Add a Google user to a resource as owner
Try to access resource through https://storage.googleapis.com/example.bucket.com/test.html link
Returns: Anonymous callers do not have storage.objects.get access to object
Isn't this the point of the Google user based ACL?
The URL you are trying to access, storage.googleapis.com, is the XML API. See the Request Endpoints documentation for details.
Essentially, you get that error because that endpoint uses OAuth for authentication. Instead, you should use the Authenticated Browser Downloads endpoint, which authenticates based on the user's logged-in cookie.
In your case, the following URL would work:
https://storage.cloud.google.com/example.bucket.com/test.html
Related
I thought it would be simple to use Graph API to read my own user profile or another signed-in user profile but no luck so far.
I created an Azure app with only the following:
a) Client Secret
b) Delegated API permission of User.Read only
I then used the following simple code to try to read my own profile but it returned (400) Bad Request even though I can see that a token was returned successfully.
I was wondering if I could use the same Azure app to read another user's profile provided that a sign-in prompt could be created to switch account.
Any thoughts?
The me endpoint requires a user context. You're using the client credentials grant type, which is for client apps to use in an app-only context. The app has no awareness of who "me" is, or what "your" profile is because you haven't provided a user.
For the app to read the profiles of other users in the client credentials flow, you need to add one of the MS Graph application-type permissions, and send a request to the https://graph.microsoft.com/v1.0/users enpoint
Get user API endpoint
We have a working app that we're hoping to extend to include querying of personal shares via the linkedin rest api, using https://api.linkedin.com/v1/people/~/shares
Our app has the following scopes provisioned in the developer console (and we're providing these in the auth request): ['r_basicprofile','w_share','rw_company_admin','r_ad_campaigns','rw_organization']
The http response returns the message
Access to shares denied
I'm wondering what scope is required to access this api or where I can find the docs to answer my own query?
Assuming I satisfy the criteria to scrape FB legally which type of Access Token do I use when issuing the requests?
User Access Token
App Access Token
Page Access Token
Client Token
I'm using a typically configuration to scrape, a server running a daemon in cron. Ideally, it'd be un-associated with my personal FB account. I'm just trying to get information about user-specified public page's public events: location, title, description, start_time and end_time.
If I want to make the daemon not-specific to my personal account, or a page I need a client token, or an app token? But, unlike the app token the client token doesn't require OAuth? Which is what I want. The daemon will run on a secure server, so the secret won't be discoverable. Is that correct? Is the Client Access Token the best for my use case?
If you are scraping public pages with no interest in user data or information, all you need is the app access token. This will give you access to any publicly available info such as pages, events etc.
The easiest way to use an app access token is to append the App ID and App Secret as follows: app_id|app_secret
You can then use to access a public page, e.g.:
https://graph.facebook.com/page_id/events?access_token=app_id|app_secret
There is also no need to ever refresh or update the app access token unless you reset the app secret.
A good way to learn what data you can access with which token(s) and permissions is Facebook's graph explorer tool: https://developers.facebook.com/tools/explorer/
As far as which token to use, https://developers.facebook.com/docs/graph-api/reference/event/ suggests:
Any access token can be used to retrieve events with privacy set to OPEN.
A user access token with user_events permission can be used to retrieve any events that are visible to that person.
An app or page token can be used to retrieve any events that were created by that app or page.
Is it possible to use bearer token from Google API Client Javascript Library to authorize Google cloud storage bucket without requesting https://www.googleapis.com/auth/devstorage scope from user. The bucket has read and write access to all Google account.
No. If the data is scoped to AllUsers, you could make the request anonymously, but you can't make requests to Google Cloud Storage on behalf of a user who hasn't granted you READ scope or better.
One possible alternative, depending on your use case: if the user happens to be signed in to their Google account, you could let them access the object directly using Cookie Authentication, for example by having them request the object via the URL pattern https://storage.cloud.google.com/bucket/object.
Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.