how can I get google analytics data using http request ?
I am using http://ga-dev-tools.appspot.com/explorer/ to get my ga datas , there is a button to get the ga link, I open the generated link in new window , it return an error info.
{"error":{"errors":[{"domain":"global","reason":"required","message":"Login Required","locationType":"header","location":"Authorization"}],"code":401,"message":"Login Required"}}
how can I send token to google togater with the link ?
You have to authorize your request with OAuth 2.0. See the documentation on how to create refresh and access tokens. Then pass the access token either with the Authorization header
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
or as query parameter access_token:
https://www.googleapis.com/analytics/v3/data/ga?access_token=1/fFBGRNJru1FQd44AzqT3Zg&...
You'll probably want to use the Analytics Reporting API
https://developers.google.com/analytics/devguides/reporting/core/v3/
Related
I am trying to use GA4 API (with Google Python Client & Google Analytics Data Python Client) of Google with the Credentials authentication:
credentials = Credentials(
token=config['access_token'],
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=['https://www.googleapis.com/auth/analytics.readonly']
)
This is working when my access token is not expired. However, this access token is expiring after 1 hour and I want to refresh it via following method:
credentials.refresh(google.auth.transport.requests.Request())
However, this code is returning "invalid_grant" error.
For that problem, I checked almost everything suggested (i.e. system clock/ntp, user permissions, etc.) however I couldn't fix the problem.
Also, I can't figure out about the refresh_token that I use is valid for Google Analytics 4 or not.
So, the questions are:
How can I able to solve this problem?
How can I assure that the refresh_token is valid for GA4?
If not valid, how can I refresh the refresh_token?
Is there any suggestion on the refresh of access_token, any other method or anything else?
Thanks
In my case, the solution was creating new OAuth client and generate a refresh_token for that account depend on the Google Analytics scope.
For that purpose, after I create the new client, I downloaded the client_secrets.json and run the Complete Example by Google and finally I am able to refresh the token.
I want to get a access_token to get information from Google Analytics API by passing it in the browser . I am not able to find the correct documentation anywhere. I have tried multiple ways but nothing seems to work. As of now, I got tokens via Google Analytics Query Explorer and it works for 60 minutes. I am looking for a permanent token or a token which is valid for a more period of time.
In order to access private Google analytics data you need to be authorized. In order to be authorized you use something called Oauth2
The initial request will look something like this. It will allow the user to consent to your applications access to their data
GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Once the user has consented to your accessing their data, you will be given an authorization code.
Once you have the authorization code you can exchange it for an access token. This is a http post request.
POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
The response should then look something like this.
{
"access_token" : "ya29.1.AADtN_VSBMC2Ga2lhxsTKjVQ_ROco8VbD6h01aj4PcKHLm6qvHbNtn-_BIzXMw",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/J-3zPA8XR1o_cXebV9sDKn_f5MTqaFhKFxH-3PUPiJ4"
}
The access token will work for one hour.
I recommend looking for a sample and a client library in your chosen programming language so that you dont have to do all this manually most of the libraries are designed to handle authentication and authorization for you.
I want to implement an Actions for Google app that links to user account in a Firebase project and query's their data. I have a website that is set up using Firebase UI that logs them in and redirects them to a dummy page that basically just says "You have been logged in." I cannot see any documentation anywhere that shows how to return this auth token to google so the assistant can use it to query things on their account. Does anybody know how to accomplish this? I am using this documentation https://developers.google.com/actions/identity/google-sign-in-oauth?creation=no. This is the specific text I am not understanding.
"Your service creates an access token and returns it to Google by redirecting the user's browser back to Google with the access token attached to the request."
This basically means that, instead of returning a new page, you issue an HTTP redirect to a URL that they have sent you as part of the request. You will need to add some parameters to this URL that include the auth info, and this is how Google will get the information - via the redirect handled by the user's browser.
They provide some details further down in step 4 on that page, which reads
Send an HTTP response that redirects the user's browser to the URL
specified by the redirect_uri parameter. Include all of the following
parameters in the URL fragment:
access_token: the access token you just generated
token_type: the string bearer
state: the unmodified state value from the original request
The following is an example of the resulting URL:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING
If I intercept an access_token from an example on this page:
https://developers.google.com/picker/docs/
...it looks like this:
ya29.Glx7BW_OsFJ1CSjJ_kdt9iZixJAZHjvllMtJO09EccpURJPbCXudNP6teBz6HZ0T_ioaQLNna323UPpBQN-N0aCLWXfDVCvq4xXkbi5kKQhfwS0xakcsrNmzD5B8OA
If I paste that into here:
https://jwt.io/
...I'm told it's malformed. However, if I paste a Firebase auth token into there, it's well-formed and you can see its payload.
Ultimately, I'm trying to use the Firebase auth token in the Google Picker API, but I can't figure out how to translate it.
I was using firebase.auth().currentUser.getIdToken, but it looks like firebase.auth().getRedirectResult() gets an auth token that is the same format as the Picker API.
Google API access is scope based https://developers.google.com/identity/protocols/googlescopes
You must specify the scopes needed when requesting an access token.
Each access token you receive back, is limited to the scope and application from its original request. They are not inter-changeable.
You will need to setup a specific Google Picker API request, in order to get the access token you require https://developers.google.com/identity/protocols/OAuth2
Hope this helps
"ya29.*" token is Google's access token and it is not a jwt (it is opaque for the api callers).
Yes firebase allows you to add scopes during the sign-in process. After that you get an id token that says who the user is and a separate access token that you can use to access Google APIs.
If you look at https://firebase.google.com/docs/auth/web/google-signin you will see this:
Then, you can also retrieve the Google provider's OAuth token by calling getRedirectResult when your page loads:
firebase.auth().getRedirectResult().then(function(result) {
if (result.credential) {
// This gives you a Google Access Token. You can use it to access the Google API.
var token = result.credential.accessToken;
// ...
}
// The signed-in user info.
var user = result.user;
Currently I have both Facebook and LinkedIn Oauth2 flow working fine. Because in some cases I don't want the user to redirect to another page, I use the Facebook JS SDK that works fine, retrieving the access token and sending it to the server where I retrieve user data with REST calls.
Unfortunately, I'm not having success in doing the same with the LinkedIn JS SDK. The official documentation isn't helpful at all in that regard: https://developer.linkedin.com/docs/getting-started-js-sdk.
I retrieve user data in the server because it's easy to forge fake data in the client side and send it to the server, so a client side solution for that is not an option.
If I try to use the token that I get in js in the REST API I get Invalid access token. (401)
There are several opened questions that doesn't have any response (or a helpful response) here in SO:
2015-08-03 - No response:
Javascript: Linkedin Access TOken
2016-05-29 - No response:
can I get access token through LinknedIn JS SDK?
2016-08-31 - No helpful response (data is retrieved in the front-end):
How to Get Access Token Using LinkedIn API JavaScript SDK
2017-06-30 - No helpful response:
LinkedIn OAuth token with Javascript SDK
In the below question, there is a comment that says what I'm already guessing:
[...] Honestly I think the JS API is completely useless like this
because if you can't verify/use the token server-side you basically
cannot trust any of the information.
2015-07-22 - No helpful response (data is retrieved in the front-end):
get linkedin Access Token with JavaScript SDK
There's some information about exchanging the Javascript API tokens with a REST API OAuth token, but in the references I've found the links are broken (and it would be impractical to do this, depending on the complexity, instead of using the token directly, like in the Facebook JS SDK):
http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
So, I would like to know if there is some way to login with LinkedIn using the JS SDK and retrieve the user data in the back-end using REST calls (like I do in the Oauth2 flow), hopefully with official docs.
I've had the same problem and the only way I found to use the JS token was to add the header oauth_token instead of an Authorization Bearer header:
POST https://api.linkedin.com/v1/people/~:(id,firstName,lastName,picture-url,email-address)?format=json
Headers {
'oauth_token': JS_TOKEN
}
The JS_TOKEN I'm reading on frontend from IN.ENV.auth.oauth_token.
I've been struggling with the same issue for some time, this is the way I solved it (not using the JS SDK):
Step 1: you send your user to the LinkedIn login page, in the redirect_uri param use an endpoint to handle all the logic related to LinkedIn.
Step 2: When the user finishes login in, Linkedin is going to send a GET request to that endpoint, this request will have an "Authorization Token", this token is just a temporal token and it won't allow you to get your user's data.
Step 3: Use the Authorization Token you just received and send a post request to Linkedin
Step 4: Linkedin will send you back an Access Token (this is the one you are looking for), now you can request all the information you want
Step 5: Redirect your user back to your web app.
The structure of the request as well of the anchor tag params are available here: https://developer.linkedin.com/docs/oauth2