I am trying to manage roles for user with await usr.add_roles(role) on discord.py and I am getting:
File "/usr/local/lib/python3.6/dist-packages/discord/http.py", line 241, in request
raise Forbidden(r, data)
discord.errors.Forbidden: 403 Forbidden (error code: 50013): Missing Permissions
Where do I set that permission?
Here are some things to try:
First make sure the usr's top tole is above the top role of the bot by going to Server Settings > Roles
Make sure your bot has the Manage Roles permission by going to Server Settings > Roles then clicking on a role your bot has
Related
I am trying to get all events associated with a user (in order to cancel them). Here is the API doc
I am able through Powershell and Graph API to see a user, and also to sign out this user with the API.
I am using a token got from oauth2 protocol, with grant type client_credentials. I put the permission "Calendars.ReadWrite".
But I only get 404 errors when trying to get the events with :
Invoke-WebRequest 'https://graph.microsoft.com/v1.0/users/864abe35-a43f-44c3-9d24-ea7d2ce53907/events' -ContentType 'application/json' -Method Get -Headers #{Authorization = "Bearer $token"}
This strange thing is that I can get the user array, or revoke his session...
Do this endpoint not working ?
Thank you
EDIT : Answer was that when a user does not have mailboxes, events URL does not exist, and lead to a 404. It works with user having mailbox.
Please provide the full response (with error message etc.).
Have you granted admin consent to Calendars.Write?
In the azure portal, go to Home > App registrations > your app registration and then click on "API permissions". I don't think this is the issue but better to be safe than not. I would rather expect a 403 Forbidden if this is the problem.
Are you sure that the guid of the user is correct? Check if the user with this Id exists in your tenant.
Has the user a valid licence?
Check if the user has a calendar. Use Get calendar.
Maybe the user has only group calendar(s). If this is the case, you need Group.Read.All or Group.ReadWrite.All.
Try to get oulook meetings from a user where you are sure that he has a calendar.
Finally, it appeared that the accounts who do not have any exchange mailbox will not result with an empty return, but with an unexisting URL (that's explains the 404).
It works with an account which holds a mailbox.
I am unable to access Microsoft Graph API's, I am getting the below error object-
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-03-11T07:17:41",
"request-id": "fa7c7d27-50f3-46ca-b7a9-25198e6cdd8e",
"client-request-id": "fa7c7d27-50f3-46ca-b7a9-25198e6cdd8e"
}
}
}
I have registered the application in the Azure registration portal, acquired client_id, tenant, and client_secret, and used that to generate an access token with the help of the below API-
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id={client_Id}
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&client_secret={client_secret}
&grant_type=client_credentials
The access token which I got in this response is used to further call Graph API's but it's giving me an error object attached above.
Please help me here.
This particular error is typically thrown when your application does not have the required permission to call a particular endpoint. Please go to the azure portal and grant the necessary Graph permissions for the endpoints you are calling. You can view the particular permissions you need by going to the Microsoft Graph documentation of the API you want to call and check under the permissions section. For signed in users, you will need the delegated permissions and for access as an application/daemon, you will need application permissions.
To grant these permissions, follow these steps:
Azure portal > Azure Active Directory > App Registration > All Applications > Search with your ClientID/AppID.
In that application navigate to:
Api Permissions > Add a permission > Microsoft Graph > Delegated permissions > Expand User > Select required permissions.
Once the permissions are added, click on Grant Admin Consent for Your Tenant.
Permission page
I'm trying to allow my app to work be able to allow users to login via LinkedIn, however i keep getting the 403 Forbidden Error as shown in the screenshot.
Hopefully someone can advise.
The error message clearly says that you do not have enough permission to use LinkedIn API. You need to request permissions from linkedin.
In my project I need both Token and Session Authentication: the first one is for clients that are consuming my endpoints, and the second one is for staff users who needs to login in the django admin.
The order is:
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
),
However, I have a problem when I try to login from the client side.
I obtain 403 error, CSRF Failed: CSRF token missing or incorrect.
If I disable SessionAuthentication, the login works.
Is it normal this behaviour? Do I have to change something?
Thanks!
Please use custom authentication, based on different request users such as staff and client.403 error is failed authentication due to permission denied. Also share detail if you have used any permissions.
I wrote a PHP application which tries to create an User in my Google Directory. I don't use the Google Libraries. I succeded making requests to the Android Enterprise API. I can enroll and unenroll Enterprise Service Accounts with my MSA. So I assume my Code for the JWT and Requests work.
I created a Service Account and enabled "Domain Wide Delegation" and added the following permission "https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group" to my API Client under the "Manage API client access" windows.
My Service Account has the status role "Editor" in the "Permissions for project" windows.
So first my script gets the Bearer token from the Google Server, for that I create a JWT and encrypt it with my private key.
The Token contains the following fields
"iss" => sacname#projectname.iam.gserviceaccount.com
"scope" => "https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.group"
"aud" => "https://www.googleapis.com/oauth2/v4/token",
"exp" => timestamp+3000,
"iat" => timestamp
When I do that request I get a bearer token, but when I use that token to make the insert request I always get the message "Not Authorized to access this resource/api" with an HTTP 403.
When I add the field "sub" to my JWT and specify the email of the Project admin "admin#mydomain.com" I can't even get the bearer token, then I get a 401 error with the following message "Unauthorized client or scope in request."
After that I tried something "easy", I just wanted to get a list of all users in my directory. But the Google Server just reponds with an "bad request" error. I got the same error with the API Explorer which is on API Page. Maybe the API is broken ? At least the API Explorer should work.
https://developers.google.com/admin-sdk/directory/v1/reference/users/list
Do you have some ideas why I can't create users with my service account ?
(I had to insert some spaces in the scopes and urls because I'm not allowed to post more than two links)
Greetings
Philip
Adding the sub claim is the right thing to do, because you must impersonate a super admin to use Directory API. If you get a "Unauthorized client or scope in request" response, that might be because there's a typo in the service account client ID you used to authorize (or the scopes), or that not enough time has passed (it usually propagates within a few minutes, but could take up to 24 hours).
See JWT error codes for more details on possible errors and causes.
Do you have some ideas why I can't create users with my service account?
Yes. Your service account seems to have no authority to create users. Check your Service Account's role in GDC to check if it's Owner, Editor, Viewer,etc. The scope of what they can do depends on that. Watch this Google video for a live demo.
Also, try to read more on Using OAuth 2.0 for Server to Server Applications.