We had integrated our application with Microsoft Graph API enabling user to access their outlook through our application.
The integration works fine with office365 users but having intermittent issues with users in on-premise server.
Initially after enabling HMA in on-premise server the integration started working, but for past two weeks we are facing issue with the integration and receiving error message as below.
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: "REST API is not yet supported for this mailbox."
But we had not made any recent changes to server or Graph API access.
Surprisingly, it started to working today as this was sporadic we need assistance in understanding the issue. Any help is greatly appreciated.
Update: We started seeing the error again early today and we have captured the following log information.
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"date": "2020-10-30T08:03:20",
"request-id": "c1f461d7-0757-4a54-a727-58cb0da7fe5d",
"client-request-id": "c1f461d7-0757-4a54-a727-58cb0da7fe5d"
}
}
}
This post is not an answer :-(, but should provide more details because we are running into the same issue.
To isolate the problem, we only using postman. We are not able to create a "working token" with postman. We tried like every possible O-Auth flow :-). When we use the token generated by "Graph Playground" requests are working.
What means "working token":
Request to: https://graph.microsoft.com/v1.0/me -> GP works | PM works
Request to: https://graph.microsoft.com/v1.0/me/calendar -> GP works | PM don't work
Request to: https://graph.microsoft.com/v1.0/me/contacts > GP works | PM don't work
.....
(GP = Graph Playground // PM = Postman)
Token
On the left side we see the token created via postman. On the right side we see the token from Graph online. I can't find an important difference, you can ? :-)
Related
I am trying to set up an Stellar Anchor Server, where I have implemented SEP-1,SEP-6,SEP-10,SEP-12 and SEP-24.
I am trying to generate token using SEP-10. Then I am requesting for the transaction using
GET <WEB_AUTH_ENDPOINT>?account=<account_public_key> which in my example is http://localhost:8000/auth?account=<account_public_key> in steller.toml file I am getting the transaction such as
{
"transaction": "AAAAAgAAAABQzEeyEH+t+2K30YzOYX+UyYGFAaMaoZpK8zColR133gAAAMgAAAAAAAAAAAAAAAEAAAAAY0FQRwAAAABjQVPLAAAAAAAAAAIAAAABAAAAAFDMR7IQf637YrfRjM5hf5TJgYUBoxqhmkrzMKiVHXfeAAAACgAAABNsb2NhbGhvc3Q6ODAwMCBhdXRoAAAAAAEAAABAUVBQcnhuUU82K1dKNjRha2dYRFZLcnlOWjNPNkx0UGh4VmtGTVp5elhpeC8xSDVJQWIxenVqMjJRNzRiem83MwAAAAEAAAAAUMxHshB/rftit9GMzmF/lMmBhQGjGqGaSvMwqJUdd94AAAAKAAAAD3dlYl9hdXRoX2RvbWFpbgAAAAABAAAADmxvY2FsaG9zdDo4MDAwAAAAAAAAAAAAAZUdd94AAABApOmLSvdp88mumoFprSqqfD3W4pkQxnEeMiQXs/cAKlmekKeUvitUUOboVtXMoo3LZkd3b5MaGTu7RdsaZ2YSBQ==",
"network_passphrase": "Test SDF Network ; September 2015"
}
However the next step when I am trying to use the transaction data to get the token instead by calling
POST <WEB_AUTH_ENDPOINT> i.e POST http://localhost:8000/auth I am getting the following error.
{
"error": "error while validating challenge: Transaction not signed by any client signer."
}
Any help is hugely appreciated.
I've got project, where I have to login through google sign in. I have created google project. Set up client/secret keys. I got to the point where I'm making post request to my web app server and sending there the accessToken:
OAuth2ConnectionFactory<Google> connectionFactory = (OAuth2ConnectionFactory<Google>) connectionFactoryLocator().getConnectionFactory(Google.class);
AccessGrant accessGrant = new AccessGrant(accessToken);
Connection<Google> connection = connectionFactory.createConnection(accessGrant);
The request is:
GET https://www.googleapis.com/plus/v1/people/me
Accept: application/json, application/*+json
Authorization: Bearer etc.
Here I got exception: 403 Forbidden. I had to manually track what the actual request is done and made rest request manually to replicate the issue with given headers.
Here is the result I'm getting:
"code": 403, "message": "Legacy People API has not been used in
project ... before or it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=...
then retry. If you enabled this API recently, wait a few minutes for
the action to propagate to our systems and retry."
First of all the link fails to load. I didn't find any "Legacy People API". Only new People API.
I wonder if there is any solution to this problem? I have enabled People API and waited for long enough but the same error remains.
EDIT 1:
I think the project spring-social is dead. Will rewrite login logic and kick spring-social out of it..
ME TOO . this my problem. I'm waiting 6 hours
"code": 403, "message": "Legacy People API has not been used in project
Try using the Google Identity Platform OAuth API instead of the Legacy People API.
Our company is using the Office js Rest API (via Outlook 2016) to retrieve a token for given user, and it just started failing. Investigation points to:
Office.context.mailbox.getCallbackTokenAsync({ isRest: true }, function (result)
returns error code 9017:
{"value":null,"status":"failed","error":{"name": "AccessRestricted", "message": "Internal protocol error: '-2147467259'."}}
We have ensured this request is made after
Office.initialize = function (reason) {...
has completed its operations (also this just started breaking for us this week/today).
Any guidance is greatly appreciated.. since this is a 'simple' call w/o any arguments to change the call signature, we're not really sure how to proceed.
Environment info:
Application: Outlook 2019 V1902 (Build 11328.20438)
Account: https://outlook.office.com/owa/{myUser}
Office.js API URL: "https://outlook.office.com/api/v2.0/me/"
It appears the issue was due to an API error when calling getCallbackTokenAsync - operation returned to normal this morning and we are no longer able to replicate the error.
We're going to chuck this up to an oops at MS. Any additional information regarding this error is much appreciated.
UPDATE: scratch that, error is back, what's going on MS?
I'm trying to explore the Google Identity Toolkit API using the Google API Explorer. The API hints that "No auth required", however when I try to execute a request there is an error message:
This method requires you to be authenticated. You may need to activate the toggle above to authorize your request using OAuth 2.0.
If I try to use the OAuth 2.0 toggle and Authorise the API I get a 400 error:
Error: invalid_request
Missing required parameter: scope
But Google Identity Toolkit API does not declare any scopes.
Please can someone help?
UPDATE:
Further errors I get when using the API Explorer: When trying to execute the getAccountInfo request, I pass a request body with the localId field populated. The response I get is:
400 OK
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "INVALID_SERVICE_ACCOUNT"
}
],
"code": 400,
"message": "INVALID_SERVICE_ACCOUNT"
}
}
Here is the list of Google API scopes:
https://developers.google.com/identity/protocols/googlescopes#oauth2v2
This completely omits Identity Kit.
Tying in a random string into the scopes box produces an error:
I have guessed up that the scope should be https://www.googleapis.com/auth/identitytoolkit by looking at the pattern.
And this scope does not cause an error. So this means it is a valid scope, even though it is undocumented.
That said, I used an API request of:
POST https://www.googleapis.com/identitytoolkit/v3/relyingparty/downloadAccount?fields=kind%2CnextPageToken%2Cusers&key={YOUR_API_KEY}
{
"maxResults": 999
}
And it produced:
200 OK
{
"kind": "identitytoolkit#DownloadAccountResponse"
}
So I will say that I have successfully executed this query while using an undocumented feature. However, it appears that the result from the server is incorrect.
This should answer your question, although the result is simply shining light on a broken server implementation.
I have not reported the bugs / undocumented feature in this answer and would appreciate assistance in that effort.
You may find how to use Google Identity Toolkit from the official site. If you really want to manually try Google Identity Toolkit API, you need to enable the API in your Google Developers Console project, create an ApiKey in the project, and call the API using a command tool like curl. The request syntax should follow the one shown in the Google API Explorer.
The google verification api is giving me a 503 error "An unexpected error occurred. Please try your request again." whenever I try to verify a domain using the TAG_MANAGER method.
This occurs when I try to use the API via the PHP client library and also when I use Google's API explorer. However, if I log in to Google Webmaster Tools and add the site, using Tag Manager as the verification method, I am able to successfully verify myself.
I've attached debugging information from the API explorer below, but it's very light on detail. My support request in the webmaster central forum has been met with deafening silence, but I'm not sure where else to ask.
Request
POST https://www.googleapis.com/siteVerification/v1/webResource?verificationMethod=TAG_MANAGER&key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer ya29.iAC-QBa-7nzvS2lpFFmfcej2Y0suhiWHgS8SivKN9jpYWffljsRV7rbL
X-JavaScript-User-Agent: Google APIs Explorer
{
"site": {
"identifier": "http://unit1-28leanyerdriveleanyer.com",
"type": "SITE"
},
"owners": [
"loboyle#raywhite.com"
]
}
Response
503 Service Unavailable
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "An unexpected error occurred. Please try your request again."
}
],
"code": 503,
"message": "An unexpected error occurred. Please try your request again."
}
}
https://www.googleapis.com/siteVerification/v1/webResource?verificationMethod=TAG_MANAGER&key={YOUR_API_KEY}
may need to be
https://www.googleapis.com/siteverification/v1/webResource?verificationMethod=TAG_MANAGER&key={YOUR_API_KEY}
also, a few additional notes
For Google to use your Google Tag Manager container snippet code for Webmaster Tools verification, the code must be placed immediately after the opening tag of your page.
The method you provided is used for verifying a site or domain, be sure you intend to verify a site, because this is what your request currently contains.
This method requires you to be authenticated (OAuth 2.0)
http://code.google.com/apis/accounts/docs/OAuth2.html
Ensure you have visited the following link
http://www.google.com/tagmanager/features.html
I finally stumbled across the fix for this today. The problem was that the service account running the requests needs to have "View and Manage" permissions on the applicable Tag Manager account, not just on the container that is actually being used. Only view access is required to the actual container.
While this isn't exactly desirable (we have 20+ containers for different sites/applications within the one account), it does resolve the problem and allow the Tag Manager site verification to work as intended.
I'm not sure whether the documentation has been changed since I originally had this problem or whether I just missed it. The required permissions are unexpected and the response code is misleading (a 403 would make more sense).
Check if you've enabled "Maintenance Mode" on your domain you're trying to verify using Google. Disable it and you're done.