- End ----------
The error message is a bit misleading: the Cannot obtain application SSO token in general means that the agent was unable to authenticate itself. When you install the agent, the agent asks for a profile name and a password file, those values need to correspond to the agent profile configured within OpenAM.
To test if you can authenticate as the user, you could simply try to authenticate as the agent by making the following request:
curl -d "username=profilename&password=password&uri=realm=/%26module=Application" http://aldaris.sch.bme.hu:8080/openam/identity/authenticate
In the above command the realm value needs to be the same as the value for the "com.sun.identity.agents.config.organization.name" property defined in OpenSSOAgentBootstrap.properties (under the agent's install directory).
Having bad username/password combination is only one of the possible root causes for this exception though. It is also possible that during startup the agent was unable to connect to OpenAM to authenticate itself. In those cases the problem could be:
network error, firewall issues preventing the agent from contacting OpenAM
SSL trust issues: agent's JVM does not trust the certificate of OpenAM's container (only problem if you've installed the agent by providing OpenAM's HTTPS URL and the certificate is self-signed or just simply not trusted by the JVM)

How do you fix Google OAuth API - (403) There is a per-IP or per-Referer restriction configured on your API key

I have recently moved a project over to another server. The domain name is the same, it has just been pointed to the new server. The URL is exactly the same. Since moving the project over however I get this error when the app tries to connect to googles OAuth api.
{
"name": "Error calling GET https:\/\/www.googleapis.com\/analytics\/v3\/management\/accounts\/~all\/webproperties\/~all\/profiles?key=AIzaSyBKUP8JriiOnFnbJm_QYt_bHTMuHf-ilAI: (403) There is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your API key configuration if request from this IP or referer should be allowed.",
"url": "\/analytics\/statistics.json"
}
The obvious reason (based on the error message) would be that I haven't added the new server IP into the list of allowed IP's in the devlopers console under APIs & auth->Credentials->Key for server applications.
I have added the IP. I've checked the domain has propagated by pinging it and the new IP comes up which has been entered in the console so i'm struggling to work out why it doesn't work.
Has anybody come across this before that may be able to help me solve it?
Go to Project -> APIs & Auth -> Credentials -> API Key -> Create New Key -> Browser Key. It may take upto 5 minutes to reflect changes.
And it worked for me.
After you added your new server IP you need to generate a new API key from the Console. This message shows up when access in not properly configured. Look here and scroll down to "accessNotConfigured".
So, go to your developer console, Project -> APIs & Auth -> Credentials -> Public API Access -> Create New Key -> Server Key. Use this new key and you should be good to go.
I've had this problem for a while as well but finally solved it:
I noticed when trying wget http://bot.whatismyipaddress.com/ from my server it would actually return an IPv6-address, when on the API key's config page I had entered the IPv4-Address of my server. Once I added the IPv6-Address, my requests where finally accepted.
Go to Project -> APIs & Auth -> Credentials -> Public API Access -> Create New Key -> Server Key >> Accept requests from these server IP addresses (Optional) section,
then remove all the IP Address and Update it first, then try it. And, later you can add the specific IP address which did weirdly work for me.

Unable to run pushtest Apigee sample

I am trying to run the pushtest sample that ships with the iOS SDK. In the .m file I have replaced the org name, app name and notifier name( which I have named 'apple'). I have the provisioning set up for my iPad. When I run the code, I don't see any window asking me to allow push notifications. On clicking the push to this device, the terminal spits out this error:
2014-01-30 14:04:20.525 Push Test[2970:60b] displaying alert. title: Error, message: {"error":"unauthorized","timestamp":1391119457656,"duration":0,"exception":"org.apache.shiro.authz.UnauthorizedException","error_description":"Subject does not have permission [applications:post:ed031740-7e90-11e3-a906-25e89414fcd7:/notifications]"}
I believe this is because the app has not obtained push permission, however, the alert window asking for this was not presented in the first case. How can I fix this?
"error":"unauthorized"`
This is an indication that your request requires authentication and you're not authorized to access the endpoint.
Push notifications out of the box require authentication - either an access_token (recommended) or client_id/secret. Try including the access_token in your header (instructions here).
If you want to disable authentication, you can add the GUEST role to /notifications (instructions here).
You need to give permissions to your application role:
curl -X POST "https://api.usergrid.com///roles/ -d '{"name":"nameforrole","title":"titleforrole","permission" : "GET,PUT,POST,DELETE:/users/me/**"}'

Resources