GSuite marketplace Listing with Admin SDK + SERVICE ACCOUNT - google-apps

I brought up a GSuite Marketplace Listing with Service account created and Domain Wide Delegation enabled. I want to retrieve the users and orgunits of the customer.
Created a new Google Cloud Project
Enabled 'Admin SDK' in the project
Enabled 'GSuite Marketplace SDK', filled the scopes 'https://www.googleapis.com/auth/admin.directory.orgunit.readonly',
'https://www.googleapis.com/auth/admin.directory.user.readonly' and published the listing.
Enabled the 'Enable API Access' in the Admin Console of the customer.
The customer installed the app but I saw that the client_id of the SA was not added under the "Authorized API clients" section. When I try to retrieve the list of users in GSuite, I get the below error.
"unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested"
Am I missing something in the marketplace listing ?

Why do you expect the SA's Oauth client to automatically appear under 'Authorized API Clients'? The instructions for setting up whitelisted Oauth clients for the domain mention you have to do it manually.

Related

How to control service account display name in Google Admin Domain-wide Delegation?

I am facing an issue with the client name displayed in Google Admin > Security > API controls > Domain-wide Delegation.
Let's say I have created a service account on Google Cloud Platform:
When I authorize a scope for that service account on Google Admin side (different workspace), the name displayed doesn't match anything I have typed:
For the record, this M Connector descriptor was used before for another service account in the same Google Project (or another project of same Google Workspace, don't remember exactly), but clearly today I don't have any service account matching this in my Google Project.
Is there a way to control the name displayed in Google Admin Domain-wide Delegation list ?
The API Client Name that is displayed in your Domain-wide delegation is actually the name of your App in your Oauth Consent Screen.
my service account:
my domain-wide delegation:

Error Implementing Acumatica REST API

I am currently trying to implement the use of the Acumatica REST APIs in a project I am working on. I am able to successfully log in to the application.
The issue is when I try to access additional data, customers for example, I receive the following message: {"message": "You have been logged out because your account has been disabled. Please contact your system administrator."} in the form of a 403 error.
I checked my account permissions and I do have the System Admin Role on the account I am using to log in to Acumatica. Below is a screen shot of my postman.
You probably have the admin user disabled.
Some function of Acumatica impersonate the admin user in order to complete their task. Some of these functionalities include the web services, the scheduler and the integration services.
Enabling the admin user should fix the issue you are facing.

Paypal API Credentials Access

Hello Everyone,
I'm using personal paypal Australian account. I want to connect my account with my website to accept payments. So i need to get Paypal API Credentials Access and this is under profile => "My Selling Tools" in my profile. My account is verified with debit card. What's the requirements to activate "My Selling Tools" => "API access" settings on my account?
Option 1 - Add or edit API permissions to view your current API settings, change your settings, or set up additional carts or online stores.
This option applies to:
Hosted online stores and shopping carts integrated with PayPal
Websites hosted and managed by third-party service providers
Option 2 - Request API credentials to create your own API username and password.
This option applies to:
Custom websites and online stores
Pre-integrated shopping carts
running on your own server
Source: https://www.paypal.com/cgi-bin/customerprofileweb?cmd=%5fprofile%2dapi%2daccess&upgrade.x=1

How to get clientid and clientsecret for OAuth 2.0 authentication in servicenow

I am trying to integrate my client application with ServiceNow using OAuth 2.0 authentication. In servicenow documentation for REST apis i have seen that we have to register our client with servicenow to get clientid and clientsecret for OAuth 2.0 resource owner password authentication. In the document to register the application we have to navigate to System OAuth > Application Registry in servicenow, but in my servicenow instance System OAuth > Application Registry is not present. How should i proceed to get the clientid and clientsecret
It sounds like the OAuth 2.0 plugin may not be active on your instance.
Got to: https://YOURINSTANCE/v_plugin_list.do?sysparm_query=GOTOname%3E%3Doauth and make sure it is Active
Also in your System Properties, make sure that OAuth is turned on.
This URL: sys_properties_list.do?sysparm_query=GOTOname%3E%3Dcom.snc.platform.security.oauth.is.active
Also check out the wiki for any further clarification:
Good luck!
Steps to create and app and get client id/client secret.
Log into ServiceNow. Make sure you have an admin user login.
You need to navigate to System OAuth > Application Registry. Click New.
Easiest way is to search for "Application Registry"to register an OAuth client application in ServiceNow interceptor page, click Create an OAuth API endpoint for external clients. Fill out the fields, as appropriate.
Step 1
Step 2
Name - e.g. MyApp
If you leave the "Client Secret" as blank that will be the admin password by default (I won't recommend this)
Step 3
Additional Info:
Note that the refresh token expires in 100 days (8,640,000 seconds).
You can update the “Refresh Token Lifespan” to “2,147,483,647” (maximum value allowed by ServiceNow) to have a longer expiry for refreshtoken.
More Details - http://wiki.servicenow.com/index.php?title=OAuth_Setup#gsc.tab=0
• Click Submit.
Make sure tables you access via the api are allowed for web service access. Go to System Definition > Tables and locate your table (e.g. “sys-user”). Make sure “Allow access to this table via web services” checkbox is ticked. By default this is enabled.
Provide your Servicenow admin account username and password with the ClientId and ClientSecret to authorise your app to connect to ServiceNow.

Google Apps Marketplace SDK + Domain-wide OAuth 2 SSO

We've been working on an Google Apps-app meant to be installed by a domain administrator. We initially tried to list it via the (now deprecated) market listing, but all new submissions must now go through the Google Apps Marketplace SDK.
We're having an issue with the new GAM SDK SSO however - despite having installed it on our domain internally, each user is prompted via the consent screen when sending them to the OAuth login url. The OAuth url is asking for the same permission scope as is registered in the GAM SDK configuration screen.
The docs seem to be entirely conflicting on how to pull off non-challenged SSO for apps installed by the GA admin.
What url, with what params, we should be sending users to authenticate with GA without being asked for (presumably already granted) consent?
Can you share the code with which you are asking for authorization?
9 out of 10 times, if each user in the domain is getting prompted, that is because you are asking for "offline" access. Domain wide authorization cannot be done for offline access. In Python for instance, you can do that like this -
constructor_kwargs = {
'redirect_uri': GOOGLE_AUTH_CALLBACK_URL,
'auth_uri': client_info['auth_uri'],
'token_uri': client_info['token_uri'],
'access_type' : 'online'
}
flow = OAuth2WebServerFlow(client_info['client_id'],
client_info['client_secret'],
SCOPES, **constructor_kwargs)