I am writing a small program to retrieve and display Google Analytics information. I keep getting a 403 Forbidden error because of insufficient permissions.
I read on other posts that you have to add the email address associated with the client id you are using to access analytics in User Management.
The client id I am using however is associated with an installed application and doesn't have an email address, it only lists a client id, client secret, and redirect Urls as credentials in the developer's console.
How can I allow access for this client id when there is no associated email address listed in the developer's console to grant permissions to on the User Management page in Google Analytics?
Simply follow Google's OAuth 2.0 guide for installed applications.
Create a URL for authorization like you would for a web app. Only set redirect_uri to urn:ietf:wg:oauth:2.0:oob.
Point your user to this URL and let him authorize your app. Then the user will receive a code.
Prompt the user to enter this code in your app and use it to retrieve a refresh token from Google.
Store the refresh token and use it to get a fresh access token whenever you need one.
Related
Referencing this post
, I tried to create an access token for my Google Actions. I enabled Google sign in, and end up with a user-id. The top post says "You can combine this with a web- or app-based Google Sign-In to get their permission to access OAuth scopes if you need to access Google's APIs" but I honestly have no idea how to do that. What I'm trying to do is get an access token from Google Actions/ Dialog flow to send to my server-end code in order to make a successful API POST request to Google Calendar API.
The post you reference that points to another StackOverflow answer that discusses the approach. It basically says that you need to combine two things to do what you want:
You use Google Sign In on a web page to let the user authorize you to access the calendar on their behalf.
You probably should use the hybrid flow so the access/refresh tokens are only handled on the server side - not in your web client.
Your server will store the access/refresh tokens in some way so you can use them as part of your Action later.
You will use Google Sign In for Assistant to authenticate the user when they connect through the Assistant and determine if they have already authorized you to access their calendar. If they have, you'll be able to get their access/refresh tokens out of your store and access their calendar.
You can't do it completely through AoG/Dialogflow because there is no way for the user to grant OAuth permissions to you by voice alone - this is why you need to direct the user to a web page for them to grant you permission to access their calendar.
My end goal is to register my API to receive notifications of leads generated by LinkedIn for my business's Company Page. The docs here say I need to register at https://api.linkedin.com/v2/leadNotificationUrls using the r_ads_ge_automation permission. I'm trying to acquire this type of access token by using a web browser to hit https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=client_id_for_my_application&redirect_uri=https://my.company.net/api/oauth/linkedin&state=Testing12345&scope=r_ads_leadgen_automation, then logging in as a user that is an admin for the respective company page, then acquiring authentication code, and finally requesting an access token.
The problem is that when I try to hit https://www.linkedin.com/oauth/v2/authorization (with the query params above), I get an error response stating "r_ads_leadgen is not authorized for your application". I can't find any kind of application configuration that is supposed to give this permission to my application.
Can anyone help? Thank you
Permissions are offered to select Partners only. Have you applied to a Partner Program https://business.linkedin.com/marketing-solutions/marketing-partners/become-a-partner?
Hi generated secret file using OAuth 2.0 client ID. In that secret file, I do not see any google mail address to authenticate or access permissions to that mail address. Still facing below error.
Arg, there was an API error : 403 : User does not have sufficient permissions for this profile.
How come I know, to which user, we do not have sufficient previliges?
Please help me with this
You have created an Oauth2 client for use with your application. When the application runs a user will need to login using their Google account and grant the application (client) access to their data. I have an article that explains how google oauth2 works if you are interested. Oauth2 for beginners
User does not have sufficient permissions for this profile.
Means that the user you have authenticated with does not have access to the Google Analytics profile you are trying to request data form. Try doing an Accountsummires.list this will return a list of the Google Analytics accounts that the current authenticated user has access to and the ones you will be able to request data from.
Question: How come I know, to which user, we do not have sufficient privileges?
You have a profile id you are trying to access find someone who has access to that profile and have them run your application. When they have logged in and authenticated they will be able to see the data.
I have a customized third party server that handles all the rest apis. I am using Meteor as a middleware where the user logs in and accesses all the pages. All the information in those pages is basically generated using my actual web server (built in Symfony).
So using meteor HTTP.post I send user email and password as params, and my website API returns a json with a success or failure message. On successful login, it sends back a token.
What I am not being able to do is to, as according to this success message, "login" the user on my Meteor app without creating/checking Users collection from accounts.
The flow should be: successful login? authenticate the user, consider it as logged in user and store its token in session (without storing anything on this middleware). error? prevent the user from accessing private urls
I have found various packages, but they all target specific third party servers like:
Facebook with accounts-facebook
Google with accounts-google
GitHub with accounts-github
Twitter with accounts-twitter
Meetup with accounts-meetup
Meteor Developer Accounts with accounts-meteor-developer
Can this be done?
What's the difference between app access token and user access token?
I noticed that userData from FB is different, but I can make OpenGraph action and post on user wall or send to friends wall.
Can I use app access token in OpenGraph action?
App access_token allows you to make request to the Facebook API on behalf of an App rather than a User. This is useful, for example to:
modify the parameters of your App
create and manage test users
read your application's insights
publish content to Facebook on behalf of a user who has granted a publishing permission to your application
Now in the Open Graph area:
If your app publishes on behalf of its users and requires an access
token with no expiration time, you should use an App Access Token. An
App Access Token is signed using your app secret and will not expire;
it will be invalidated if you re-key/reset your application secret.
App Access Tokens should only be used when the posting functions are
originated directly from your servers in order to keep them private to
the app.
...
App Access Tokens are especially useful when
publishing instances of “secure Open Graph actions”, Open Graph
actions that should only be published by your app, such as
achievements and game scores. In this specific example, a user is
prevented from gaming his/her score by publishing fake
scores/achievements using a user access token.
Please read the following documents:
Login as an App
Using App Access Tokens (Open Graph)