I got a 400 Bad Request when trying to access Google Auth. I am using the demo code in this article:
https://developers.google.com/analytics/solutions/articles/hello-analytics-api
The address I am requesting is:
https://accounts.google.com/o/oauth2/auth?client_id=875938******.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fanalytics.readonly&immediate=true&include_granted_scopes=true&proxy=oauth2relay452650337&redirect_uri=postmessage&origin=http%3A%2F%2Flocalhost%3A8080&response_type=token&state=895891795%7C0.1215960807&authuser=0
I have successfully created my own ClientId and Keys.
Is there anything I need to take care of?
Thanks,
There are several things wrong with your request. First the scope, second the respons_type. I'm not sure where on the page you linked that you found that example. You should really try and find a library for what ever language you are using it will make it easer. But if you want to know the exact URLs you should be posting they should look something like this.
The initial URI to request that the user give you access to there account should look like this In this case the scope notice my scope is different then yours and I'm requesting a code:
https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Once they say yes you take the authentication Code you got from the above request and Post it back to request an access_token and a refresh_token
https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
this is the response:
{
"access_token" : "ya29.1.AADtN_VSBMC2Ga2lhxsTKjVQ_ROco8VbD6h01aj4PcKHLm6qvHbNtn-_BIzXMw",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/J-3zPA8XR1o_cXebV9sDKn_f5MTqaFhKFxH-3PUPiJ4"
}
The accesstoken you get from the above request is what you will be using to make requests to the service. After one hour your access token will have expired you will need to request a new access token you take the refreshtoken that you got above and post it to :
https://accounts.google.com/o/oauth2/token
client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
This is the response:
{
"access_token" : "ya29.1.AADtN_XK16As2ZHlScqOxGtntIlevNcasMSPwGiE3pe5ANZfrmJTcsI3ZtAjv4sDrPDRnQ",
"token_type" : "Bearer",
"expires_in" : 3600
}
Hope this helps.
Related
#linkedin
I am trying in python to get the metrics (likes, shares, comments, etc) of my company page.
We registered the API which includes Marketing Developer Platform.
I understand, I need Members authentication and I set up Oauth 2.0 settings.
I've created the access_token for the permissions (among them is r_organization_social - which I need to collect data).
What is confusing for me, how to use this token.
Is it enough to use it together with header in my request?
response = requests.get('https://api.linkedin.com/v2/posts', headers = headers)
I've created the header like this:
headers = {
'Authorization': f'Bearer {access_token}',
'cache-control': 'no-cache',
'X-Restli-Protocol-Version': '2.0.0'
}
I tried that and I am getting an error that token is Invalid, even though it is live and active for the next 11 months.
I also tried many things where I would first send request for authenticate my request and then manually copy the response to get the new access token.
That access token never worked - was invalid.
Even if it works, looks like that wouldn't be acceptable solution...
Can you please help with this?
Thanks
The following is working for me.
I used this format of the header:
headers = {
'X-Restli-Protocol-Version': '2.0.0',
'Authorization': 'Bearer '+ access_token }
payload ={}
And the request looks like this (instead of posts I use ugcPosts):
requests.request("GET",'https://api.linkedin.com/v2/ugcPosts?q=authors&authors=List('+urnLiOrganizationEncode + ')&count=100', headers=headers,data=payload)
I've successfully secured my access token for the LinkedIn API. However, when I try to use it to gather user information (currently just my own so I know that the profile has all public settings) using this code:
requestURL = 'https://api.linkedin.com/v2/people/(id:{my_linkedin_id})'
headers = {'Authorization': 'Bearer' + ' ' + access_token}
a = requests.get(requestURL,headers=headers)
could someone elaborate on any steps I might be messing?
When I run this code I keep getting a
<Response [404]>
You have 404 as response and in LinkedIn documentation you can see that:
404 Resource Not Found
This error occurs when your application tries to call an API or fetch
an entity that does not exist. For example, the API to get a friend’s
profile is /v2/people/id={personId}, not /v2/person/id={personId}. In
some cases (Ads, for example), a 404 error is returned when attempting
to access a restricted API. See 403 Access Denied and contact your
partner technical support channel if you continue to see the error.
I think you need too check if your link to resource is good.
I'm trying to authenticate against an App Service that I have defined in Azure Active Directory. When accessing it, I first get the access token and the continue with the rest of the OAuth procedure.
The problem, however, is that I can only get the token when posting the request via Postman. When I try to call the same URL, with the same data using an HTTP action in flow, it fails:
{
"error": "invalid_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 67250fbf-ad20-47f1-b3a3-dbce1e813600\r\nCorrelation ID: f9eaaa13-cee3-4f5c-a96a-6846c4392dd9\r\nTimestamp: 2018-01-17 12:21:51Z",
"error_codes": [
70002,
50012
],
"timestamp": "2018-01-17 12:21:51Z",
"trace_id": "67250fbf-ad20-47f1-b3a3-dbce1e813600",
"correlation_id": "f9eaaa13-cee3-4f5c-a96a-6846c4392dd9"
}
This is how it is set up in Flow:
When executed in Postman it works just fine:
I cannot figure out why this doesn't work when running the request from within a Flow. Am I missing something in the HTTP action card configuration?
Kind regards,
Peter
I found the reason for this not working. I had to fully URL encode the value for client_secret.
/Peter
Swift + Vapor framework for server + Xcode 8.1
I am trying to read Firebase Realtime Database making HTTP requests to my DB, but I get permission denied.
These are the steps:
1. create JWT sign it with secret key downloaded from "console.developers.google.com"
2. send POST request to OAuth2 server and get access token
3. send GET request to firebase database with access token received from OAuth2 server.
I get "Permission denied", HTTP/1.1 403 Forbidden
// the header of the JSON Web Token (first part of the JWT)
let headerJWT = ["alg":"RS256","typ":"JWT"]
// the claim set of the JSON Web Token
let jwtClaimSet =
["iss":"firebase-adminsdk-kxx5h#fir-30c9e.iam.gserviceaccount.com",
"scope":"https://www.googleapis.com/auth/firebase.database", //is this the correct API to access firebase database?
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp": expDate,
"iat": iatDate]
drop.get("access") { request in
var accesstoken = "ya29.ElqhA-....XXXX"
let responseFirebase = try drop.client.get("https://fir- 30c9e.firebaseio.com/data/Users.json",
headers: ["Authorization":"Bearer \(accesstoken)"],
query: [:])
print("FirebaseResponse_is \(responseFirebase)")
return "success"
}
TLDR; Try placing auth=<TOKEN> in your query string instead of using the authorization header.
The Firebase documentation is unclear on how this works. According to the documentation, there are three methods that should work.
auth=<TOKEN> in query string (link)
access_token=<TOKEN> in query string (link)
Authorization: Bearer <TOKEN> in request header (link)
I'm not convinced that all three methods do actually work however. I'm using method 1 in my application, so I know that one works for sure.
The scope key was missing value https://www.googleapis.com/auth/userinfo.email
let jwtClaimSet =
["iss":"firebase-adminsdk-kxx5h#fir-30c9e.iam.gserviceaccount.com",
"scope": "https://www.googleapis.com/auth/firebase.database
https://www.googleapis.com/auth/userinfo.email",
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp": expDate,
"iat": iatDate]
I found the answer browsing google groups here
headers: ["Authorization":"Authorization: Bearer \(accesstoken)"],
should be
headers: ["Authorization":"Bearer \(accesstoken)"],
im trying to do external login with Google using Aspnet.
I created an mvc/webapi project with individual user accounts (vs2013). This will create some files like the 'AccountController' which contains GetExternalLogins action, after calling this action I get (because the google external login is set in the 'Startup' class) an object like this :
{
name: "Google",
state: null,
url: "/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11166%2F"
}
The problem now : when i do another http request to "/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11166%2F" I get the following error :
XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=my_client_id_here. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:11166' is therefore not allowed access
Im i doing something wrong ?
Thanks a lot.
I realized that its a silly question 5 seconds after posting it.
No need to do an http request, a simple redirection to the url works.