RingCentral invalid_client [ThirdPartyAppAccess] permission required error - user-permissions

What is the following error and how can I resolve this? The error was thrown when I was trying to do 3-legged OAuth. I also found that only some of the user have this issue. There was no problem if I use my own username to authorize. But some users return this error.
{
"error" : "invalid_client",
"error_description" : "[ThirdPartyAppAccess] permission required",
"errors" : [ {
"errorCode" : "CMN-408",
"message" : "[ThirdPartyAppAccess] permission required",
"parameters" : [ {
"parameterName" : "permissionName",
"parameterValue" : "ThirdPartyAppAccess"
} ]
} ]
}

To find out information on this permission, call the following endpoint with permissionId = ThirdPartyAppAccess.
GET /restapi/v1.0/dictionary/permission/{permissionId}
GET /restapi/v1.0/dictionary/permission/ThirdPartyAppAccess
You will receive the following response which indicates you should enable the "Third Party Apps Access" permission for the user's role in the RingCentral Online Account Portal (https://service.ringcentral.com).
{
"uri": "https://platform.devtest.ringcentral.com/restapi/v1.0/dictionary/permission/ThirdPartyAppAccess",
"id": "ThirdPartyAppAccess",
"displayName": "Third Party Apps Access",
"assignable": true,
"readOnly": false,
"siteCompatible": "Independent",
"category": {
"uri": "https://platform.devtest.ringcentral.com/restapi/v1.0/dictionary/permission-category/Features",
"id": "Features"
},
"includedPermissions": []
}
Read more on this permission here:
https://success.ringcentral.com/articles/RC_Knowledge_Article/5-10-Editing-the-Extension-Permissions-via-Web
See the following answer for more info which also includes how to check if a user has a permission:
https://stackoverflow.com/a/50978630/1908967

Related

Google Consent API

The samples and documentation for the Cloud Healthcare Consent API need a refresh. For instance, when POST to attributeDefinitions?attributeDefinitionId=requester_identity
with BODY:
{
"description": "what groups are consented for access",
"category": "REQUEST",
"allowedValues": [
"fhirUser"
]
}
{
"error": {
"code": 400,
"message": "attribute definition ID malformed, must match ^[_a-zA-Z][_a-zA-Z0-9]{0,255}$",
"status": "INVALID_ARGUMENT"
}
}
These are the values straight from the documentation.
This was an error on my side. The proxy was dropping the query string parameter. The value in the documentation is correct.

The forbidden error occurs, when I try to link an account to another user with an email

I have a user's refresh token with these scopes:
'https://www.googleapis.com/auth/analytics https://www.googleapis.com/auth/analytics.edit https://www.googleapis.com/auth/analytics.readonly https://www.googleapis.com/auth/analytics.manage.users’’
The user has a few accounts and a forbidden error occurs for XXXX2 account when I try to give access to an account to another user(you can see at the below code and account list json). I checked this account's effective permission field, I see that it is an empty array as you can see below as well.
In my opinion, this error reason is that this user does not have ‘manage_users’ permissions for this account(XXXX2), so this is an expected error, isn't it?
PS: I can link XXXX1 properly with the below code.
My code :
linkAccount = self.service.management().accountUserLinks().insert(
accountId=accountId,
body={
'permissions': {
'local': [
'EDIT',
'MANAGE_USERS'
]
},
'userRef': {
'email': email}}).execute()
User Account list :
{
"id": "XXXX1",
"kind": "analytics#account",
"selfLink": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX1”,
"name": "XXXX1",
"permissions": {
"effective": [
"COLLABORATE",
"EDIT",
"MANAGE_USERS",
"READ_AND_ANALYZE"
]
},
"created": "2014-02-17T17:52:10.911Z",
"updated": "2019-06-04T16:06:12.717Z",
"childLink": {
"type": "analytics#webproperties",
"href": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX1/webproperties"
}
},
{
"id": "XXXX2”,
"kind": "analytics#account",
"selfLink": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX2”,
"name": "XXXX2",
"permissions": {
"effective": []
},
"created": "2015-07-02T19:11:16.307Z",
"updated": "2019-03-05T21:16:19.552Z",
"childLink": {
"type": "analytics#webproperties",
"href": "https://www.googleapis.com/analytics/v3/management/accounts/XXXX2/webproperties"
}
}
Error Code :
<HttpError 403 when requesting https://analytics.googleapis.com/analytics/v3/management/accounts/XXXXX/entityUserLinks?alt=json returned "User does not have permission to perform this operation.". Details: "User does not have permission to perform this operation."
I would check what access the currently authenticated user has to the account in question.
If the user you are authenticated with only has read access. To the Analytica account there not going to be able to give your application the ability to add another user.

Sending a notification through Firebase's FCM API Test

I'm currently trying to send a notification using the " Try this API " interface of Firebase.
I filled my Request Body with this :
{
"validateOnly": false,
"message": {
"notification": {
"body": "Body",
"title": "Title"
}
}
}
and the RequestParameters with
projects/myprojectid
I didn't check the Google API Key since my project doesn't have one, but I checked the Google OAuth 2.0.
After executing, I get this error :
{
"error": {
"code": 400,
"message": "Recipient of the message is not set.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"field": "message",
"description": "Recipient of the message is not set."
}
]
},
{
"#type": "type.googleapis.com/google.firebase.fcm.v1.FcmError",
"errorCode": "INVALID_ARGUMENT"
}
]
}
}
After some research, I don't understand what is missing in the request. Are all the parameters mandatory for the request ?
You're not specifying who the message is for, which is what the error message is trying to tell you. You can do by either including a token key with one of more device tokens, or a topic or condition key in the JSON.
Also see the Firebase documentation on building requests to send a message for more information and examples of each of these.

Google analytics creating accoung, insufficientPermissions, your project does not have access to this feature

I'm trying to create an account via google api from symfony using the mediafigaro/google-analytics-api-symfony.
I got my token from jwt with the "**https://www.googleapis.com/auth/analytics.provision**" scope.
But when I send the post request, I got this exception:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Your project does not have access to this feature."
}
],
"code": 403,
"message": "Your project does not have access to this feature."
}
}
I already gave to my service account, the access to the main analytics account

Adding ACL records for FreeBusyReader

I am trying to add a new ACL record to add a domain as freeBusyReader as described here.
Whenever I POST to
https://www.googleapis.com/calendar/v3/calendars/r...#resource.calendar.google.com/acl with a new domain I receive an error:
# Request
{
"scope": {
"type": "domain",
"value": "domain.com"
},
"role": "freeBusyReader"
}
# Reply
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Not Found"
}
],
"code": 404,
"message": "Not Found"
}
}
Weirdly though, it works for domains for which there is already some ACL rule. Those I can even change, so I assume that neither existence of the resource nor authorization is not the problem as suggested in the docs.
You can check this documentation about How to update the ACL of a Google Calendar with the Google APIs Explorer. If the user you want to grant access to is included in the response, you can proceed to update the ACL of the calendar.
For more info:
Working with ACl in Google Calendar

Resources