Recently (within past week) our unity webgl (Unity v2019.4.16f1) application has been unable to read files using the google drive API. When I check the web console I see the following error:
UnityGoogleDrive: HTTP/1.1 403 Forbidden
Google Drive API Error Description: Code '403' Message: 'The request is missing a valid API key.'
Domain: 'global' Reason: 'forbidden' Message: 'The request is missing a valid API key.' LocationType: '' Location: ''
(Filename: ./Runtime/Export/Debug/Debug.bindings.h Line: 35)
The application has been in place for 4 months without issue until now.
We currently have an OAuth 2.0 client ID setup, but no API key as we haven't needed it before. The plugin we are using for google drive access in Unity (https://github.com/Elringus/UnityGoogleDrive) does not have any obvious settings for adding an API key in addition to the OAuth ID.
When running the application directly in Unity (which uses localhost) there are no errors and files can be accessed.
I have tried disabling and re-enabling the API in the cloud console. This has given mixed results. The initial request on the web application after re-enabling the Google Drive API succeeds without any errors. All subsequent requests fail with the same error.
Based on the missing values I thought the issue might be that we needed a valid billing plan assigned to the google project but that has not resolved the issue either.
I have tried generating an API key but I am not sure where I need to pass it in order to resolve the issue (if that is even the cause of the issue).
The error reported was a red herring. The real issue was that our request was not triggering authentication with Google. Our Unity dev environment had cached an authentication token which is why the dev environment functioned but the production app failed.
We resolved the issue by sending a request to the GoogleDriveAbout API before anything else, which seems to reliably trigger reauthentication. Once authenticated everything works as expected.
Related
I am trying to deploy an application to a hololens with the Windows device Portal Rest API.
For some reasons I don't want to use the Microsoft Device portal wrapper.
In C#, with RestSharp, I can get the list of installed packages but when I try to deploy a new app, I get the error Forbidden because of CSRF token invalid.
Then I tried to add cookies from the previous request but I still get this error.
I tried to do the same with Postman but I have a different error: 413 Payload too large. The msix file is 154 MB but I have no problem to deploy it with the web device portal.
Thank you for your help.
[EDIT] I tried a smaller app on Postman and I get 403 CSRF token invalid
After analyzing the web device portal with wireshark I found that it is using a parameter with the name "X-CSRF-Token" while adding a cookie add the parameter "CSRF-Token".
Manually adding this parameter with the right value did the trick.
I am trying to send post request to create a toolchain on ibm cloud but getting this error mentioned in screenshot since last three days.
Why this error is coming up,am i doing something wrong?
Also i checked ibm none of the servers are down,cloud is normal
EDIT:So now i am able to create the toolchain,seems it was Authorization token error.
But now i am not Able to add a delivery pipeline through an api to an existing toolchain,is this functionality provided in IBM?
We are trying to understand your situation, but we have not been able to reproduce that Error 500 and "IBM Cloud console is down for maintenance" error you're seeing.
Could you try it again and let us know the datestamp&timezone of when you tried (so we can check our logs)?
Also can you give us the details of your default region, please?, as in if you open
https://cloud.ibm.com/devops/toolchains
does it redirect to:
https://cloud.ibm.com/devops/toolchains?env_id=ibm%3Ayp%3Aeu-de
or to some other non-(eu-de) region?
We did see this entry in the log files:
[2019-07-31T15:06:43.934] [ERROR] template-v2 - Failed to read template from repo https://github.com/open-toolchain/simple-toolchain, branch master, type null: Authorization header contains invalid or expired credentials.
but that occurs when using an invalid Authorization header token, and the response to the browser is not Error 500, but is Error 400 with:
"errorDetails\":\"Property 'access_token' either missing or empty \"
Also, when attempting to create the open-toolchain/simple-toolchain template, it doesn't work; it gives Error 400:
"description":"Failed Schema Validation at prod-region,prod-organization,prod-space,api-key for pipeline"
but creating a toolchain works ok using the repository:
https://github.com/open-toolchain/headless-toolchain
You can provision a toolchain with components such as a delivery pipeline using a GET request. The building blocks are described in the documentation for the IBM Cloud Continous Delivery service as part of creating a "Deploy" button.
There are some tutorials that use that deploy button to build more complex solutions, like the secure-file-storage, logistics-wizard-toolchain, or insurance-toolchain.
The GET request starts off a more complex flow because you need to log in, often provide values, etc. So I would recommend to try that request in a browser and not POSTMAN.
I am now able to create toolchain using POST request.
I was using wrong token for Authorization and got confused since no error message was shown instead "IBM cloud is under maintenance" popped up.
I am facing the issue in calling the OneDrive for Business API to work. Below are the steps I have followed till now:
Created a Web App/API application in Microsoft Azure Portal (A very tricky process). Gave all the permissions.
Got Application ID (A_ID) from there.
Went to the URL to get the 'code' via browser:
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=<A_ID>&redirect_uri=<URI>
Got the code. Did a callout via POSTMAN (using the code, client ID, client secret and redirect URI) to the URL: https://login.microsoftonline.com/common/oauth2/token
Received an Access Token (AT) and other details.
NOW, when I want to use this AT to upload a file, I am getting the error. The URI is: https://<tenant>/_api/v2.0/me/drive/root:/Abc.txt:/content. For headers, I am passing: Authorization-> Bearer AT; Content-Type -> application/octet-stream
The error is:
{"error":{"code":"unauthenticated","message":"Token contains invalid signature.","innerError":{"code":"invalidSignature"}}}
I don't know where the issue is. Is it in the tenant name I am using (There is a chance that I might be using it wrong!) OR is it in the permissions OR I have not set up the app in the Azure Portal correctly OR is it something entirely different.
After going through walkthroughs I had a test mvc app, test web api, and identityserver3 all working perfectly on my machine. I deployed IdentityServer3 to our servers in AWS behind a load balancer. I followed all the instructions in the Deployment wiki. I am able to hit the .wellknown configuration fine after deployment from a browser on my machine.
I changed the authority url for the mvc and api test apps to point to the aws deployment. Clients, Scopes, users, etc are all configured identically as they are hitting the same database as it was when running on local machine.
I can get an access token using RequestResourceOwnerPasswordAsync just fine so I think ids is installed fine.
However, both the API and the MVC app just trying to use implicit flow are now failing. FOr instance, when I try to hit a mvc controller action marked with [Authorize] I get an error stating "An invalid request URI was provided. The request URI must either be an absolute URI or BaseAddress must be set".
If I try to hit the webapi from the mvc app (both running locally on my machine) after a successful RequestResourceOwnerPasswordAsync call, I get the error "Response status code does not indicate success: 401 (Unauthorized)." after what seems like a timeout.
Any help would be greatly appreciated.
Figured out the problem. When specifying PublicOrigin, it has to be a full URL and not just the domain. I had left off https:// prefix.
The web api issue was related to connectivity to the identity server. There was some incorrect proxy settings for the app.
I'm trying to use an Office 365 organizational SharePoint site as a storage point through the SharePoint REST API for docx files generated in a Rails app. I've registered the app through https://<domain>.sharepoint.com/_layouts/15/appregnex.aspx and obtained a client_id and client_secret. Using https://<domain>.sharepoint.com/_layouts/15/appinv.aspx, I gave the app the following permissions:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>
Using the oauth2 gem, I've so far managed to obtain an access token using client_credentials:
client = OAuth2::Client.new(<client_id>, <client_secret>, site: "https://<domain>.sharepoint.com", token_url: "https://login.windows.net/<tenant_id>/oauth2/token")
token = client.get_token(grant_type: "client_credentials", client_id: client.id, client_secret: client.secret, resource: "https://<domain>.sharepoint.com")
The client_credentials strategy seems to work, as a token is received. However, trying to use it results in failure.
token.get("/_api/web/title") returns OAuth2::Error: { "error_description" : "The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs." }
RestClient.get("https://<domain>.sharepoint.com/_api/web/title", { "Authorization" => token.token }) returns RestClient::Unauthorized: 401 Unauthorized
I'm pretty much at my wits' end over this, and I'm this close to telling my boss that if it can somehow be done, I'm simply not knowledgeable enough to do it.
The IncludeExceptionDetailInFaults is a wcf service setting in the endpoint applications web.config. If you have access to the server https://.sharepoint.com then you can turn that on momentarily. Basically, this will send the exception trace dump to the client in the response. By default, any 500 status errors will come back with no information except for ...ooops an error occurred.
I don't know how that server is configured or that much about SharePoint at all. However, the error could be anything imaginable and not even related to oauth. Unless you can get the server log or have it spit back the exception then you are going to be spinning your wheels.
Very likely you don't have sufficient permissions. Try with different scopes.