I have users that link their Google suite account using the OAuth2ForDevices approach. After linking the account to the device I would like to forward the user to another page with instructions instead of leaving them at the generic google page "Success! Device connected".
This is the current flow:
1) Grab device_code and user_code from POST to URL: https://accounts.google.com/o/oauth2/device/code
curl -X POST \
https://accounts.google.com/o/oauth2/device/code \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'client_id=<hidden>&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar'
response
{
"device_code": "ab-cdef...",
"user_code": "ABCD-ABCD",
"expires_in": 1800,
"interval": 5,
"verification_url": "https://www.google.com/device"
}
if i append parameters like foo=bar or forward_url= the response is still the same as above.
redirect_uri=http://localhost:8080 it results in an error, so this parameter is obviously recognised.
{
"error": "invalid_request",
"error_description": "Invalid redirect URI"
}
The problem does not seem to be the URL since the following request works fine: i managed t
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<client_id>&redirect_uri=http://localhost:8080&scope=https://www.googleapis.com/auth/calendar
2) Let user confirm verification_url (https://www.google.com/device)
3) "Success! Device connected"
I have tried with a bunch of domains and URL:s that has been confirmed in both google search console and added to domain verification in https://console.cloud.google.com
Worth mentioning*: I noticed that Google Cloud Platform behaves in a strange way, removing earlier verified domains -- when I'm adding new domains: https://console.cloud.google.com/apis/credentials/domainverification?project=&pli=1&authuser=1
My theories:
1) It's simply not possible to add a redirect_uri when using the OAuth2ForDevices approach.
2) There is a bug* in Google Cloud Platform that displays me domains but this is cached data.
*Buggy?? Google
Related
I am sending a request to the Facebook device/login API via curl using a shell script as documented in the Facebook Login for Devices page:
curl -i -X POST https://graph.facebook.com/v14.0/device/login -F 'access_token=${app_id}|${client_token}' -F 'scope=ads_management,business_management,instagram_basic,instagram_content_publish,pages_read_engagement,pages_show_list,public_profile'
(The app_id and client_token are properly filled in.)
I get back the response such as
{
"code": "f4ee7axxxxxxxxxxxxxxxxec4b8e28eb",
"user_code": "PXXXXXXQ",
"verification_uri": "https://www.facebook.com/device",
"expires_in": 420,
"interval": 5
}
In my browser, I open a fresh private page and go to https://www.facebook.com/device, log in, and enter the user_code (e.g. PXXXXXXQ), and it completes successfully.
I then "poll" device/login_status via this curl command:
curl -i -X POST https://graph.facebook.com/v14.0/device/login_status -F 'access_token=${app_id}|${client_token}' -F 'code=f4ee7axxxxxxxxxxxxxxxxec4b8e28eb'
and get back a response with an access token:
{
"access_token": "EAAKxxxxxxxxxxxxxxxxxxxxxuuu",
"data_access_expiration_time": 1663078272,
"expires_in": 5183984
}
I then put the access token into the Access Token Debugger and find that it only has the two basic permissions of pages_show_list and public_profile. The other permissions are not granted.
I'm assuming I do not have my app configured properly. So far, the Facebook support has punted on the question so I'm turning here for help. I have "Enable Login for Devices" as the API page says in Step 1. I have "Facebook Login", "App Events", and "Instagram Basic Display" in my "Products" list. I don't see any warnings or flags on any of the app's pages. My "Test User" is a real Facebook user listed as in a Tester roll in the app.
Ultimately I want to use the Instagram media API. As a simpler test of the access token, I was trying to use the {page_id}?fields=instagram_business_account as a test and it wasn't working. Some pages suggest disconnecting and reconnecting the Instagram user and other things but I think the problem originates with the access token not having sufficient permissions.
I have also tried just requesting the permissions needed for the {page_id} and got the same results.
What changes do I need to make to get an access token via the device/login API that has more than just pages_show_list and public_profile permissions?
We currently have a Google Action that requires users to log into our system and our OAuth account linking flow successfully provides an access token for authenticating with our fulfillment backend. This works great when our Action makes queries within Google Assistant.
We're also interested in using the Google Actions REST API with own custom chatbot in our web app, our iOS app, and other app platforms, but when making requests of the Google Actions API outside of Google Assistant, we keep receiving 401 authentication error responses.
Is it possible to use the Google Actions REST API outside of the Google Assistant environment? If so, then would someone be able to tell us what we're missing in our REST API calls?
As an example, based on the Google Actions REST API documentation - https://developers.google.com/assistant/actions/api - if we include our valid OAuth access token via the "Authorization: Bearer" header when making a test Google Actions REST API call via the command line:
curl -X POST "https://actions.googleapis.com/v2/projects/[OUR PROJECT ID]:matchIntents" -H "Authorization: Bearer [OUR OAUTH ACCESS TOKEN]" -H "x-goog-user-project: [OUR PROJECT ID]" -H "User-Agent: [OUR APP PLATFORM/VERSION INFO]" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"query\": \"how much money do we owe\", \"locale\": \"en-US\"}"
We always get a 401 error response, no matter how we tweak the headers:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
We've searched extensively online for any troubleshooting hints, but we have not found any answers to what we might be doing wrong here. Is there something missing from our API calls -OR- is the Google Actions REST API simply not accessible outside of the Google Assistant environment? Any help would be much appreciated.
The Actions on Google / Actions Builder platform is not designed to be used outside of the Google Assistant environment. If you want a way to programmatically match intents or call an API, you should use Dialogflow and their APIs.
I'm trying to use the relatively new PayPal Sync API to download my PayPal transactions. I'm following the Sync API guide. I started by logging into the PayPal Developer Dashboard My Apps & Credentials page, scrolling to the REST API apps section, creating an app, clicking on it, and enabling Transaction Search for both the Sandbox and Live accounts.
I then used the Sandbox account's Client ID and Secret to generate an Access Token. I confirmed that the Client ID and Secret are correct and active. My cURL command is below (note that I'm using cURL on Windows 10):
curl -v https://api.sandbox.paypal.com/v1/oauth2/token ^
-H "Accept: application/json" ^
-H "Accept-Language: en_US" ^
-u "<my-client-id>:<my-secret>" ^
-d "grant_type=client_credentials"
I received a response similar to the following (I added the formatting):
{
"scope":"https://uri.paypal.com/services/reporting/search/read
https://api.paypal.com/v1/payments/.*
https://uri.paypal.com/services/applications/webhooks
openid",
"nonce":"2018-04-04T02:20:02Z...",
"access_token":"<my-access-token>",
"token_type":"Bearer",
"app_id":"<my-app-id>",
"expires_in":32400
}
I then took the Access Token and copied it into the sample command on the Sync API guide page. Here is the command I ran:
curl -v -X GET https://api.sandbox.paypal.com/v1/reporting/transactions?transaction_id=5TY05013RG002845M&fields=all&page_size=100&page=1 ^
-H "Content-Type: application/json" ^
-H "Authorization: Bearer <my-access-token>"
I received the following error response:
< HTTP/1.1 401 Unauthorized
...
< Content-Length: 244
< Connection: close
< Content-Type: application/json
<
{
"name":"AUTHENTICATION_FAILURE",
"message":"Authentication failed due to invalid authentication credentials or a missing Authorization header.",
"links":[{
"href":"https://developer.paypal.com/docs/api/overview/#error",
"rel":"information_link"
}]
}
I tried many things to correct this error, including:
Adding a "Accept: application/json" and "Accept-Language: en_US" header to the command.
Creating a new Secret and generating a new Access Token.
Creating a new App with a new Client ID & Secret and generating a new Access Token.
Disabling Transaction Search, re-enabling it, and sending the command again.
Trying in the Live account.
Each of these attempts produced the same result. I noted that in the scope section of the access token response that it doesn't include a path similar to the stated path for the Sync API (/v1/reporting/transactions). However, that's just an observation, and I'm not sure if that is relevant.
I read through the entire Sync API guides and documentation about five times, and I searched Google and StackOverflow pretty thoroughly. I'm seeing evidence that some people are getting past the initial connection to Sync API, so I'm fairly certain this API works.
Can someone help me understand what I'm missing? Could it just be that I need to wait a day or two for their systems to catch up? PayPal's Developer documentation is not very user-friendly, and their Developer Dashboard is extremely glitchy.
I had this same issue. Putting double quotes around the URL solved it for me. The other API endpoints worked (authentication, authorizations/xyz) because they didn't have any special URL characters in them. In the transaction search, the query string delimiters were being parsed by Bash.
Your curl lines above become:
curl -v -X GET "https://api.sandbox.paypal.com/v1/reporting/transactions?transaction_id=5TY05013RG002845M&fields=all&page_size=100&page=1" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <my-access-token>"
Hope that helps someone.
It appears that this error may be caused by either cURL or the way I'm using it. On a hunch, I used Hurl.it to execute this sample request, and the request was successful (HTTP 200). I then tried another request where I searched for all transactions in a given date range, and that was also successful. I'm going to mark the question answered.
I am trying
curl -X GET -H "Authorization: Bearer <TOKEN>" "https://api.uber.com/v1.2/requests/<REQUEST_ID>"
and response is 403
{"message":"Forbidden","code":"forbidden"}
But the https://developer.uber.com/docs/riders/guides/scopes says that
The good news is you currently have access to these scopes when authorizing your own account or those of the developer accounts you list in your application dashboard (Limited Access). This allows you to start building an app immediately.
I've got token via OAuth using my own account
I've set param "scope=request" to https://login.uber.com/oauth/v2/authorize
And I've set "scope=request" when did https://login.uber.com/oauth/v2/token
Also I've trying to do request to https://sandbox-api.uber.com, it responds
{ "message": "cannot find trip", "code": "not_found" }
But I think it's ok, because sandbox doesn't contain my own account data, right?
Where is my fault could be?
Am using the "ping-back server endpoint" as per https://developers.facebook.com/docs/marketing-api/mobile-conversions-endpoint/v2.4 to manually log app installs and events from our server to Facebook's.
These events show up in facebook app analytics (with Platform Unknown), but, on the App Ads Helper, I still see Last iOS Install Unavailable.
I assume this is because the iOS sdk (which we are not using) sends something in the headers that our server does not?
Is there a parameter that we can use to make the server-to-server MOBILE_APP_INSTALL events work for ad conversion tracking?
Thanks
example request:
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'event=MOBILE_APP_INSTALL&advertiser_id=A4787B8B-2951-45F0-807C-A6AF5A445702&application_tracking_enabled=1&advertiser_tracking_enabled=1' 'https://graph.facebook.com/v2.4/758041614305509/activities'
Would attach screenshots if I was allowed...