We develop an app to be used with Google assissant. All works fine in develop envirnoment, than when we deploy in test envirnoment on aws we have these errors from Google:
DEADLINE_EXCEDEED
RESOURCE_EXHAUSTED
these when we answer to a Sync request.
The account link and the First Sync are working fine!
Any idea?
DEADLINE_EXCEEDED - This generally happens when an intent request times out waiting for a response. If you're seeing these errors during account linking, it may also be related to the time taken to issue the OAuth token in addition to the initial SYNC.
RESOURCE_EXHAUSTED - This happens when you call Request Sync more than once concurrently for a given agentUserId. For more details see the Error responses section of the Request Sync developer guide.
Related
I follow the tutorial: https://developers.google.com/assistant/transactions/digital/dev-guide-digital-consumables
Everything works great up to a point when it's time to consume the product.
When calling https://actions.googleapis.com/v3/conversations/{sessionId}/entitlement:consume
it returns:
{"error":{"code":403,"message":"The caller does not have permission","status":"PERMISSION_DENIED"}}
I tried with the same JWT as I used to make a purchase as well as with a newly generated one. I'm also sure that entitlement.purchaseToken is successfully retrieved.
Any ideas?
I figured it out!
My app is using Service Account key from another project to generate JWT - due to a common app in Google Play Console, which enables me to share purchase entitlements across all my Actions.
As it turned out, this key can not be used in calling consume endpoint: https://actions.googleapis.com/v3/conversations/${convId}/entitlement:consume
To call it successfully, I have to use Service Account key from the project that the Action belongs to, generate new JWT and the voila! Everything's working as it should.
I am facing the challenge to request the Bing Ads API to get a couple of metrics from it.
I am using Apache Airflow DAGs hosted on a remote Kubernetes cluster to do so. It is a nice way to automate and schedule tasks.
Now, the documentation is rather light on the point of gaining access to the API.
I have followed this https://learn.microsoft.com/en-us/advertising/guides/authentication-oauth-identity-platform?view=bingads-13#registerapplication
and the official SDK docs https://github.com/BingAds/BingAds-Python-SDK/.
I am failing at authenticating when querying, since I am lacking a couple of pieces of information.
When authenticating using the "refresh token" and "redirect URI", I do not have either. (Class OAuthWebAuthCodeGrant here: https://github.com/BingAds/BingAds-Python-SDK/blob/294d01eea57d80ba381a42cde8d006fc318af056/bingads/authorization.py#L566)
When using a different method (Class OAuthDesktopMobileAuthCodeGrant here: https://github.com/BingAds/BingAds-Python-SDK/blob/294d01eea57d80ba381a42cde8d006fc318af056/bingads/authorization.py#L532), I fail w/
AADSTS700016: Application with identifier '<someidentifier>' was not found in the directory '<somethingelse>'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
Thank you very much in advance! If you need more details, let me know!
Also great documentation in general, if I can make it more "newb"-friendly, let me know!
Edit1:
Sadly, while there has been some traffic to this question, nobody seems to be able to answer.
I will specify the set up a bit further.
We use Airflow DAGs to request daily updates from the API. For this, we need to authenticate. The authentication comes from a "new device" every time, since the code runs on a k8s cluster which allocates the jobs dynamically to it's pods.
For authentication, we ventured into different solutions, but all require some form of human interaction to get the refresh token into the DAG.
Is there any solution which allows for a hands-free deamon like many-server-to-server communication?
This link sheds some light on what we are looking for: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-registration#api-permissions---app-permissions-and-admin-consent
Sadly, the Bing Ads API does not show up there.
What key piece of information are we missing?
Bing Ads, like Google Ads, uses OAuth for its API.
If you reference the Getting Started page, it mentions that you need a developer token, complete with links.
You can follow these steps to get a developer token for production.
Sign in with Super Admin credentials at the Microsoft Advertising Developer Portal account tab.
Choose the user that you want associated with the developer token. Typically an application only needs one universal token regardless how many users will be supported.
Click on the Request Token button.
Regarding your specific scenario--an application running in the cloud without an interface--you should know that OAuth requires you to interact with it to set things up. So run your app locally ONCE, or at least the getting_started code from your language's walkthrough: https://learn.microsoft.com/en-us/advertising/guides/walkthrough-desktop-application-python?view=bingads-13
Running it locally will go through the authentication process with your browser and generate a refresh token (in the file refresh.txt by default). Store this file with your code. It will have to be on the server that's making the request, and since it's in Kubernetes, you'll have to keep it with your container file.
I am trying to use the NetSuite SuiteTalk REST Web Services to access NetSuite CRM data.
I have the access up and working in production. Able to retrieve record data and metadata.
I am now trying to set up access in the sandbox for more in-depth testing.
In the sandbox I have:
- Enabled rest web services
- Enabled token based authentication
- Given user concurrent web services permission
- Given user Log in using access tokens permission
- Created an integration
- Created an access token
All of these actions mirrored what was done in production.
When I attempt any kind of GET to the web service, I receive a 401 - Invalid login attempt.
When I check the Login Audit Trail, I don't see any record of the GET attempt, failed or otherwise.
Is there something of a systemic nature that I have to do additionally in the sandbox to enable rest web services? Above and beyond enabling it in SuiteCloud/SuiteTalk?
The fact that I see absolutely nothing in the audit trail makes me believe that something is still "turned off".
===> 4/4/2020 Update
ed14 and Nihkil,
Thank you for your responses, and sorry for the delay in responding back.
The hyphen to underscore in the realm did not help me unfortunately.
Let me recap recent attempts:
1) Started by verifying that REST API testing in production still works.
2) The sandbox was refreshed by a CRM admin. The application was still there, but my access token was not. I created a new one in the sandbox.
Is it possible to delete the application? I cannot see any way to do that.
3) Tested with existing Consumer Token and new Access Token. Got the same response as from my first post: "title": "Invalid login attempt, for more details see Login Audit Trail.",
4) Tested by slightly modifying the URL to make sure I was not going to a black hole somewhere. It gave me the expected error.
5) Tested by modifying the realm: Realm 9999999-sb4 to Realm 9999999_sb4 It gave me an error which leads me to believe that my original realm is correct: "title": "An unexpected error occurred. Error ID: k8hd8pqej3unxblmaoik",
Again, none of the tests show up in anywhere in the audit log as a failed attempt.
Not sure where to go from here? Delete the sandbox application (if possible) and start again? Or new application in sandbox?
Thanks for any and all help.
Bryan Hunt
I had the same issue using the sandbox. Apparently there is a mismatch between the account ID (used in realm authorization) and the account ID in the URL.
The account ID (realm): XXXXX_SB1
The account ID in the url: XXXXX-SB1
The SB should be in upper case.
This solved the problem for me.
As #ed14n and #nikhil-abraham said, changing - to _ in authorization realm and put the SB in UPPER CASE solve this problem here.
If you are using POSTMAN template provided from NetSuite, your envs should be like the image below.
In Postman in your request tab and then in the authorization tab in the advanced section there is a field called Realm. Put the account id in the realm field with underscores.
I'm trying to implement account linking against our OAuth service.
I tried logging in using gala-demo.appspot.com and that seems to work.
Calling askForSignIn() seem to fail when invoked, i don't get any calls back to my web service so the error seems to be upstream.
The response i see in the debug info when using the assistant simulator is:
expected_inputs[0].possible_intents[0]: intent 'actions.intent.SIGN_IN' is only supported for version 2 and above.
Any ideas?
On another note; If i set signInRequired on the action configuration for the welcome intent, it seems to get further but gives a bad sign in redirect link in simulator and on a device it opens a dialog that just disappears (looks like a successful login) but no response back to the web service.
That happens because you're probably using the old v1 API. I suggest you to check the migration guide:
https://developers.google.com/actions/reference/v1/migration
Cheers!
Sign in intent doesn't work at the moment as clearly explained in the docs, it's just something you can use for test in the emulator, but it's not available in production
I built a simple Node.js app that worked with the Weather service. It worked fine for a while, but about 24 hours ago started returning this error:
{"metadata":{"version":"1","transaction_id":"1:1362317376","status_code":401},"success":false,"errors":[{"error":{"code":"AGW-0210","message":"Api not allowed for this api key."}}]}
I've double checked my authentication information and it is correct.
The 401 response indicates authentication failed. But it may also have been the service unavailable or a plan limit reached. Are you still seeing this problem? Is it intermittent? or continuously failing?
There is a brief explanation of the throttling of the API when it hits the limits of the plan that you selected. See here, in the bottom paragraph of the first section.
You can check the status of the Bluemix platform here.
I found a workaround for me, just delete the old service and create a new one.
This works fine for me.