We currently have a Google Action that requires users to log into our system and our OAuth account linking flow successfully provides an access token for authenticating with our fulfillment backend. This works great when our Action makes queries within Google Assistant.
We're also interested in using the Google Actions REST API with own custom chatbot in our web app, our iOS app, and other app platforms, but when making requests of the Google Actions API outside of Google Assistant, we keep receiving 401 authentication error responses.
Is it possible to use the Google Actions REST API outside of the Google Assistant environment? If so, then would someone be able to tell us what we're missing in our REST API calls?
As an example, based on the Google Actions REST API documentation - https://developers.google.com/assistant/actions/api - if we include our valid OAuth access token via the "Authorization: Bearer" header when making a test Google Actions REST API call via the command line:
curl -X POST "https://actions.googleapis.com/v2/projects/[OUR PROJECT ID]:matchIntents" -H "Authorization: Bearer [OUR OAUTH ACCESS TOKEN]" -H "x-goog-user-project: [OUR PROJECT ID]" -H "User-Agent: [OUR APP PLATFORM/VERSION INFO]" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"query\": \"how much money do we owe\", \"locale\": \"en-US\"}"
We always get a 401 error response, no matter how we tweak the headers:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
We've searched extensively online for any troubleshooting hints, but we have not found any answers to what we might be doing wrong here. Is there something missing from our API calls -OR- is the Google Actions REST API simply not accessible outside of the Google Assistant environment? Any help would be much appreciated.
The Actions on Google / Actions Builder platform is not designed to be used outside of the Google Assistant environment. If you want a way to programmatically match intents or call an API, you should use Dialogflow and their APIs.
Related
I am new to Cloud and I've been practising it for a while. I have a use case.
I want to retrieve the metadata of images in the bucket through a suitable REST API. I searched in API explorer and found Cloud Resource Manager API that could help retrieve the metadata but after exploring it I couldn't figure out the link.
API Required Fields
Can someone help me to understand what to put in the parent field?
You are using the wrong REST API.
The REST API endpoint is:
https://storage.googleapis.com/storage/v1/b/BUCKET_NAME/o/OBJECT_NAME
To view metadata, here is an example using the REST API in curl:
gcloud auth application-default login
BUCKET=BUCKET_NAME
OBJECT=OBJECT_NAME
URL=https://storage.googleapis.com/storage/v1/b/$BUCKET/o/$OBJECT
TOKEN=$(gcloud auth application-default print-access-token)
curl -v -X GET -H "Authorization: Bearer $TOKEN" $URL
Disclaimer: I'm completely new to Google Cloud Functions and serverless functions in general.
I've set up a basic Google Cloud Function, set it to HTTPS trigger and Require Authentication, and given the service account and my account the cloud function invoker role.
However, whenever I use Postman to sent an HTTP request to the function using my oauth2 token, I get a 401 Unauthorized error.
I've also followed the steps here: https://cloud.google.com/functions/docs/securing/authenticating
to create and download the service account key and make an HTTP request using cURL and get the same error.
How do I need to set this up so that authorized users can send HTTP requests to this function?
Here's what I'm doing:
$gcloud auth login (to log in with my account with cloud invoker permission)
$curl https://my-trigger-url \ -H "Authorization: bearer $(gcloud auth print-identity-token)"
Guillaume found the solution:
My cURL syntax to trigger the Cloud Function needed the -H "Authorization: bearer $(gcloud auth print-identity-token)" before the URL instead of after, which is the opposite of Google's own documentation.
Thanks for your help.
I trying to use GCS "User Credentials" to connect to Google cloud storage using libcurl library.
"User Credentials" authentication needs Client Id & Secret key to connect to GCS, but in this process Authentication Code also needs to be generated.
I need to generate this Authentication code using cURL.
Can anyone help me ??
The Client ID you mentioned is the same as the Authentication ID and can only be generated from either the Cloud Console's Credentials Page or via the OAuth 2.0 Playground.
If you are trying to generate an Access Token (OAUTH2_TOKEN), you will need to complete an authentication flow to authorize requests as a user. Cloud Storage uses OAuth 2.0 for API authentication and authorization.
Here's what you need to do to get an authorization access token from the OAuth 2.0 Playground:
Select & authorize APIs (Cloud Storage)
Select the scope for the APIs you would like to access or input your own OAuth scopes, e.g.: https://www.googleapis.com/auth/devstorage.read_write
Then click the "Authorize APIs" button
Once you've got the Authorization Code click the "Exchange authorization code for tokens" button, you will get a refresh and an access token which is required to access OAuth protected resources.
Grab the Access Token to use in your cURL command
Then configure your request to Cloud Storage API by constructing your HTTP request like so (upload):
curl -X POST --data-binary #[OBJECT_LOCATION] \
-H "Authorization: Bearer [OAUTH2_TOKEN]" \
-H "Content-Type: [OBJECT_CONTENT_TYPE]" \
"https://www.googleapis.com/upload/storage/v1/b/[BUCKET_NAME]/o?uploadType=media&name=[OBJECT_NAME]"
You can have a look at this Cloud Storage upload example in our public docs to guide you with constructing a request and testing it out.
Hope this helps.
I would like to use the cloud foundry api to get information about different apps running on the Pivotal Apps Manager.
When I run a GET request on https://api.[domain-to-look-into.com]/v2/apps
I keep getting this response:
{
"description": "Invalid Auth Token",
"error_code": "CF-InvalidAuthToken",
"code": 1000
}
I know I need some sort of Bearer Token but I am not sure how to generate that on a front-end application like angular. Does anyone know how to generate the Bearer Token and how to set up CRUD requests so I can get information from the cloud foundry api?
I wrote this Chrome plugin to talk to CF using Angular a while back, it's probably a good place to start. It handles authentication too.
https://github.com/danhigham/chrome-cf-client
I am trying
curl -X GET -H "Authorization: Bearer <TOKEN>" "https://api.uber.com/v1.2/requests/<REQUEST_ID>"
and response is 403
{"message":"Forbidden","code":"forbidden"}
But the https://developer.uber.com/docs/riders/guides/scopes says that
The good news is you currently have access to these scopes when authorizing your own account or those of the developer accounts you list in your application dashboard (Limited Access). This allows you to start building an app immediately.
I've got token via OAuth using my own account
I've set param "scope=request" to https://login.uber.com/oauth/v2/authorize
And I've set "scope=request" when did https://login.uber.com/oauth/v2/token
Also I've trying to do request to https://sandbox-api.uber.com, it responds
{ "message": "cannot find trip", "code": "not_found" }
But I think it's ok, because sandbox doesn't contain my own account data, right?
Where is my fault could be?