I am trying to get the list of folders under a workspace in Smart Sheet. I did a GET call to the url : https://api.smartsheet.com/workspace/{WORKSPACE_ID}/folders. I am using the Access Token of a user who is the owner of the sheet. I am getting this error from Smartsheet server :
You don't have permission to access /1.1workspace/{WORKSPACE_ID}/folders
on this server.
what could be the problem?
This error message indicates that the user making the request is not "shared" to the Workspace specified in the Request. To troubleshoot this issue, I'd suggest that you do the following:
Verify that the token you're including in the Request is valid and does indeed correspond to a user that has access to the Workspace in Smartsheet. If feasible, you could verify the users access easily by logging into Smartsheet (via the web UI), navigating to the Workspace, and verifying that the User is listed in the "Workspace Shared To" panel on the right side of the screen.
Verify that the Workspace ID that you're including in the Request URL is correct -- i.e., that it does indeed correspond to the Workspace that the requesting User has access to.
As long as the token that you're including in the Request header corresponds to a User that has access to (i.e., is Shared to) the specified Workspace (represented by Workspace Id), the "Get Workspace Folders" request should be successful.
Related
I wanted to push my react project to github, but if I try putting in my username and password, I get this message:
The annoying part is when I try using a personal access token instead, I get the "fatal: unable to access 'https://github.com/samisamara/personalWebpage.git/': The requested URL returned error: 403" error.
I used all saved tokens I had on me (I always remember to save my tokens so I don't lose them) and I even tried to make a new token, but neither worked. So git is making me use my github password instead of a personal access token, but it also requires a personal access token instead. I'm basically locked out of doing any commits, and I have no idea what to do. Does anyone have a solution to this?
I found an answer to this. When you generate a new token, you have to check mark the "repo" checkbox. I didn't check mark that last time, so the key didn't have permission to actually do anything.
I am well accustomed to the Byzantine depths of Google's documentation but this has me baffled. On this page: https://smarthome-test-suite.appspot.com/ I have the Service Account Key but not the Agent User ID.
https://developers.google.com/assistant/smarthome/tools/smart-home-test-suite tells me that to I need to:
Open the OAuth Playground tool.
Click on the gear icon in the upper right corner to open the OAuth 2.0 configuration dialog.
In the OAuth endpoints field, select Custom.
Specify the following account linking parameters, using the values you set in the Actions console when you created the smart home project. Click Close to save your changes.
Authorization endpoint: Set this parameter to the Authorization URL in the console.
Token endpoint: Set this parameter to the Token URL in the console.
OAuth client ID: Set this parameter to the same value as in the console.
OAuth client secret: Set this parameter to the same value as in the console.
How am I expected to remember parameters I set when I created the Home project? I don't see any place where the parameters are recorded for me to retrieve. Google has all this stuff. Why isn't there an idiot proof step to retrieve it?
Can anyone help me retrieve the agent user ID?
The auth and token endpoint URLs as well as the client ID and secret used to retrive your AgentUserId should match the information that you entered in the Actions console.
Let's say I have a gitlab access token (generated and given to an application by a user). I can find if that token can be used to read from a repository by actually trying to read some data and seeing if that operation succeeds.
How do I find whether that token has write permissions (making commits) for a specific repository?
Beside trying a write operation, I don't know of an API which would be able to get the scope of a token.
As this issue illustrates, the scope is what you are looking for: "Limiting scopes of a personal access token"
Check if your token is listed when getting impersonation tokens: that API returns associated scopes.
I am working to build an application which would be able to create custom audiences for many of our clients for facebook ads. I came to know that the most suitable access token for this purpose is system user token (correct me if I am wrong). To get regular user access tokens, we can make a user go through the traditional oAuth flow, I am looking for something similar to get system user access token. How can I get it for any of my clients? Thanks
You must create your system users in the Business Manager of your company:
https://business.facebook.com/settings/system-users?business_id=<YOUR_BUSINESS_ID>
Once you create a system user, you can generate a token for him associated with a given app.
Meanwhile, on your business settings (as stated in the docs) you can request access to an ad_account.
Request Access to an Ad Account: If you request access to an ad
account in Business Manager, the admin of that Business Manager can
grant you permission to work on it.
Once your client gives your Business permission to work with one or more of their ad_accounts, those ad_accounts will appear in your Business Manager. (menu on the left).
At that point, when checking the profile of your system users, you can click on assign assets to give the system user access to pages and ad_accounts.
The token you generated for the pair [system_user,app_id] does not need to be reissued to reflect the addition of assets to which the system_user has access.
I'm working on a proof of concept app. The basic functionality works, where I can log into one website, link to another site that shares the same STS, and the partner site picks up the credentials properly.
However, the partner site only requests the token if the page that we link to requires authentication (which kind of makes sense I guess).
Ideally, I'd like to link to a partner page that does not require you to be authenticated, BUT if the user IS already authenticated, I'd like to at least be able to recognize them on the partner site.
Currently, if my partner landing page does not require authentication, it doesn't appear that the user is logged in when they arrive. As soon as the user requests a page on the partner site that does require authentication, it then grabs the token without requiring the user to log in.
I've tried playing around with the SecurityTokenReceived and RedirectingToIdentityProvider events, but so far I'm stumped.
Any thoughts are appreciated.
So, the problem you are running up against is in dealing with the SessionAuthenticationModule hijacking the request. This module is responsible for detecting if the user has a valid session (based on a cookie that is written upon a successful redirect from the STS) and if not, to redirect the user to the STS to fetch a valid token. The WSFederationAuthenticationModule supplies the eventing necessary to hook into various stages of the redirection/authentication process.
Based on your description, it sounds like you want the following to happen:
User clicks on a link that redirects to the partner site
At the partner site, the request is intercepted and the system determines if the user is signed-in to the STS or anonymous
If the user has a valid session with the STS, then pull the claims for that user
The problem is, your RP cannot know that the user has a valid session without sending the user to the STS first (the RP's do not talk to each other or the STS. The user's brower is used as the means of communication between the RP's and the STS in the form of WS-Fed directives and SAML tokens passed in the url during redirects). If the user is sent to the STS, then they must authenticate, which could be a problem for anonymous users.
So, I do not think there is a "trick" that you can pull via configuration or interception of the request to determine if the user has a valid session with the STS. You might be able to pass a hint, however, from the referrer that is intercepted by the partner site. This hint could take the form of a parameter on the url that indicates to the partner site that the current user has a valid session and to go ahead and redirect to the STS (absence of this hint would indicate an anonymous user). You could also build a system to "hand-off" knowledge of the signed-in user using a resource that both sites have access to (i.e. database).
As you are sure to learn soon, more often than not, WIF offers pieces to the puzzle, but every situation is different and you have to supply the other pieces on your own.
Hope this helps!