I have problem with live streaming to account with enabled live stream.
I do an OAuth2.0 request to get authorization code on front-end.
Requested scope is:
https://www.googleapis.com/auth/youtube.force-ssl \
https://www.googleapis.com/auth/youtube \
profile
On the back-end i do authorization of user:
const oauth = new OAuth2({
clientId,
clientSecret,
redirectUri
});
After that according API i'm trying to create liveBroadcast and i've got an error
'liveStreamingNotEnabled'
If i add a scopes which is below, everything works fine:
https://www.googleapis.com/auth/youtube.force-ssl \
https://www.googleapis.com/auth/analytics \
https://www.googleapis.com/auth/analytics.readonly \
email profile openid
After attempting to confirm consent screen on google API console, google says that we dont need analytics scopes for live streaming on youtube.
How to solve this issue?
Related
Using v3 Pinterest Analytics API
Trying to exchange an authorization code for an access token and I'm getting the following error:
{"error":{"message":"None","oauth_error_code":"invalid_grant"},"code":283,"data":null,"message":"The authorization grant is invalid","endpoint_name":"oauth_access_token","status":"failure"}
In following these instructions:
https://developers.pinterest.com/docs/redoc/#section/User-Authorization/Exchange-the-code-for-an-access-token
I successfully obtained an authorization code. Now I want to exchange it for an access_token. I submit the following curl:
curl -X PUT \
--url https://api.pinterest.com/v3/oauth/access_token/ \
--data "code=1234authcode&redirect_uri=https://myURL.com/&grant_type=authorization_code&client_id=123appId&client_secret=123secret"
The redirect_uri is the same as that which was registered. The app secret and app Id are accurate as per this notification we received today:
Your App ID has been enabled. You can now see your app secret in our Developer App Portal and start building.
I have tried various incarnations of the curl thinking I've botched the args I'm passing in and that's still a possibility, so any help there would be appreciated, however, I'm wondering if my app Id and secret are bad or truly invalid somehow. We've only just received them. Any ideas or theories welcome.
Thanks for your time.
Sorry to answer my own question, but it turns out that the auth code was bad. After fetching a new authorization code I was able to obtain an access_token using the approach shown above. What was initially confusing is that I literally got the original auth code moments before using it so I didn't doubt it's validity as much as I should have I guess.
So I'm trying to use the Home Graph API by calling the API endpoint
https://homegraph.googleapis.com/v1/devices:requestSync
It is a HTTP POST request and it needs an ACCESS_TOKEN and service account key.
Getting the service account key is easily done as per Google's documentation. The issue is getting the ACCESS_TOKEN.
As per this documentation by Google, I need to get ACCESS_TOKEN created using the following scope of permissions
https://www.googleapis.com/auth/homegraph
I opened OAuth 2.0 Playground to request a developer temporary ACCESS_TOKEN for testing. I wrote all the necessary urls and in scope I wrote this-
scope is written to be authorized
Now after this, I am navigated to my Authorization URL (ie, Google's sign in page). I login with email id and password.
If credentials are correct and scope mentioned is valid then I should have been redirected to OAuth playground page with authorization code which I would have exchanged for access token and refresh token.
But, what actually happens is after I enter my credentials, I get following error and I am never redirected to Oauth Playground page-
Authorization Error
Error 400: invalid_scope
Some requested scopes cannot be shown: [https://www.googleapis.com/auth/homegraph]
Request Details
access_type=offline
o2v=2
response_type=code
redirect_uri=https://developers.google.com/oauthplayground
prompt=consent
client_id=xxxxxxxxx.apps.googleusercontent.com
scope=https://www.googleapis.com/auth/homegraph**
I searched a lot online too, but couldn't find the actual reason.
So due to this issue with scope, I am not able to get ACCESS_TOKEN.
I have followed Google's documentation and the scope was mentioned there.
This is the pic from oauth 2.0 playground settings- OAuth 2.0 configuration
The issue is that you, a user, should not be getting and sending an access token. The service account should be getting and sending an access token. This is to make sure your service is authorized to talk to the Home Graph API.
You indicated you logged into the OAuth playground with "userid and password". But service accounts don't have passwords.
If you are using one of Google's libraries, it will take care of getting the access token for you, and this is the easiest way to do so. If you are just testing and need an access token, you can use something like oauth2l to get the access token based on the service account credentials.
I had implemented the REST approach to call HomeGraph Report State as below.
We need to follow the below steps:
Create a service account for your project and safely store the json file
Using the service account JSON, get the access token from Google
Using Oauth 2.0 token as Bearer authorization, invoke Report State API
Step 1:
This is straightforward. Please follow the steps in the below link
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
Step 2:
Refer below code to get the Access token using service account json
GoogleCredentials credentials = GoogleCredentials
.fromStream(Helper.class.getClassLoader().getResourceAsStream("smart-home-key.json"))
.createScoped("https://www.googleapis.com/auth/homegraph");
credentials.refreshIfExpired();
AccessToken token = credentials.getAccessToken();
return token.getTokenValue();
Step 3:
Invoke Report State API
curl -X POST -H "Authorization: Bearer [[Access token from Step 2]]"
-H "Content-Type: application/json"
-d #request-body.json
"https://homegraph.googleapis.com/v1/devices:reportStateAndNotification"
Reference Links :
https://developers.google.com/assistant/smarthome/develop/report-state#http-post
https://cloud.google.com/endpoints/docs/openapi/service-account-authentication
https://developers.google.com/identity/protocols/oauth2/service-account#httprest_1
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
We're trying to set up an instagram app and have worked our way through the process. We've now got stuck when trying to create a subscription.
We have our app hosted on AWS API Gateway, which can only be deployed with HTTPS endpoints (it does not support unencrypted connections).
When we do the POST to get instagram to subscribe to a user using the following:
curl -F 'client_id=CLIENT-ID' \
-F 'client_secret=CLIENT-SECRET' \
-F 'object=user' \
-F 'aspect=media' \
-F 'verify_token=myVerifyToken' \
-F 'callback_url=https://YOUR-CALLBACK/URL' \
https://api.instagram.com/v1/subscriptions/
then we get the following error:
{
"meta": {
"error_type": "APISubscriptionError",
"code": 400,
"error_message": "Invalid response"
}
}
This happens whether we use our own HTTPS certificate that we have registered with API Gateway, or whether we use the stock AWS URL (https://xxxx.execute-api.us-east-1.amazonaws.com) as the callback (which also has a valid HTTPS certificate). I have verified that the certificates are 'good' using SSLLabs (they both get an A result). Our code NEVER gets called (so it's not the return of the hub.challenge parameter that's the problem. Instagram seems to reject the HTTPS certificate when initiating the connection.
Interestingly, if we use the same certificate that we use with AWS API Gateway on a normal machine (EC2 instance) and change the DNS records to point to this server, then it all works as expected and the subscription works.
Has anyone got Instagram Subscriptions working when using AWS API Gateway?
I came across this post and felt deceived by the current answer given that API gateway can still be used despite instagram's api not accepting the SNI.
"Instagram apps will not work if hosted on API Gateway unfortunately until Instagram upgrades their version of Python." is not true.
All you need to do is put a CloudFront instance in front of the api gateway and it will work fine without needing an expensive SSL cert or anything.
I included screenshots of my config so that it may help someone in the future.
Here is the first configuration screenshot
Behavior Settings
Origin Settings
We contacted Instagram about this. The version of Python (or their libraries) that Instagram uses does not support SNI which API Gateway uses (http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) so Instagram apps will not work if hosted on API Gateway unfortunately until Instagram upgrades their version of Python.
As Garrett points out below, whilst Instagram cannot post directly to API Gateway, you can put a cloudfront distribution in front of your API Gateway endpoints and let Instagram point to that. This will work.
To verify if this is a API Gateway issue have you tried to issue the same challenge request that Instagram is making to your API endpoint directly ?
If you haven't already, you should also try to enable CloudWatch logging on your API stage to debug the call.
I connecting the google spreadsheet API. I have already granted permission to the user and retrieved the code. I would like to refresh the token with the refresh token, but cannot find the url. can anyone point me to the url needed? I cannot use the libraries since I am using an ETL tool and not a code to connect to the service.
Thank you
Nir
This worked for me:
curl https://www.googleapis.com/oauth2/v4/token \
-d client_id=$CLIENT_ID \
-d client_secret=$CLIENT_SECRET \
-d refresh_token=$REFRESH_TOKEN \
-d grant_type=refresh_token
For the first authorization code exchange, a refresh token is obtained in offline scenarios. In these cases, your application may obtain a new access token by sending a refresh token to the Google OAuth 2.0 Authorization server.
As discussed in the documentation, to obtain a new access token, your application sends an HTTPS POST request to https://www.googleapis.com/oauth2/v4/token.
I'm working on a intranet-based application and I want to use Google services. Currently I have successfully implemented Google Authentication with "Sign-In for Websites" using JavaScript client-side authentication. My users can now sign in or sign up with their Google accounts.
Now I want to use Google API to create and share Google Sheets with my users. These documents will be created with a specific Google account and then shared with my users.
This is why I want to use this server-slide flow to get a one-time authorization code and exchange it for a refresh token:
https://developers.google.com/identity/sign-in/web/server-side-flow
This refresh token will be stored in my database allowing me to user Google services on behalf of this offline user.
Using JavaScript library, I was able to get the one-time authorization code that I send to my server with a AJAX request.
auth2.grantOfflineAccess({'redirect_uri': 'postmessage'}).then(grantOfflineAccessCallback);
var grantOfflineAccessCallback = function(authResult) {
var auth_code = authResult.code;
// Exchange the one-time authorization code for tokens
$.post(...);
}
On server-side I use Google API PHP Client (v2.0.0-RC6) to acquire an access and refresh token.
$this->client = new Google_Client();
$this->client->setClientId($this->clientId);
$this->client->setClientSecret($this->clientSecret);
$this->client->setAccessType('offline');
$this->client->setApprovalPrompt('force');
$response = $this->client->fetchAccessTokenWithAuthCode($oneTimeCode);
I wasn't able to exchange the authorization code.
Client error: `POST https://www.googleapis.com/oauth2/v4/token` resulted in a `400 Bad Request` response:
{
"error": "invalid_request",
"error_description": "Missing parameter: redirect_uri"
}
On this page we can read:
On the server, exchange the auth code for access and refresh tokens.
Use the access token to call Google APIs on behalf of the user.
On the JAVA example code:
REDIRECT_URI: // Specify the same redirect URI that you use with your web
// app. If you don't have a web version of your app, you can
// specify an empty string.
Because the application I working on is an intranet application, I tried to specify an empty string for this redirect_uri parameter before calling fetchAccessTokenWithAuthCode() method:
$this->client->setRedirectUri('');
... result in Redirect URI must be absolute.
Can we use this hybrid server-slide flow without callback URL?
Is there any solution to my problem?
Thanks,
Edit:
redirect_uri is where the user will be redirected to after he signed in. This URL must be registered in the Google Project (developers console). So redirect_uri is NOT the callback...!
Problem is now solved with:
$this->client->setRedirectUri('http://same.url.as.in.developers.console/');