I am sending an HTTP post request to a custom report in Google Analytics, that I have created. The OAuth2.0 authentication works fine, and I get my access token. But when sending the custom report request I get the following error:
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED"
}
}
The user I use for OAuth is the same user that has created the custom report, so I do not know how can I not have sufficient authentication scopes.
This is a request header I do not understand:
www-authenticate: Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/analytics.readonly https://www.googleapis.com/auth/analytics https://www.google.com/analytics/feeds https://www.google.com/analytics/feeds/data https://www.google.com/analytics/feeds/ https://www.google.com/analytics/feeds/accounts https://www.google.com/analytics/feeds/accounts/default"
I have tried this same thing with other account and I don't receive this response header, so I assume it is related to the error.
Thanks.
Related
I am able to log a user in okay with the Firebase Auth SDK implementation. However, it does seem that when the issued JWT expires, the user is logged out, and the automatic token refresh from the SDK fails.
The error I get is this:
{
"error": {
"code": 403,
"message": "Requests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_SERVICE_BLOCKED",
"domain": "googleapis.com",
"metadata": {
"service": "securetoken.googleapis.com",
"consumer": "projects/621503541053"
}
}
]
}
}
I don't understand what permissions I might need to grant. The config and API key are from the Firebase console, generated for the Web App I registered there.
The documentation shows that this error is caused due to not having the right APIs enabled. According to this post Firebase authentication, the following needs to be enabled:
Requests to this API firebaseinstallations.googleapis.com method google.firebase.installations.v1.FirebaseInstallationsService.CreateInstallation are blocked.
If you enable restrictions for your API, go to Google Cloud Console -> Credentials, Edit API key -> API restrictions, and enable Firebase Installations API.
com.google.firebase.FirebaseException: An internal error has occurred. [Requests to this API identitytoolkit method google.cloud.identitytoolkit.v1.AuthenticationService.SignInWithIdp are blocked.]
Enable Identity Toolkit API to your API restrictions.
Requests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.
Enable Token Service API to your API restrictions.
Enabling the “Token Service API”, along with the “Identity Toolkit API” or “Anonymous Sign-in” should solve the error.
I am trying to send fcm message to specific topic by using cURL command but it says error like
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I used server key from firebase console
I followed this FCM Documentation
How to resolve this 401 error.
Actually I think why, this is because you need a Service account that will handle it for you.
So follow the steps here and this will make you generate a new key pair. With this key, you can get the access token from a code (see in python below but the documentation has support for NodeJS / Java) :
def _get_access_token():
"""Retrieve a valid access token that can be used to authorize requests.
:return: Access token.
"""
credentials = ServiceAccountCredentials.from_json_keyfile_name(
'service-account.json', SCOPES)
access_token_info = credentials.get_access_token()
return access_token_info.access_tokenmessaging.py
And you just have to print this value, copy-paste it and use it as the Bearer OAuth 2 access token.
I have successfully created a Bearer Token and I would like to request data from the Tour Planning/VRP API. However, I always get the following response:
{
"error": "Forbidden",
"error_description": "These credentials do not authorize access"
}
If I try to make the request with the APIKey instead of the Bearer Token, I don't get authentification.
Could you please tell me how a can make a request using my Token?
I am currently trying to do the request with Postman.
Thanks
Manuel
I'am working on a project which has an API built with symfony2 as backend. After logging in and getting token when I try to sent get request with generated token this issue happend
-->"code": 401,
"message": "Invalid credentials"
attached my config.yml and security.yml setting
security.yml file
requet get to backend api
It seem that your postman request is malformated
The correct format for the Authorization bearer header is:
Authorization: Bearer yourToken
Tell me if the error message change !
I hope this will solve your issue
I am currently trying to use the Google Identity Toolkit Token Service REST API (https://developers.google.com/identity/toolkit/reference/securetoken/rest/v1/token) to generate an access token which I can use in my backend server.
When I specifying "authorization_code" as "grant_type" and the gtoken cookie value after authentication as "code" in the POST request to https://securetoken.googleapis.com/v1/token, I get a 403 response with the following error message:
{
"error": {
"code": 403,
"message": "The request cannot be identified with a client project. Please pass a valid API key with the request.",
"status": "PERMISSION_DENIED"
}
}
I inspected the gtoken value via a JWT decoder and it looks to be correct in format. In particular I can see that aud is set to my application/client ID. The documentation doesn't say anything about specifying API key - usually I would expect that to be specified in the Authorization header. So I am not sure what I am missing here.
Any pointer to this matter would be appreciated.
An API key in the URL is required when calling Google Identity Toolkit APIs (including the Token Service API). However, I would suggest you take a look at the new version of the service - Firebase Authentication. The Firebase Auth SDK has build-in support of the Token Service API.