GSuite : Client is unauthorized to retrieve access tokens using this method - google-apps

Hi I'm trying to develop an for GSuite admin which enables to migrate their google drive data to another cloud service. But in the process of authentication i'm getting the below error.
{
"error": "unauthorized_client",
"error_description": "Client is unauthorized to retrieve access tokens using this method."
}
Below are the api's that are enabled in developer console.
1. Admin SDK
2. Contacts API
3. G Mail API
4. Calendar API
5. Drive API
Please guide me if done anything wrong in creating an app.

The main thing what i missed here is Authorizing my service account client ID with the GSUITE admin.
And I have been trying to generate access_token for the expired domain of mine.
After clearing all these i have to success in generating and getting user data.
This solution worked for me. I hope it works for you tooo....
Thank you community.

Related

How can I get a long term refresh token for google search ads 360 api that doesn't expire?

I have created an app registration in google cloud and have managed to authenticate when using the test scope by changing the redirect url to localhost:8080 and acquiring an access token and a refresh token. The problem is that the refresh token expires when using the test scope, so I switched to the production scope, and now I get an error no matter what url I list as an authorized domain.
The only solution I can find so far is to switch back to the test environment (Google oAuth 2.0 API Authentication Error: Error 400 - redirect_uri_mismatch (does not comply with policy) DJANGO APP), but that doesn't work for me for the reasons above.
Does anyone know how to get a permanent refresh token in production scope for sa 360?
Any help would be much appreciated.

Error Code 401 while using Server Side Huawei Mobile Service API for app level access token

From yesterday I am facing this error code 401 while accessing token from server using this API: https://oauth-login.cloud.huawei.com/oauth2/v3/token
Just for your information I am using Postman. Can anybody help me with this.
Error 401 usually means “unauthorized” or “request denied” because a request lacks valid credential. Although this error code is not listed in Account Kit server api, a developer can find it in other kit document - https://developer.huawei.com/consumer/en/doc/development/HMSCore-References-V5/webapi-error-code-0000001050163432-V5. Basically, a developer need to make sure that their API key and/or token is valid.
while using huawei auth service if error code 401 returned it means access token becomes invalid and we need to obtain a new token. Token Validity is 60 mins.

Error Implementing Acumatica REST API

I am currently trying to implement the use of the Acumatica REST APIs in a project I am working on. I am able to successfully log in to the application.
The issue is when I try to access additional data, customers for example, I receive the following message: {"message": "You have been logged out because your account has been disabled. Please contact your system administrator."} in the form of a 403 error.
I checked my account permissions and I do have the System Admin Role on the account I am using to log in to Acumatica. Below is a screen shot of my postman.
You probably have the admin user disabled.
Some function of Acumatica impersonate the admin user in order to complete their task. Some of these functionalities include the web services, the scheduler and the integration services.
Enabling the admin user should fix the issue you are facing.

Call Microsoft Graph API - App only unauthorized error

I am trying to make request to the Graph API using a service with no UI. I downloaded the following sample code and followed the instructions: https://blog.kloud.com.au/2015/12/14/implementing-application-with-o365-graph-api-in-app-only-mode/
I successfully get an Access Token, but when using it to make a request to get organization information (required Read Directory Data access), I get 403 Unauthorized.
I have registered my app in Azure AD (where I am a co-administrator).
I have specified Microsoft Graph in the 'permissions to other applications' section, and given Read Directory Data access.
Interestingly there is a note below saying 'You are authorized to select only delegated permissions which have personal scope'. Even though I clearly did. Why? I suspect this is the source of my problem.
Likewise I have checked my demo app against these instructions: https://graph.microsoft.io/en-us/docs/authorization/app_only, but it makes no mention of what role in Azure you need to have.
in this SO post's answer, there is mention of still needing to Consent. I haven't found any documentation about this.
You are authorized to select only delegated permissions which have personal scope
This issue is caused that the app is created by none admin and when they visit the portal then will see this message.
To grant the app-only permission to the application, we need to be the administrator of the tenant. It is different with the co-administrator. To user the Client Credential flow, I suggest that you contact the admin of the tenant to create an application for you. And if you were just for testing purpose, you can create a free tenant and register the application yourself.
Update
We need the assign the Global administrator director role as figure below to make the application works for the client credential flow:

NetSuite redirect fails with bad SAML request on Azure

I have setup SSO with Netsuite and Azure using the following instructions:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-saas-netsuite-tutorial/.
The SSO works for users from Office 365 to NetSuite, however if a user clicks on a NetSuite link in an email they receive an invalid SAML protocol message from Azure during authentication.
For example:
Email Link is
"https:\system.netsuite.com/app/accounting/transactions/purchord.nl?id=167770&c={ACCOUNT_ID}"
Get redirected to (by NetSuite)
"https:\login.windows.net/9621cdc8-e1c4-4a3c-849e-35be6db5a45e/saml2"
which then redirects to :
"https:\login.microsoftonline.com/9621cdc8-e1c4-4a3c-849e-35be6db5a45e/saml2?RelayState=https%3A%2F%2Fsystem.netsuite.com%2Fapp%2Faccounting%2Ftransactions%2Fpurchord.nl%3Fid%3D167770%26c%3D{ACCOUNT_ID}"
which generates error:
Sign In
Sorry, but we’re having trouble signing you in.
We received a bad request.
Additional technical information:
Correlation ID: a8ceee9f-8507-4f55-aa56-e65266bf7d92
Timestamp: 2016-04-13 05:18:07Z
AADSTS75005: The request is not a valid Saml2 protocol message.
Does anyone have any ideas how to get further details on the error, or fix it?
I recently came across this issue and found a solution that works for me.
Try using the following format
https://account.activedirectory.windowsazure.com/applications/signin/{AZURE NETSUITE - APPLICATION_ID}?RelayState=https%3A%2F%2F{NetSuite_Account#}.app.netsuite.com%2Fapp%2Faccounting%2Ftransactions%2Fpurchord.nl%3Fid%3D{Purchae_Order_Record_ID}
I hope this helps.
Recently I faced this issue with Azure SSO, link does not work it fails # the SSO provider's(Azure) login URL. Issue is not with the Netsuite it is sending the request for authentication to Azure but Azure could not authenticate the user even though user is logged into the AD. You can resolve this issue by syncing Azure AD and source of authority. Also make sure your Azure SSo is setup correctly -by running zure Active Directory Module for Windows PowerShell as an admin.
Good luck