I have receive the mail from google like
Great news! We’ve received your request to join the Google Analytics
Account Setup and Configuration APIs Beta and your project has been
whitelisted for access. These APIs allow you to programmatically
create and edit properties, views, and goals.
But when I am wondering to access the management api here https://developers.google.com/apis-explorer/?hl=en_US#p/analytics/v3/analytics.management.profiles.insert?accountId=83303713&webPropertyId=UA-83303713-1&_h=3&resource=%257B%250A%257D&
I am getting the same error like
"errors": [ {
"domain": "global",
"reason": "insufficientPermissions",
"message": "Your project does not have access to this feature." } ], "code": 403, "message": "Your project does not have access
to this feature." }
what else is missing?
Related
I am able to log a user in okay with the Firebase Auth SDK implementation. However, it does seem that when the issued JWT expires, the user is logged out, and the automatic token refresh from the SDK fails.
The error I get is this:
{
"error": {
"code": 403,
"message": "Requests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_SERVICE_BLOCKED",
"domain": "googleapis.com",
"metadata": {
"service": "securetoken.googleapis.com",
"consumer": "projects/621503541053"
}
}
]
}
}
I don't understand what permissions I might need to grant. The config and API key are from the Firebase console, generated for the Web App I registered there.
The documentation shows that this error is caused due to not having the right APIs enabled. According to this post Firebase authentication, the following needs to be enabled:
Requests to this API firebaseinstallations.googleapis.com method google.firebase.installations.v1.FirebaseInstallationsService.CreateInstallation are blocked.
If you enable restrictions for your API, go to Google Cloud Console -> Credentials, Edit API key -> API restrictions, and enable Firebase Installations API.
com.google.firebase.FirebaseException: An internal error has occurred. [Requests to this API identitytoolkit method google.cloud.identitytoolkit.v1.AuthenticationService.SignInWithIdp are blocked.]
Enable Identity Toolkit API to your API restrictions.
Requests to this API securetoken.googleapis.com method google.identity.securetoken.v1.SecureToken.GrantToken are blocked.
Enable Token Service API to your API restrictions.
Enabling the “Token Service API”, along with the “Identity Toolkit API” or “Anonymous Sign-in” should solve the error.
I am trying to manage SAML and OIDC providers in Google Identity management.
Their package seems to be broken for Python 2 currently, so I am trying to copy the code to make it work.
To call the APIs properly I need the Bearer Oauth Token. I couldnt find any APIs that are there in google cloud sdk documentation. Can you guys help me figure out how to get the OAuth Token?
The API I am trying to access is
https://identitytoolkit.googleapis.com/v2beta1/projects/mca-shaurya-7/inboundSamlConfigs
Obviously getting authentication error
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "CREDENTIALS_MISSING",
"domain": "googleapis.com",
"metadata": {
"service": "identitytoolkit.googleapis.com",
"method": "google.cloud.identitytoolkit.v2beta1.ProjectConfigService.CreateInboundSamlConfig"
}
}
]
}
}```
But the URL mentioned in the response no longer exists.
Do not use Python 2. Google dropped support for that version two years ago.
Python 2 support on Google Cloud
Start with this link on OAuth 2:
Using OAuth 2.0 to Access Google APIs
We have created a json credentials for abc#domain.com where all the event will be scheduled.
We add a attendees xyz#domain.com which will be dynamic.
We enabled Delegate domain-wide authority to your service account on G Suit account.
We also added required scopes for these accounts.
We updated google/apiclient library from 2.0 to 2.7 but still facing same issue.
Error:-
exception: "Google_Service_Exception"
file: "D:\xampp7.3\htdocs\project\vendor\google\apiclient\src\Google\Http\REST.php"
line: 118
message: "{↵ "error": {↵ "errors": [↵ {↵ "domain": "calendar",↵ "reason": "forbiddenForServiceAccounts",↵ "message": "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority."↵ }↵ ],↵ "code": 403,↵ "message": "Service accounts cannot invite attendees without Domain-Wide Delegation of Authority."↵ }↵}↵"
trace: [{file: "D:\xampp7.3\htdocs\project\vendor\google\apiclient\src\Google\Http\REST.php",…},…]
I am sending an HTTP post request to a custom report in Google Analytics, that I have created. The OAuth2.0 authentication works fine, and I get my access token. But when sending the custom report request I get the following error:
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED"
}
}
The user I use for OAuth is the same user that has created the custom report, so I do not know how can I not have sufficient authentication scopes.
This is a request header I do not understand:
www-authenticate: Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/analytics.readonly https://www.googleapis.com/auth/analytics https://www.google.com/analytics/feeds https://www.google.com/analytics/feeds/data https://www.google.com/analytics/feeds/ https://www.google.com/analytics/feeds/accounts https://www.google.com/analytics/feeds/accounts/default"
I have tried this same thing with other account and I don't receive this response header, so I assume it is related to the error.
Thanks.
I'm trying to get a list of groups for a domain in Google Api (https://developers.google.com/admin-sdk/directory/v1/reference/groups/list).
I'm using "domain wide delegation", and have a service account from which the web app makes all its requests to Google.
The admin-sdk requires the requesting user to be an administrator, so i'm impersonating a admin user on the given domain.
This works fine with (https://developers.google.com/admin-sdk/directory/v1/reference/users/get), but when I'm trying to use the group api, it fails like this:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
I have checked the the permissions from the domain administrator have been delegated to the service account. And I have also checked that i can access the list of groups, while being logged in as the domain administrator.
Any help or hints is highly appreciated.
Thanks in advance
You will need to add the scope for reading groups.
First, make sure that you properly followed the steps here in this documentation including this steps on how to Instantiate an Admin SDK Directory service object.
It is important because this one shows you how to make API requests using OAuth 2.0 and your service account's credentials to perform Google Apps Domain-wide delegation.
For more information, check these related SO questions:
Google_Service_Directory - (403) Not Authorized to access this resource/api
Received error “Not Authorized to access this resource/api” when trying to use Google Directory API and Service Account Authentication