RealmSwift 2.8.3, Realm Object Server 1.8.1, Xcode 8, Swift 3.1
I can get pretty much everything with the Realm Object Server (ROS) to work with iCloud authentication, but I'm running into an issue when I have a new user authenticate that doesn't yet have an account on my ROS instance.
I'm successfully able to retrieve their iCloud token, but user is nil when I do this:
let credentials = SyncCredentials.cloudKit(token: token)
SyncUser.logIn(with: credentials, server: serverURL) { user, error in
DispatchQueue.main.async{
if user == nil {
//--- Error ---
//This is where I end up. I can see the token in the log but no user object
}else{
//--- Success ---
}
}
}
When I check the error log in my ROS (running on Ubuntu), I get this internal server error (500):
2017-07-12T00:39:39.170Z - warn: auth.cloudkit: Handle request failed with: Error: Request failed with code AUTHENTICATION_FAILED: Authentication failed.
2017-07-12T00:39:39.174Z - warn: [services] internal error: Error: Request failed with code AUTHENTICATION_FAILED: Authentication failed.
at request.catch.err (/usr/lib/nodejs/realm-object-server-developer/.build/src/node/managers/auth/provider/cloudkit.js:131:23)
at process._tickCallback (internal/process/next_tick.js:109:7).
Now just to make sure, I assume that SyncCredentials.cloudKit(token: token) creates a user if that token isn't found on my server and returns a new user object. I don't see anything in the docs about creating a new user vs. authenticating an existing one.
UPDATE
I double-checked all my connections to iCloud, made sure my key_id found in my configuration.yml file is right and that my key matches what I have in my iCloud container.
Now I get a different error. :)
2017-07-12T01:12:54.801Z - warn: auth.cloudkit: Handle request failed with: TypeError: Cannot read property 'reason' of undefined
2017-07-12T01:12:54.809Z - warn: [services] internal error: TypeError: Cannot read property 'reason' of undefined
at signedRequest.then.catch.err (/usr/lib/nodejs/realm-object-server-developer/.build/src/node/managers/auth/provider/cloudkit.js:86:11)
at process._tickCallback (internal/process/next_tick.js:109:7).
According to the docs, account should be created if not existed before
If the credentials are valid, the user is granted access to Realm
Object Server. A new user account is created if the credentials are
not coupled to an existing account.
I guess it's problem with private_key_path in configuration.yml. Try to move .pem file to another location and see if there are any changes.
Also, remember to restart the server after changing the configuration file.
Related
I am trying to run a simple report on GA4 by using Google Analytics Data API Python client with a regular user credentials:
request = RunReportRequest(
property=f"properties/11111",
dimensions=[Dimension(name=f['name']) for f in report_definition['dimensions']],
metrics=[Metric(name=f['expression']) for f in report_definition['metrics']],
date_ranges=[DateRange(start_date=date, end_date=date)],
)
response = client.run_report(request)
And the client is BetaAnalyticsDataClient as also mentioned in the documentation:
credentials = Credentials(
token=None,
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
client = BetaAnalyticsDataClient(credentials=credentials)
It is not a Service Account so I am using google.oauth2.credentials.Credentials class as same in other Google APIs.
However, this operation is throwing an exception during the run_report function:
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Getting metadata from plugin failed with error: ('invalid_grant: Bad Request', {'error': 'invalid_grant', 'error_description': 'Bad Request'})"
debug_error_string = "UNKNOWN:Error received from peer analyticsdata.googleapis.com:443 {created_time:"2023-01-14T14:12:10.907813+03:00", grpc_status:14, grpc_message:"Getting metadata from plugin failed with error: (\'invalid_grant: Bad Request\', {\'error\': \'invalid_grant\', \'error_description\': \'Bad Request\'})"}"
>
And when I try to use my access token in the credentials:
credentials = Credentials(
token=config["token"],
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
This time I am getting following error:
google.api_core.exceptions.Unauthenticated: 401 Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
I am sure that my credentials is correct since I am using same account in my other repos.
Also, note that, I tried same operation with a service account and it does not give any error. However, for this purpose, I need to use a regular developer account since the OAuth flow is on a frontend project.
What are the suggestions on that issue? Is it possible to use a developer account in here and if yes, how?
I was able to fix the issue. The app just needs a sign-out sign-in (or refreshing the access token).
Good afternoon. I am trying to write a function that will read the comments on a jpg file in google drive. However, when I try to run it it gives me the following error:
An error occurred:
<HttpError 403 when requesting https://www.googleapis.com/drive/v2/files/1SbB4VwCIhaS9mdJ_xqcyjenZfxxrpTsY/comments?alt=json returned "Insufficient Permission: Request had insufficient authentication scopes.". Details: "[{'domain': 'global', 'reason': 'insufficientPermissions', 'message': 'Insufficient Permission: Request had insufficient authentication scopes.'}]">
def retrieve_comments(service, file_id):
"""Retrieve a list of comments.
Args:
service: Drive API service instance.
file_id: ID of the file to retrieve comments for.
Returns:
List of comments.
"""
try:
comments = service.comments().list(fileId=file_id).execute()
return comments.get('items', [])
except errors.HttpError as error:
print('An error occurred: %s' % error)
return None
SCOPES = ['https://www.googleapis.com/auth/drive.file', 'https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/drive.file', ]
credentials = Credentials.from_authorized_user_file('token.json', SCOPES)
service = build('drive', 'v2', credentials=credentials)
print(retrieve_comments(service, '1SbB4VwCIhaS9mdJ_xqcyjenZfxxrpTsY'))
Update: this is what my token.json file looks like:
{"token": "ya29.a0ARrdaM-lbQRcrOHcWXHXVCZ--FHEBFmhetZy5mtKyE-KYg7kkqc7DCB3ELoGWm7DSFFqZ5n7MZ2qtpomhhhh3YjyPlDmFNiBFqW8jfzQcq2bUboJVHWly7w5KajgYBW6vXfpUG7XB-NiSRIGbgGXg7pADS9E", "refresh_token": "1//03RuSdM4_a83LCgYIARAAGAMSNwF-L9Ir99uSssRC7-EDBGOchESXQuY8uQh3BIAUSnUFmT60dipjtvqGslz9wyAl_OnLkoLWdko", "token_uri": "https://oauth2.googleapis.com/token", "client_id": "936594993582-hm55manlg9g4hkdeeisq6i4ogqk6are2.apps.googleusercontent.com", "client_secret": "irvWegrf57dztuP6_OigoGIT", "scopes": ["https://www.googleapis.com/auth/drive.metadata.readonly", "https://www.googleapis.com/auth/drive.file"], "expiry": "2021-08-19T12:26:14.658525Z"}
This is how my code looks like. any ideas why this might be happening and what I can do to solve it?
Edit: For anyone who runs into the same problem, remember the scopes in the quickstart must be the same as the ones in your python file.
Insufficient Permission
Means that the user you are authenticated with does not have permission to do what you are trying to do, or that user has not granted your application permission.
You are trying to use comments.list this method requires that you have been authorized with one of the following scopes
Now you appear to be using the following scopes
'https://www.googleapis.com/auth/drive.file', 'https://www.googleapis.com/auth/drive', 'https://www.googleapis.com/auth/drive.file',
Im not sure why you have drive.file twice, but lets ignore that for now.
As you can see you appear to be using the proper scopes needed by this endpoint. What i suspect has happened is that you have already authorized the user using a different set of scopes and you then changed the scopes in your application. When you change the scopes you need to be sure that you have revoked the users access in your application and prompt the user to authorize your application again. You are probably running on a stored access token and or refresh token which have the old scopes.
The solution will be to simply force your application to authorize your user again, make sure the consent screen popsup.
I am trying to use TweetInvi (4.0.3) to register a webhook:
var twitterCreditials = Auth.SetUserCredentials(twitterOptions.APIkey, twitterOptions.APISecretKey, twitterOptions.AccessToken, twitterOptions.AccessTokenSecret);
Webhooks.RegisterWebhookAsync("mydevenv", HttpUtility.UrlEncode("https://.../webhooks/twitter"), twitterCreditials);
But I get the following exception in response:
URL : https://api.twitter.com/1.1/account_activity/all/mydevenv/webhooks.json?url=https%3a%2f%2f...%2fwebhooks%2ftwitter
Code : 401
Error documentation description : Unauthorized - Authentication credentials were missing or incorrect.
Error message : https://api.twitter.com/1.1/account_activity/all/mydevenv/webhooks.json?url=https%3a%2f%2f...%2fwebhooks%2ftwitter web request failed.
Could not authenticate you. (32)
I've checked and double checked that my credentials are correct and I've followed the instructions here to create a dev environment. I've tried regenerating all my credentials for my Twitter app, but to no avail.
The error message suggests there is something wrong with my credentials, but I cannot see what.
I can see a log message when my webhook callback endpoint is called and it is not getting called.
I've also tried with version 5-beta of Tweetinvi:
var userClient = new TwitterClient("...", "...", "...", "...");
await userClient.AccountActivity.CreateAccountActivityWebhookAsync("mydevenv", "https://.../webhooks/twitter");
But this gives me a 400 for what appears to be the same call to the Twitter API as version 4.
There must be something simple I've missed?
You have to update user setup in your twitter project and set new permission to read/write .
Go to developer portl -> project -> setting -> User authentication settings -> select read/write permission
I have tried to log call stack info through opencensus. I have enabled permission in google account. I am using default credentials method. Stackdriver Trace API is enabled for the corresponding account.
Permission for monitoring.viewer, monitoring.editor and cloudtrace are also given.
Still, we are facing below-mentioned error from client side while pushing the logs.
2019/02/21 12:40:14 Failed to export to Stackdriver: rpc error: code = NotFound desc = Requested entity was not found.
2019/02/21 12:37:47 Failed to export to Stackdriver: rpc error: code = PermissionDenied desc = Permission monitoring.metricDescriptors.create denied (or the resource may not exist).
I've just upgraded ROS from 2.7.2 to 3.4.2. And now it becomes interesting. Our users can't open their synced realms because of error.
[RLMSyncManager sharedManager].errorHandler = ^(NSError *error, RLMSyncSession *session) {
LogError(#"RLMSyncManager error %#", error);
if (error.code == RLMSyncErrorClientResetError)
{
[self backupBrokenData];
[RLMSyncSession immediatelyHandleError:error.rlmSync_errorActionToken];
return;
}
};
RLMSyncManager returns Error Domain=io.realm.sync Code=8 "(null)" UserInfo={underlying_error=Error Domain=io.realm.sync.auth Code=3 "(null)" UserInfo={statusCode=400}}
And that's fine seems something with our auth credentials on server. But server log tells me: HTTP response: be33008a-ae5e-4fa1-bab2-f11b40f11b55 {"type":"https://realm.io/docs/object-server/problems/invalid-realm-type","title":"The type of the Realm file was invalid.","status":400,"code":619}
Which is basically You're trying to open partial file with non partial configuration. But client and server uses same full realms. And no modifications happened.
Seems this error returned as false positive.
I've tried to grand administrator permission to that user. It could open his database. But as soon I remove admin permission it sees same error chain.
New users is not affected by this migration issue.
Is there anything I could do to let my users connect to their data?
It appears that issue was caused by bug inside realm-object-server, that was successfully fixed in version 3.4.3.
https://github.com/realm/realm-object-server/issues/374