I am following this example: https://developers.google.com/analytics/devguides/reporting/core/v3/quickstart/web-php
After the auth token expires, I get this error:
Fatal error: Uncaught Google_Service_Exception: { "error": { "code": 401, "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "errors": [ { "message": "Request had invalid authentication credentials.", "reason": "authError" } ], "status": "UNAUTHENTICATED" } } in /Users/stephenbarrett/Reporting/src/Google/Http/REST.php:118 Stack trace: #0 /Users/stephenbarrett/Reporting/src/Google/Http/REST.php(94): Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...') #1 /Users/stephenbarrett/Reporting/src/Google/Task/Runner.php(176): Google_Http_REST::doExecute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...') #2 /Users/stephenbarrett/Reporting/src/Google/Http/REST.php(58): Google_Task_Runner->run() #3 /Users/steph in /Users/stephenbarrett/Reporting/src/Google/Http/REST.php on line 118
I went back to the basics and just used the same from the quickstart documentation and I got the same error after the Auth Token expired (1 hour). I'm using the PHP solution. And I noticed that there is an IF statement stating that the Auth Token doesn't exist get the oAuth2callback file, but it's not redirecting to the file at all. I have to manually enter in the oAuth2callback.php in the url and then I am able to renew my Auth Token. I'm just wondering why the IF statement is not working when using their sample code. Any help is greatly appreciated.
UPDATE
I figured it out. I added another if statement to check the timestamp against the current timestamp to make it refresh the Auth Token
1) Register your application in the Google Developers Console
2) Authorize access to Google Analytics data.
3) Create an Analytics service object
please refer the following url:
Google Analytics API Returning 401 On Example Code
Related
I am trying to run a simple report on GA4 by using Google Analytics Data API Python client with a regular user credentials:
request = RunReportRequest(
property=f"properties/11111",
dimensions=[Dimension(name=f['name']) for f in report_definition['dimensions']],
metrics=[Metric(name=f['expression']) for f in report_definition['metrics']],
date_ranges=[DateRange(start_date=date, end_date=date)],
)
response = client.run_report(request)
And the client is BetaAnalyticsDataClient as also mentioned in the documentation:
credentials = Credentials(
token=None,
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
client = BetaAnalyticsDataClient(credentials=credentials)
It is not a Service Account so I am using google.oauth2.credentials.Credentials class as same in other Google APIs.
However, this operation is throwing an exception during the run_report function:
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Getting metadata from plugin failed with error: ('invalid_grant: Bad Request', {'error': 'invalid_grant', 'error_description': 'Bad Request'})"
debug_error_string = "UNKNOWN:Error received from peer analyticsdata.googleapis.com:443 {created_time:"2023-01-14T14:12:10.907813+03:00", grpc_status:14, grpc_message:"Getting metadata from plugin failed with error: (\'invalid_grant: Bad Request\', {\'error\': \'invalid_grant\', \'error_description\': \'Bad Request\'})"}"
>
And when I try to use my access token in the credentials:
credentials = Credentials(
token=config["token"],
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
This time I am getting following error:
google.api_core.exceptions.Unauthenticated: 401 Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
I am sure that my credentials is correct since I am using same account in my other repos.
Also, note that, I tried same operation with a service account and it does not give any error. However, for this purpose, I need to use a regular developer account since the OAuth flow is on a frontend project.
What are the suggestions on that issue? Is it possible to use a developer account in here and if yes, how?
I was able to fix the issue. The app just needs a sign-out sign-in (or refreshing the access token).
We are getting 200 success while hitting endpoints like create signup URL, create enterprise, create enrollment token etc. through API Explorer or Postman. But while we are trying to hit the "create web token" endpoint we are getting 400 error.
We are implementing Google Android Management API. Finally, we are proceeding for implementing iframe which required the web token as it's carrier. But we are failing to do so.
For your reference:
enrollmentTokens.create endpoint Link below:
https://developers.google.com/android/management/reference/rest/v1/enterprises.enrollmentTokens/create
In the API explorer we are providing
parent = enterprises/LC00x1u8p0 and selecting Google OAuth 2.0 credentials.
With this much information API Explorer giving 200 success message.
enterprises.webTokens.create endpoint Link below:
https://developers.google.com/android/management/reference/rest/v1/enterprises.webTokens/create
In the API explorer we are providing
parent = enterprises/LC00x1u8p0 and selecting Google OAuth 2.0 credentials.
With this the same information API Explorer giving 400 error. I have posted the error message and unable to understand where is the error coming.
Is our console cloud project need any special supplement for giving access to web token? or what exactly is the lacking that giving this 400 error?
We are failing to understand the error message. Please check the below response.
{
"error": {
"code": 400,
"message": "domain: \"gdata.CoreErrorDomain\"\ncode: \"INVALID_VALUE\"\nargument: \"tokenSpec.parent\"\ndebug_info: \"code: INVALID_VALUE\\nhttp status: 400\\narguments: [tokenSpec.parent]\\nvalue: \\ncause: com.google.wireless.android.vending.enterprise.common.exceptions.InvalidParameterException: EnterpriseException{httpStatus=400, code=gdata.CoreErrorDomain.INVALID_VALUE, arguments=[tokenSpec.parent]}\\n\\tat com.google.wireless.android.vending.enterprise.common.exceptions.InvalidParameterException$Builder.build(InvalidParameterException.java:60)\\n\\tat com.google.wireless.android.vending.enterprise.business.EmbeddedUiServiceImpl.validate(EmbeddedUiServiceImpl.java:173)\\n\\tat com.google.wireless.android.vending.enterprise.business.EmbeddedUiServiceImpl.createWebToken(EmbeddedUiServiceImpl.java:123)\\n\\tat com.google.wireless.android.vending.enterprise.actions.mdmapi.EnterpriseActions$CreateWebTokenAction.execute(EnterpriseActions.java:360)\\n\\tat com.google.apps.framework.request.impl.InterceptorInvocation$Rpc.beforeProceed(InterceptorInvocation.java:147)\\n\\tat com.google.apps.framework.request.impl.InterceptorInvocation.proceed(InterceptorInvocation.java:158)\\n\\tat com.google.apps.framework.request.impl.RpcDispatcher.proceed(RpcDispatcher.java:136)\\n\\tat com.google.apps.framework.request.impl.RpcDispatcher.proceed(RpcDispatcher.java:42)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.doExecuteChainInternal(AbstractDispatcher.java:503)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.doExecuteChain(AbstractDispatcher.java:497)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.execute(AbstractDispatcher.java:331)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.executeAsync(AbstractDispatcher.java:254)\\n\\tat com.google.apps.framework.request.impl.RpcDispatcher.handleRpc(RpcDispatcher.java:126)\\n\\tat com.google.apps.framework.request.impl.RpcScopedHandlerFactoryImpl.run(RpcScopedHandlerFactoryImpl.java:276)\\n\\tat com.google.apps.framework.request.impl.RpcScopedHandlerFactoryImpl$2.handleRequest(RpcScopedHandlerFactoryImpl.java:126)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInterceptor2Util$RpcApplicationHandlerAdaptor.handleRequest(RpcServerInterceptor2Util.java:82)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInternalContext.runRpcInApplicationWithCancellation(RpcServerInternalContext.java:672)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInternalContext.lambda$runRpcInApplication$0(RpcServerInternalContext.java:637)\\n\\tat io.grpc.Context.run(Context.java:536)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInternalContext.runRpcInApplication(RpcServerInternalContext.java:637)\\n\\tat com.google.net.rpc3.impl.server.RpcServerChannel$4.apply(RpcServerChannel.java:1026)\\n\\tat com.google.net.rpc3.impl.server.RpcServerChannel$4.apply(RpcServerChannel.java:996)\\n\\tat com.google.common.util.concurrent.AbstractTransformFuture$TransformFuture.doTransform(AbstractTransformFuture.java:253)\\n\\tat com.google.common.util.concurrent.AbstractTransformFuture$TransformFuture.doTransform(AbstractTransformFuture.java:243)\\n\\tat com.google.common.util.concurrent.AbstractTransformFuture.run(AbstractTransformFuture.java:124)\\n\\tat com.google.common.context.ContextRunnable.runInContext(ContextRunnable.java:89)\\n\\tat com.google.common.context.ContextRunnable$1.run(ContextRunnable.java:78)\\n\\tat io.grpc.Context.run(Context.java:536)\\n\\tat com.google.tracing.GenericContextCallback.runInInheritedContext(GenericContextCallback.java:75)\\n\\tat com.google.common.context.ContextRunnable.run(ContextRunnable.java:74)\\n\\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\\n\\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\\n\\tat com.google.apps.framework.server.AbstractThreadPoolModule$InitializingThreadFactory.lambda$newThread$0(AbstractThreadPoolModule.java:416)\\n\\tat java.base/java.lang.Thread.run(Unknown Source)\\n\\n\"\n",
"status": "INVALID_ARGUMENT"
}
}
Thanks you very much for your attention. Any help to fix the issue is appreciable.
You need to supply the Request body of the enterprises.webTokens.create method. The request body contains an instance of WebToken.
Request body:
{
"parentFrameUrl": "<the URL of the page that will be hosting the iFrame>",
"enabledFeatures": [
"PLAY_SEARCH",
"PRIVATE_APPS",
"WEB_APPS",
"STORE_BUILDER"
],
"permissions": [
"APPROVE_APPS"
]
}
If successful, the response body contains a newly created instance of WebToken containing the value you need to embed the iFrame on the hosting page.
I am trying to get all events of the group but the API return me AccessDenied.
The user is owner of the group (I have add it via add admin API).
While getting authenticate token I am using grant_type password and scope Group.ReadWrite.All (my request also contain username , password,client_id,client_secret,resource parametr as on body).
but when I sent request to API I can not get list of events it returs access denied.
Even I tested it in microsoft graph explorer it also return Access denied error.
How should I fix this?.
Getting Token Api - https://login.microsoftonline.com/{tenant_id}/oauth2/token
The API for listing events
https://graph.microsoft.com/v1.0/groups/{GROUP id}/calendar/events
Headers - Authorization Bearer {token}
The returned Error :
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
} }
I am going through the https://developers.google.com/identity/sign-in/devices and i
am trying to get the code and verification URL as mentioned in the link using my CLIENT_ID which i have got from the cloud platform.
curl -d "client_id=CLIENT_ID&scope=email profile" https://accounts.google.com/o/oauth2/device/code
I am getting the below error:
{
"error": "invalid_client",
"error_description": "Invalid client type."
}
I am not getting the user_code and verification_url as a response.
Am I missing something?
I'm trying to authenticate against an App Service that I have defined in Azure Active Directory. When accessing it, I first get the access token and the continue with the rest of the OAuth procedure.
The problem, however, is that I can only get the token when posting the request via Postman. When I try to call the same URL, with the same data using an HTTP action in flow, it fails:
{
"error": "invalid_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 67250fbf-ad20-47f1-b3a3-dbce1e813600\r\nCorrelation ID: f9eaaa13-cee3-4f5c-a96a-6846c4392dd9\r\nTimestamp: 2018-01-17 12:21:51Z",
"error_codes": [
70002,
50012
],
"timestamp": "2018-01-17 12:21:51Z",
"trace_id": "67250fbf-ad20-47f1-b3a3-dbce1e813600",
"correlation_id": "f9eaaa13-cee3-4f5c-a96a-6846c4392dd9"
}
This is how it is set up in Flow:
When executed in Postman it works just fine:
I cannot figure out why this doesn't work when running the request from within a Flow. Am I missing something in the HTTP action card configuration?
Kind regards,
Peter
I found the reason for this not working. I had to fully URL encode the value for client_secret.
/Peter