Uber GET requests 403 - uber-api

I am trying
curl -X GET -H "Authorization: Bearer <TOKEN>" "https://api.uber.com/v1.2/requests/<REQUEST_ID>"
and response is 403
{"message":"Forbidden","code":"forbidden"}
But the https://developer.uber.com/docs/riders/guides/scopes says that
The good news is you currently have access to these scopes when authorizing your own account or those of the developer accounts you list in your application dashboard (Limited Access). This allows you to start building an app immediately.
I've got token via OAuth using my own account
I've set param "scope=request" to https://login.uber.com/oauth/v2/authorize
And I've set "scope=request" when did https://login.uber.com/oauth/v2/token
Also I've trying to do request to https://sandbox-api.uber.com, it responds
{ "message": "cannot find trip", "code": "not_found" }
But I think it's ok, because sandbox doesn't contain my own account data, right?
Where is my fault could be?

Related

Facebook device/login returning access token but without the requested permissions

I am sending a request to the Facebook device/login API via curl using a shell script as documented in the Facebook Login for Devices page:
curl -i -X POST https://graph.facebook.com/v14.0/device/login -F 'access_token=${app_id}|${client_token}' -F 'scope=ads_management,business_management,instagram_basic,instagram_content_publish,pages_read_engagement,pages_show_list,public_profile'
(The app_id and client_token are properly filled in.)
I get back the response such as
{
"code": "f4ee7axxxxxxxxxxxxxxxxec4b8e28eb",
"user_code": "PXXXXXXQ",
"verification_uri": "https://www.facebook.com/device",
"expires_in": 420,
"interval": 5
}
In my browser, I open a fresh private page and go to https://www.facebook.com/device, log in, and enter the user_code (e.g. PXXXXXXQ), and it completes successfully.
I then "poll" device/login_status via this curl command:
curl -i -X POST https://graph.facebook.com/v14.0/device/login_status -F 'access_token=${app_id}|${client_token}' -F 'code=f4ee7axxxxxxxxxxxxxxxxec4b8e28eb'
and get back a response with an access token:
{
"access_token": "EAAKxxxxxxxxxxxxxxxxxxxxxuuu",
"data_access_expiration_time": 1663078272,
"expires_in": 5183984
}
I then put the access token into the Access Token Debugger and find that it only has the two basic permissions of pages_show_list and public_profile. The other permissions are not granted.
I'm assuming I do not have my app configured properly. So far, the Facebook support has punted on the question so I'm turning here for help. I have "Enable Login for Devices" as the API page says in Step 1. I have "Facebook Login", "App Events", and "Instagram Basic Display" in my "Products" list. I don't see any warnings or flags on any of the app's pages. My "Test User" is a real Facebook user listed as in a Tester roll in the app.
Ultimately I want to use the Instagram media API. As a simpler test of the access token, I was trying to use the {page_id}?fields=instagram_business_account as a test and it wasn't working. Some pages suggest disconnecting and reconnecting the Instagram user and other things but I think the problem originates with the access token not having sufficient permissions.
I have also tried just requesting the permissions needed for the {page_id} and got the same results.
What changes do I need to make to get an access token via the device/login API that has more than just pages_show_list and public_profile permissions?

Using the Actions REST API Outside of Google Assistant?

We currently have a Google Action that requires users to log into our system and our OAuth account linking flow successfully provides an access token for authenticating with our fulfillment backend. This works great when our Action makes queries within Google Assistant.
We're also interested in using the Google Actions REST API with own custom chatbot in our web app, our iOS app, and other app platforms, but when making requests of the Google Actions API outside of Google Assistant, we keep receiving 401 authentication error responses.
Is it possible to use the Google Actions REST API outside of the Google Assistant environment? If so, then would someone be able to tell us what we're missing in our REST API calls?
As an example, based on the Google Actions REST API documentation - https://developers.google.com/assistant/actions/api - if we include our valid OAuth access token via the "Authorization: Bearer" header when making a test Google Actions REST API call via the command line:
curl -X POST "https://actions.googleapis.com/v2/projects/[OUR PROJECT ID]:matchIntents" -H "Authorization: Bearer [OUR OAUTH ACCESS TOKEN]" -H "x-goog-user-project: [OUR PROJECT ID]" -H "User-Agent: [OUR APP PLATFORM/VERSION INFO]" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"query\": \"how much money do we owe\", \"locale\": \"en-US\"}"
We always get a 401 error response, no matter how we tweak the headers:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
We've searched extensively online for any troubleshooting hints, but we have not found any answers to what we might be doing wrong here. Is there something missing from our API calls -OR- is the Google Actions REST API simply not accessible outside of the Google Assistant environment? Any help would be much appreciated.
The Actions on Google / Actions Builder platform is not designed to be used outside of the Google Assistant environment. If you want a way to programmatically match intents or call an API, you should use Dialogflow and their APIs.

Forward user after authentication of Google Device

I have users that link their Google suite account using the OAuth2ForDevices approach. After linking the account to the device I would like to forward the user to another page with instructions instead of leaving them at the generic google page "Success! Device connected".
This is the current flow:
1) Grab device_code and user_code from POST to URL: https://accounts.google.com/o/oauth2/device/code
curl -X POST \
https://accounts.google.com/o/oauth2/device/code \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'client_id=<hidden>&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar'
response
{
"device_code": "ab-cdef...",
"user_code": "ABCD-ABCD",
"expires_in": 1800,
"interval": 5,
"verification_url": "https://www.google.com/device"
}
if i append parameters like foo=bar or forward_url= the response is still the same as above.
redirect_uri=http://localhost:8080 it results in an error, so this parameter is obviously recognised.
{
"error": "invalid_request",
"error_description": "Invalid redirect URI"
}
The problem does not seem to be the URL since the following request works fine: i managed t
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<client_id>&redirect_uri=http://localhost:8080&scope=https://www.googleapis.com/auth/calendar
2) Let user confirm verification_url (https://www.google.com/device)
3) "Success! Device connected"
I have tried with a bunch of domains and URL:s that has been confirmed in both google search console and added to domain verification in https://console.cloud.google.com
Worth mentioning*: I noticed that Google Cloud Platform behaves in a strange way, removing earlier verified domains -- when I'm adding new domains: https://console.cloud.google.com/apis/credentials/domainverification?project=&pli=1&authuser=1
My theories:
1) It's simply not possible to add a redirect_uri when using the OAuth2ForDevices approach.
2) There is a bug* in Google Cloud Platform that displays me domains but this is cached data.
*Buggy?? Google

Uber API returns 404 no_partner_for_user with valid token

I have a valid oauth token retrieved from the Uber API for a driver account. When I hit this endpoint:
curl -i -H "Authorization: Bearer XXXXX" https://api.uber.com/v1/partners/me
I'm returned with:
{"meta":{},"errors":[{"status":404,"code":"no_partner_for_user","title":"The user does not have a partner account."}]}
My colleague can hit the same endpoint with another valid token for the same driver and successfully receives account data.
edit
Just confirming that the account we've authed is absolutely definitely definitively a driver account.
The user does not have a partner account, so it looks like a rider authed and that is the token you are using.

Privileged scopes not accessible

We are integrating the Uber API into an app that is still in the development phase and not quite ready to go through the privileged scope request process. The API documentation states that "During development, your account (and any developer accounts you list on the dashboard) will be able to authorize these [privileged] scopes without whitelisting."
However, it seems that we are unable to access these privileged scopes at the moment, even just for development purposes. Can someone help us understand why this might be the case? We have put together a document with screenshots and commands to help illustrate the issue, which we can share via email if someone from the Uber API team is kindly able to help. Thanks!
Further information:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
REQUEST:
https://sandbox-api.uber.com/v1.2/requests
-H ‘Accept-Language: en_US’
-H ‘Content-Type: application/json’
-H ‘Authorization: Bearer ’
Payload
{
"fare_id": "d30e732b8bba22c9cdc10513ee86380087cb4a6f89e37ad21ba2a39f3a1ba960",
"product_id": "a1111c8c-c720-46c3-8534-2fcdd730040d",
"start_latitude": 37.761492,
"start_longitude": -122.423941,
"end_latitude": 37.775393,
"end_longitude": -122.417546
}
RESPONSE:
Status: 401: Unauthorized
{
"message": "This endpoint requires at least one of the following scopes: request.delegate.tos_accept, request, request.delegate",
"code": "unauthorized"
}
As shown above the request API call is returning unauthorized status and appears to require Privileged Scope for accessing it.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The issue is that you need to authorize the privilege scopes by enabling them for your app in the dev dashboard and then passing them during the oauth authorize stage.