I'm trying to use Content API inside google cloud function. When i tested the function locally it worked fine, but after i deployed it, it raise HttpError 401 access denied.
Snapshot from the logs:-
<HttpError 401 when requesting https://shoppingcontent.googleapis.com/content/v2.1/products/batch?alt=json returned "User cannot access account *********". Details: "[{'message': 'User cannot access account *********', 'domain': 'content.ContentErrorDomain', 'reason': 'auth/account_access_denied'}]">
I already created service account and i used OAuth 2.0 client.
Why authentication process failed at cloud?
Related
I am getting below error while using Google API.
URL:
https://docs.google.com/feeds/download/documents/export/Export?id=${document_id}&exportFormat=${format}&format=${format}
Method: GET
Result format: File
Error:
Unauthorized (401) - The request requires user authentication (1 attempt)
we retrieve access token with help of refresh_token, client_id and client_secret key
while externally (except RunMyProcess portal) received 307 status code
Temporary Redirect (307) - The requested resource resides temporarily under a different URI
we just wanted to clarify about API. Is this API has been changed?
Cannot find Google API documentation for same.
We are integrating the Role Assignments - List API from Microsoft Azure Cloud Management APIs, Link to documentation: https://learn.microsoft.com/en-us/rest/api/authorization/roleassignments/list#errordetail
We have done all of the configs mentioned:
Registered a multi-tenant web app with Azure Active Directory for OAuth using App Registrations option,
Also enabled the https://management.azure.com/user_impersonation scope under Azure Service Management
Same scope is requested by the web app
So far OAuth succeeds but the access token received when used to call an API GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01 it fails with 401 Unauthorized error. I have replaced the subscriptionId with the appropriate value while making actual call.
I looked at the details of access token using https://jwt.io/ and the scp element only seems to have "scp": "User.Read" scope, Missing the user_impersonation. Though the AUTH dialog from Microsoft login service shows clearly the requested user_impersonation grant. The user account I am using for the OAuth has access to the given azure subscription.
What might be the problem?
It's important to add scope with https://management.azure.com/user_impersonation when requesting for an access token.
Test using implicit grant flow in browser:
https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize?
client_id=<your-app-id>
&response_type=token
&redirect_uri=<your-redirect_uri>
&scope=https://management.azure.com/user_impersonation
&response_mode=fragment
&state=12345
&nonce=678910
Note: If you use client credentials flow, change scope to https://management.azure.com/.default.
Steps I have followed:
Create a project in Google API console and also enabled Google+
API.
Fetch client API and client secret.
Uncomment code and replace the appropriate value in the code:
Fetch Authorization token using Angular6 after sign in to Google.
While Calling API from postman getting the following error:
"Message": "Authorization has been denied for this request.
I have an issue with a web api returning HTTP 401 – Unauthorized when I use a Bearer Token to access it from a xamarin client. Either the iOS or UWP fail.
-This is an application that authenticates with Azure Active Directory to allow a user to login
-Once successfully logged in it gets a token that in turn is added to the web api request header
-The web api has its authentication turn on
The issue with azure settings
https://1drv.ms/v/s!ApPhjsvemKJggpR2ax5w4wRJcY7uXQ
the code
https://github.com/wleon12/XamarinForms-AAD-WebAPI.git
I cant seem to figure out what is wrong, appreciate any input or guidance
It depends how you protect the web API.
Normally, when we protect the web API using Azure AD, we will provide the the Audience and Tenant like this code sample. So that when we send the request with the token, the web API will verify the signature of the token and the value we config.
So for the 401 issue, please check the token you acquired with the value you config for the web API project. To check the Audience, Tenant and other values in the token, you can decode it from this site.
In google adwords, ClienLogin method is deprecated. I need to switch over to Oauth2 authentication method
My example code is below,
:method: OAUTH2_JWT
:user_agent: test
:developer_token: "*********"
:oauth2_issuer: "*********#developer.gserviceaccount.com"
:oauth2_secret: notasecret
:oauth2_keyfile: '*********-privatekey.p12'
:client_id: *********.googleusercontent.com
:oauth2_prn: *********#developer.gserviceaccount.com
:client_customer_id: *********
When i running the request , i am getting error as below
Authorization failed. Server message: (Signet::AuthorizationError)
{
"error" : "access_denied",
"error_description" : "Requested scopes not allowed: https://adwords.google.com/api/adwords/"
}
Anyone tell me solution to fetch the access token.
An OAuth2 + Google service account means that you have a Google Apps domain (e.g. you use GMail enterprise).
I recommend you to watch the Adwords API workshop on OAuth2
The OAuth2 playground is also helpful for testing purposes, before you try to use it straight from your app.