When making requests to the Google OAuth2 API according to their documentation/guide, I keep getting 401 Unauthorized responses from https://accounts.google.com/oauth2/v4/token even though I swear I'm giving all the required fields:
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
User-Agent: curl/7.47.0
Accept: */*
Content-Length: 311
Content-Type: application/x-www-form-urlencoded
client_id=REDACTED
&client_secret=REDACTED
&code=REDACTED
&grant_type=authorization_code
&redirect_uri=https%3A%2F%2Flocalhost%2Fsso%3Fredirect%3D%252F
Response:
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Vary: X-Origin
Vary: Referer
Date: Wed, 03 Jul 2019 16:14:15 GMT
Server: scaffolding on HTTPServer2
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="46,43,39"
Accept-Ranges: none
Vary: Origin,Accept-Encoding
Transfer-Encoding: chunked
{
"error": "invalid_client",
"error_description": "Unauthorized"
}
I've checked and triple-checked my client_id, client_secret, authorized hosts and redirect_uri, and looked through similar problems on stack overflow, but nothing seems to work... why is this happening to me :(
It's because Google's guide/documentation are lying to you. That's not the right endpoint, and instead of saying so, it's giving you that extremely unhelpful error message. Hopefully, they'll be made aware of this SO post/answer and fix it. To find out the actual URL to use to obtain an authorization token, you can click on the "Download JSON" button on your credentials' view page on console.developers.google.com, instead of just copy/pasting the client_id and client_secret. Then you'll get something that looks like this:
{
"web": {
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"client_id": "REDACTED",
"client_secret": "REDACTED",
"javascript_origins": [
"https://localhost"
],
"project_id": "REDACTED",
"redirect_uris": [
"https://localhost/sso?redirect=%2F"
],
"token_uri": "https://oauth2.googleapis.com/token"
}
}
and there you have it. The REAL token URI.
Related
I am testing a Firebase Message to my project. I am using the OAuth 2.0 playground to send the payload to the "messages:send" rest API.
However, when sending the request it is returns with "500 internet server error".
I do the same thing on another identical project (with a different project ID naturally) and it works with no problem. Does anyone know why?
I have enabled the API service in Google cloud.
The only difference is that I am logged in to a different Firebase Google account as they are 2 different projects for 2 separate clients.
EDIT: Additional information - this is only occurring when using Tokens generated from the Microsoft Edge browser. User tokens provided through Firefox and Chrome work fine.
HTTP Method: POST
Request URI: https://fcm.googleapis.com/v1/projects/myprojectnamehere/messages:send
Request:
POST /v1/projects/myprojectnamehere/messages:send HTTP/1.1
Host: fcm.googleapis.com
Content-length: 867
Content-type: application/json
Authorization: Bearer yj29.a0AV...........(removed for example code)
{
"message": {
"token": "thetokenId...(removed for example code)",
"data": {
"body":"Body of Your Notification in data",
"title":"Title of Your Notification in data",
"image":"http://image.shutterstock.com/image-vector/sample-stamp-rubber-style-red-260nw-1811246308.jpg",
"icon":"http://image.shutterstock.com/image-vector/sample-stamp-rubber-style-red-260nw-1811246308.jpg",
}
}
}
Response:
HTTP/1.1 500 Internal Server Error
Content-length: 253
X-xss-protection: 0
X-content-type-options: nosniff
Transfer-encoding: chunked
Vary: Origin, X-Origin, Referer
Server: scaffolding on HTTPServer2
-content-encoding: gzip
Cache-control: private
Date: Wed, 24 Aug 2022 14:17:43 GMT
X-frame-options: SAMEORIGIN
Alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-type: application/json; charset=UTF-8
{
"error": {
"status": "INTERNAL",
"message": "Internal error encountered.",
"code": 500,
"details": [
{
"errorCode": "INTERNAL",
"#type": "type.googleapis.com/google.firebase.fcm.v1.FcmError"
}
]
}
}
we have been running Google Analytics(GA) API for several accounts .
It works well for all the accounts except for one which occasionally(not always) fails and returns the error 500.
Regarding the account with the problem, the error 500 started to happen since last year(2020/DEC).
The occurrence of this error(500) shows a tendency to happen when the API CALL is made to fetch reports for periods over 3 days (However the chance of this error for periods shorter than 3 days so far has not been zero.)
Regarding the explanation above↑ the problem seems to be in GA side.
May we ask your assistance to check up the situation and help us to solve the problem.
We deeply appreciate all your help and kindness.
Below, As an example I paste the returned response(error 500) for the API call we made in 2021/JULY/8.
Best regards,
Shahin
I, [2021-07-09T18:11:44.314945 #13000] INFO -- : get https://analytics.googleapis.com/analytics/v3/data/ga?dimensions=ga%3Adate%2Cga%3AadDistributionNetwork%2Cga%3AsourceMedium%2Cga%3AadKeywordMatchType%2Cga%3Akeyword%2Cga%3AadContent%2Cga%3Acampaign&end-date=2021-07-08&ids=ga%3A61390358&max-results=1000&metrics=ga%3Agoal11Completions%2Cga%3Agoal12Completions%2Cga%3Agoal13Completions%2Cga%3Agoal14Completions%2Cga%3Agoal15Completions%2Cga%3Agoal16Completions%2Cga%3Agoal17Completions%2Cga%3Agoal18Completions%2Cga%3Agoal19Completions%2Cga%3Agoal20Completions&samplingLevel=HIGHER_PRECISION&start-date=2021-07-04&start-index=2001
D, [2021-07-09T18:11:48.813256 #13000] DEBUG -- request: User-Agent: "analytics/v3 google-api-ruby-client/0.8.6 Linux/2.6.32-431.el6.x86_64\n (gzip)"
Accept-Encoding: "gzip"
Content-Type: ""
Authorization: "Bearer ya29.a0ARrdaM9m7nl7eZ40UtyNPMLo-quMyknO5gC6d60ucF2zhN3WgO_YcsHtldGyqpjuTsHUJAFurvcC3cryutiB2U2P_Wf-gM6DtnhkAqEjoPfCKwsWeuz8wrFgXfa7M3QknRcFDFrWO0CNrEKeDG7caf0B1R49Rws"
Cache-Control: "no-store"
D, [2021-07-09T18:11:48.813315 #13000] DEBUG -- request:
I, [2021-07-09T18:12:48.790970 #13000] INFO -- Status: 500
D, [2021-07-09T18:12:48.791044 #13000] DEBUG -- response: vary: "Origin, X-Origin, Referer"
content-type: "application/json; charset=UTF-8"
date: "Fri, 09 Jul 2021 09:12:48 GMT"
server: "ESF"
cache-control: "private"
x-xss-protection: "0"
x-frame-options: "SAMEORIGIN"
x-content-type-options: "nosniff"
alt-svc: "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\""
connection: "close"
transfer-encoding: "chunked"
D, [2021-07-09T18:12:48.791065 #13000] DEBUG -- response: {
"error": {
"code": 500,
"message": "There was an internal error.",
"errors": [
{
"message": "There was an internal error.",
"domain": "global",
"reason": "internalError"
}
]
}
}
I'm implementing jwt with wordpress in vueNative App. When i am call the api i am getting the provisional headers are show warning. I am getting the 403 error also .below is my code that i wrote.
axios.post('https://ishopee.in/wp-json/jwt-auth/v1/token',null,{
headers: {
'username': 'nayanjariwala123456789#gmail.com',
'password': 'Baby_0123'
}
})
.then(res => {
console.log("---->SuccessFully Login".res);
})
.catch(err => {
console.log('--->'+err);
})
And This is the request i made from my vue native app
header
Request URL: https://ishopee.in/wp-json/jwt-auth/v1/token
Request Method: POST
Status Code: 403 Forbidden
Referrer Policy: no-referrer-when-downgrade
Response Headers
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Allow: POST
Alt-Svc: quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8
Date: Wed, 16 Oct 2019 08:33:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <https://ishopee.in/wp-json/>; rel="https://api.w.org/"
null: HTTP/1.1 403 Forbidden
Pragma: no-cache
Server: LiteSpeed
Set-Cookie: PHPSESSID=dd9ecfdbdae48539a6bd1d1847d68c1d; path=/
Transfer-Encoding: chunked
X-Android-Received-Millis: 1571214780555
X-Android-Response-Source: NETWORK 403
X-Android-Selected-Protocol: http/1.1
X-Android-Sent-Millis: 1571214777449
X-Content-Type-Options: nosniff
X-Powered-By: PHP/7.1.28
X-Robots-Tag: noindex
Request Header
Provisional headers are shown
Accept: application/json, text/plain, */*
Content-Type: application/x-www-form-urlencoded
password: Baby_0123
username: nayanjariwala123456789#gmail.com
JSON body Seems working i made the below request and now it works
axios.post('https://ishopee.in/wp-json/jwt-auth/v1/token',
{
'username': 'nayanjariwala123456789#gmail.com',
'password': 'Baby_123'
}
})
.then(res => {
console.log("--->SuccessFully Login".res);
})
.catch(err => {
console.log('--->'+err);
})
I have a problem that relates to the authentication with the google.
I followed the tutorials and finally managed to reach google site where I can select the choose an account section. Then I select one and get redirect to the local address: https://localhost:44377/signin-google?state ...
but there I get:
An unhandled exception occurred while processing the request.
Exception: OAuth token endpoint failure: Status: Unauthorized;Headers: Cache-Control: max-age=0, private
Date: Sat, 10 Feb 2018 22:14:21 GMT
Transfer-Encoding: chunked
Accept-Ranges: none
Server: GSE
Vary: X-Origin, Origin, Accept-Encoding
WWW-Authenticate: Bearer realm="https://accounts.google.com/"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
;Body: {
"error": "invalid_client",
"error_description": "Unauthorized"
}
;
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()
Any help in investigating this would be very helpful.
Some (but not all) Google accounts consistently respond with a 401 when trying to access the Google Calendar API despite tokeninfo telling me the access token I'm using has the proper scope (see curl output below). I can successfully obtain a new access token using a refresh token, but the calendar api continues to 401.
Does anyone have an idea why this might be happening?
$ curl -v https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[redacted]
* Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /oauth2/v3/tokeninfo?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: Mon, 01 Jan 1990 00:00:00 GMT
< Date: Tue, 18 Oct 2016 22:00:45 GMT
< Vary: X-Origin
< Content-Type: application/json; charset=UTF-8
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"azp": "[redacted].apps.googleusercontent.com",
"aud": "[redacted].apps.googleusercontent.com",
"sub": "[redacted]",
"scope": "https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar",
"exp": "1476831626",
"expires_in": "3581",
"email": "[redacted]",
"email_verified": "true",
"access_type": "offline"
}
* Connection #0 to host www.googleapis.com left intact
$ curl -v https://www.googleapis.com/calendar/v3/users/me/calendarList?access_token=[redacted]
* Trying 216.58.195.74...
* Connected to www.googleapis.com (216.58.195.74) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.googleapis.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /calendar/v3/users/me/calendarList?access_token=[redacted] HTTP/1.1
> Host: www.googleapis.com
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< Vary: X-Origin
< WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
< Content-Type: application/json; charset=UTF-8
< Date: Tue, 18 Oct 2016 22:01:14 GMT
< Expires: Tue, 18 Oct 2016 22:01:14 GMT
< Cache-Control: private, max-age=0
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32"
< Accept-Ranges: none
< Vary: Origin,Accept-Encoding
< Transfer-Encoding: chunked
<
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
* Connection #0 to host www.googleapis.com left intact
I was able to reproduce the situation by creating a google apps user whose sub-organization has Google Calendar turned off. Google will still allow the user to grant calendar access and will indicate the scope has been granted but will 401 in the way described when you try to call any Google Calendar API endpoints with their access token.
Google, please make your error message clearer or prevent the initial scope grant when requesting access to an app that has been turned off by an administrator!
This was happening for my client, even with Google Calendar enabled.
Turns out they'd let the free 14 day trial expire, and hadn't entered a credit card for payment. Error disappeared once they'd sorted that.