They say its a quickstart but idk lol
Any way I have attempted to connect to the google api with Ruby for an entire week and eventually said I am going to see if its easier with python, turns out it is not.
I have added my redirect URI in the Oauth Credential. I have tried using a web applications type, a desktop app, and a tv or limited input device.
All of them return errors.
Error 400: redirect uri mismatch
Error 400: Invalid Request
Couldnt Log you in, The browser you are using doesnt support javascript, please try signing in in a browser with javascript enabled.
It keeps trying to use a localhost uri even when its set to my authorized one in the json credentials....
Is there anyone who can help me just get a basic example connection to the API working I am starting to lose hope that it is even realistic to try and build on an API as chaotic as this has been in my research so far. Everywhere you go you see devs wasting 5 days on something that should take an hour.
Edits BELOW !!!!
This has been so confusing I had to just go to trying to make a basic api call and eliminate all of the chaos brought in by these deprecated dependencies.
I have moved to just trying to get data back using post man and this tutorial >> https://medium.com/kinandcartacreated/google-authentication-with-postman-12943b63e76a
I have successfully been able to generate an Auth token using ONLY an OAuth2.0 Credential that is of TYPE 'Web Application'
However when trying to hit this endpoint....
GET https://admin.googleapis.com/admin/directory/v1/customer/MY-CUSTOMER-ID/devices/mobile?projection=FULL
I get the following error...
I know that in the end I will need to have a service account for this application configured properly, however given the wild goose chase that this has been I have been putting it off to keep the experiment controlled.
I will be working hard on trying to demystify this service account authorization for the next 4 hours atleast...
I had some difficulty getting the "quickstart" going as well.
There are a few things that should be taken into account that, in fact, aren't clearly documented.
After setting up the credentials in the respective page in Google Console as indicated in the documentation, you should download the json file and save it to the same directory as the script.
Take note that the quickstart has its own local server that it starts up when you run it. You can set the port in this line in the script. For example:
creds = flow.run_local_server(port=3000)
Then when you configure your credentials in the project, you would set the redirect URI to http://localhost:3000/
It does require some patience, because as noted, it does sometimes take several hours until the credentials settings in the Console take effect!
https://developers.google.com/sheets/api/quickstart/python
Same as CptCook, in my case the port defined in the quickstart is set to '0', which causes the redirect_uri error.
Removing and using the default resolved the issue.
Related
We are using Go server side code to interact with Google Ads REST API.
Namely, we authenticate it with help of "golang.org/x/oauth2" and
"golang.org/x/oauth2"packages.
In May (and recently again) we've got a email from Google regarding deprecation
Out-of-band flow, essentially rewording of this
one.
But additionally to common information, Google email listed account, which we
are using to authenticate, as being used in OOB flow and going to be blocked.
We checked our sources and available sources of mentioned packages but was not
able to find redirect URIs which are said to be used for OOB flow as one of
those:
redirect_uri=urn:ietf:wg:oauth:2.0:oob
urn:ietf:wg:oauth:2.0:oob:auto
oob
We explicitly use http://localhost in our code and long-live refresh token
(which seems never expires).
We also tried to use tcpdump to monitor our API calls, but was not able to
learn much from it, because calls are made via https and, therefore, encrypted.
We considered to use man-in-the-middle kind of proxy like
https://www.charlesproxy.com/, but haven't tried it yet, because it become
non-free and because of complexity of setup.
We tried to log our requests to API endpoint with custom RoundTripper, but
have not spotted anything suspicious. It seems that we're using refresh token
only and exchange of code to refresh token just never happen in the code.
Because of this, we don't think that further logging or monitoring with
decrypting https packages may help (but we open to suggestions how to do it better).
Finally, we decided to create a new OAuth 2 Client in the Google console with
fresh set of client id, client secret and refresh token. We obtained a new
refresh token with oauth2l and replaced
credentials in our configuration. But still, we are not sure that new account
will not be blocked by Google due OOB deprication, because seemingly it looks
the same as old one.
Questions:
Why may Google mark our account as OOB?
How can we ensure that newly created account will not be blocked?
Same here.
I find out an answer, that says "Desktop" type of Credentials uses OOB by default. Probably you need to create new Credentials with type "Web"
I am trying to get a Bot working with the Oauth example provided here: https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=aadv2%2Cjavascript
If I use Azure as an exemplary issuer all works ok. So the general code works out fine.
Now, I have an example Laravel Passport app running to issue myself for testing purposes. All configuration, normal login etc. works fine. I created a generic oauth 2 client in Azure with my password client id and secret.
If I test it in the Azure Portal it heads to the request permission dialog. I confirm and it redirects to e.g. https://token.botframework.com/.auth/web/redirect?code=XYZ&state=123 and just shows Bad Request. No more, no less.
I tried different configurations etc., googled and found some with similar problems but no solution. Most just referred to secrets etc. But the secret works, a broken secret before lead to other issues I am not facing now.
And the error message is not really helpful ^^ No matter how I call https://token.botframework.com/.auth/web/redirect it is always a Bad Request.
Does anybody have an idea, a hint in what direction to look further, where issues could occur? As I am a little lost right now.
I understand that Watir and Selenium have issues with NTLM auth when trying to login to web pages for testing. My research indicated that there are two normal work around. 1. add the credentials into the URL 2. use an auto auth plugin/extension. I currently don't have the option of using an extension in my environment, though I'm working on that. So, I'm left with passing credentials.
The problem I have is as follows.
Chrome:
In Chrome I pass the credentials manually (as in I type it into the browser directly) as http://password:user#example.com/ and it opens the page, but does not populate the popup. If I try to manually pass it as http://example.com?username=usr&password=password, it populates the auth pop up but does not proceed.
If I try to automate with ruby using the following code all I get is unknown user name and password. I have confrimed that the usr and pwd are correct.
browser.goto("http://example.com?login=usr&password=password")
browser.goto("http://password:usr#example.com/")
IE
IE behaves a bit differently.
In IE I pass the credentials manually as http://password:user#example.com/ and it returns an error that it can't find the page. If I try to manually pass it as http://example.com?username=usr&password=password, it logs in correctly.
If I try to automate with ruby using the following code the first example throws an page can't be found error. The second example opens the page, but does not populate the popup. I have confirmed that the usr and pwd are correct.
browser.goto("http://example.com?login=usr&password=password")
browser.goto("http://password:usr#example.com/")
What am I doing wrong?
My environment is Windows 7 Pro, IE 11 and Chrome 60.
Found an article that indicates MS removed auth in URL. So it makes sense that pwd:usr# doesn't work. Article ID: 834489
Ok, I have found the answer. After discussing it with my company's senior architect, there is no way to access an NTLM Windows authentication form by design. It's literally designed so that it can't be automated that way as a security measure.
The one workaround that he did suggest as a way to deal with the authentication issue is to use something like C# (our standard) and open the browser with the assumption that the user is already logged in. This will completely bypass the authorization pop up rendering the issue null. I'm unclear exactly how to do this, but I hope this provides a useful direction for others.
In my swift project, I am using convergence dev branch source code. I have added ADALiOS files manually in my project. Currently retrieving access token from refresh token is a problem.
Till last week my project was working all fine but as I opened my project on Mondat i.e. 20th March, 2016, I don't know how and why my app is not able to save access token in local cache. So whenever I tried to get access token silently it is unable to retrieve it from local cache. For every call I am getting following error
"The argument 'cacheItem.scopes' is invalid. Value:(null)." and
"The user credentials are need to obtain access token. Please call the non-silent acquireTokenWithResource methods."
From my side I haven't done any changes. I am able to see that new release has been done in convergence branch. Please suggest me how could I solve it also can someone suggest me whether server side changes has also been done or not because of which I am facing this issue?
For the same project settings we are using adalios in our android app and web page also. But those guys are not going through any such issue only iOS team is facing it.
If anyone has any idea please help me.
After reading full ADALiOS file structure I got to know that there are 2 imp web requests going, first is to get auth code, in this call selected "policy" is present in URL. Other call is made after my access token has expired, so to get new access token it is passing refresh token. Particularly in this call I noticed that no policy has been provided in URL. So manually I did some changes to it and added policy in the URL. After that my app is working all good and now I don't have to login again and again.
This might happen if keychain sharing is disabled. One solution might be:
Xcode > Target > Capabilities > Keychain Sharing -> Switch to ON
Add com.microsoft.adalcache into Keychain Group.
Hope this helps.
So I'm trying to integrate Google login with Parse using the "Bring your own login" system. I was able to get the basic authorization functionality to work using the code snippets at https://groups.google.com/forum/#!topic/parse-developers/UUvTreGYOrI.
Now, to do some testing, I went ahead and manually deleted the user object via the Parse dashboard. However, I am now getting the following error when trying to access go through the signup workflow:
com.parse.ParseRequest$ParseRequestException: {"code":101,"message":"object not found for get"}
I tried clearing the cache and uninstalling the app, but the issue persists. Can anyone help me how to get around this and start the registration process afresh?
On a more fundamental note, this is my first time implementing code OAuth, logins, and ACLs. As such, any resource/tutorial that can give me code examples of this integration with Parse on both the CloudCode and the client (app) side would be highly appreciated (I believe the current official Parse tutorial uses Git and only has samples of the server side CloudCode).
Nevermind - I figured it out.
I had to delete the entry in the TokenStorage class on the Parse dashboard. I guess that's storing the token that links the login with the User object.
Anyway - I'm keeping this open to see if someone can point me to a good sample code for this workflow.