I'm using oAuth2.0 flow to work with Google Ads API. I ran in a problem today that when doing an API Request I'm getting the following 401 error:
UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
On the headers of each google ads request I add
{"Content-Type", "application/json"},
{"Accept", "application/json"},
{"User-Agent", "Mozilla/5.0 (Macintosh; ..."},
{"Authorization", "Bearer $ACCESS_TOKEN"},
{"developer-token", "$DEVELOPER_TOKEN"},
{"login-customer-id", "$LOGIN_CUSTOMER_ID"}
I've already tried to generate a new access_token, since my automatically process of generating new access_tokens when the current one expired could be failing, but it wasn't the case. I managed to create a new valid access token and it continues to give the same error. The scope used when fist granted permissions to the app was "https://www.googleapis.com/auth/adwords".
Did anyone fall into the same problem?
Related
I have an app that uses the Google Calendar API and I seem to have a corrupt/defunct access token and/or refresh token which is resulting in the following error:
Signet::AuthorizationError
Authorization failed. Server message: { "error": "invalid_grant", "error_description": "Bad Request" }
Code for the authorization:
client_id = Google::Auth::ClientId.new(CLIENT_ID, CLIENT_SECRET)
token_store = EncryptingTokenStore.new(TokenStore.new)
scope = "https://www.googleapis.com/auth/calendar"
authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store, callback_url)
authorizer.get_credentials(CALENDAR_ID)
On investigation the UserRefreshCredentials we get back from authorizer object has an expires_at date in the past (11/01/2021).
I deleted the offending refresh token that we have stored, revoked access via the google account settings, then reauthenticated the user account with the app to reapprove offline access to Google Calendar again. This did not give me a new access and refresh token as expected. The expires_at is still 11/01/2021. We have valid refresh tokens in storage but for some reason Google is still picking up the old details despite that refresh token no longer existing. So I need to find a way to refresh or overwrite the UserRefreshCredentials that the Google API is using.
Other steps I have tried:
I tried to refresh the token from within a production console with some methods that come with the ruby google client gem but this fails with the same invalid_grant/Bad request error that is at the root of this issue.
I also tried to refresh the token with a POST request to the oauth2 endpoint:
https://oauth2.googleapis.com/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token
but this also fails with the same invalid_grant/Bad request error.
If anyone can shed any light that would be much appreciated.
I am trying to get new access token from my refresh token for google drive api. In my google playground it works but when I want to create the same request in postman or my code it doesn't work and I always get error "Invalid grand type". I don't know to find what is problem.
google developers playground
postman headers and body
You need to understand that there is three steps to the Oauth2 dance.
step one is requesting access of the user and getting the authorization code.
HTTP GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Note &response_type=code tells the server you want an authorization code returned.
step two is to exchange that code for an access token and refresh token.
POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
Note the part where it says &grant_type=authorization_code. this tells the server you are giving them an authorization code.
3 the final step is refreshing your access token.
POST https://accounts.google.com/o/oauth2/token
client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
Note &grant_type=refresh_token you are telling the server you are sending them a refresh token.
You appear to be sending a refresh token with the wrong grant type.
I have a video on how to set up postman to use google oauth2
How to set up Oauth2 in PostMan.
Google 3 Legged OAuth2 Flow
Note: Due to a recent change with Making Google OAuth interactions safer by using more secure OAuth flows redirect uri of urn:ietf:wg:oauth:2.0:oob is going to stop working soon.
In my Google OAuth request using .Net HttpPost refresh_token value is missing.
Reference: https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code
My input HTTP post request -
...google oauth post request details..url - (https://accounts.google.com/o/oauth2/token)...
and the postData - (client_id=<client_id>&client_secret=<client_secret_key>&grant_type=authorization_code&redirect_uri=<redirect_url>&code=<authorization_code>&access_type=offline&prompt=consent&approval_prompt=force)
Note: I have a valid response with access_token. However, refresh_token object value with empty record.
Please help.
I already reviewed these links - Not receiving Google OAuth refresh token
The call to exchange the authorization code for an access token and refresh token looks as follows.
HTTP POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}&client_secret={ClientSecret}&redirect_uri={redirectURI}&grant_type=authorization_code
You dont use access_type , approval_prompt, prompt as part of the exchange for the authorization code those are included in the HTTP GET request that shows the consent screen.
Here you can add access_type, if you have created web credentials client on google developer console.
HTTP GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline
If your interested in seeing how the calls are built up this might help. Understanding Google OAuth 2.0 with curl
I am getting below error while using Google API.
URL:
https://docs.google.com/feeds/download/documents/export/Export?id=${document_id}&exportFormat=${format}&format=${format}
Method: GET
Result format: File
Error:
Unauthorized (401) - The request requires user authentication (1 attempt)
we retrieve access token with help of refresh_token, client_id and client_secret key
while externally (except RunMyProcess portal) received 307 status code
Temporary Redirect (307) - The requested resource resides temporarily under a different URI
we just wanted to clarify about API. Is this API has been changed?
Cannot find Google API documentation for same.
I need to create request for getting data from Google Analytics API in Postman. I managed to generate access token with playground platform but I need permanent refresh token (in playground I can generate only 24h token).
I tried to generate token in Console API:
I've created project
Add analytics API in my project
Generate client ID and secret code
But I don't know which redirect URL using. Default value that was generate in JSON is urn:ietf:wg:oauth:2.0:oob","http://localhost
Than I've generated authorization code with request (from browser):
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics&redirect_uri=http://localhost&response_type=code&client_id=XXXX
And when I tried to generate access_token with POST request in Postman, sending such keys:
code:XXXXXX
redirect_uri:urn:ietf:wg:oauth:2.0:oob (also tryed http://localhost)
client_id:YYYYY
client_secret:ZZZZZZ
scope:https://www.googleapis.com/auth/analytics
grant_type:authorization_code
And got error
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
How should I set grant for Postman? Could you help me to resolve issue and understand what I do wrong
I managed to resolve my issue. It should be added redirect_url https://www.getpostman.com/oauth2/callback