I have implemented Smart home actions as per documentation, i have enabled Home graph api,
i got agentUserId from Google Oauth playground, but when i submit agentUserId and service account key in test suite its returns an Error 404 msg:
Failed to get device list from HomeGraph: Requested entity was not found.
I am able to operate my devices from google home app, but not able to test with test suite.
I am looking for possible reasons.
I encountered this today, and was confused as nothing was even trying to contact my server. I had been using the test tool successfully beforehand, so I knew my agentUserId was correct, that HomeGraph API was enabled and my service account was correct. It turned out that I was not currently linked to my Google Home app on my mobile with the same user at the time I was trying to run the test tool. I had unlinked it, therefore the agentUserId was not found on Google's side.
To summarise:
On your mobile link to your test Action
Make sure this is the same user account which you have the agentUserId from - ideally capture a log of your SYNC output and compare
Verify your service account's key in the JSON file you upload is listed in the list of "private_key_id"s in your service account
Try the test tool again whilst you are still linked on your mobile
Related
I have a Google Cloud App Engine app that functions correctly when either I allow unauthenticated AllUsers access or turn on IAM for controlling access in Identity Aware Proxy. However when I follow the instructions on this page https://cloud.google.com/iap/docs/cloud-run-sign-in to enable Cloud Run Hosted sign-in with external identities and attempt to access either the login page or the Google Cloud Run hosted sign-in page, I receive the following error in the browser.
"Could not fetch URI /computeMetadata/v1/instance/service-accounts/default/token?scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/identitytoolkit"
For context, the Google Cloud Run service hosting the user sign-in is set to allow all Unauthenticated. It should re-direct to the Google App Engine web app. I think this is related to permissions or redirects, but I am at a loss as to how to fix. Any thoughts? Thanks!
I attempted to fix by re-deploying the Cloud Run Service, switching IAP on and off, switching between IAM and external identities, but to no success.
Thanks #John Hanley, I discovered that one my compute engine service account was disabled for some reason within the project. Re-enabling solved the problem partially. I'll spend more time matrix out the permissions and re-directs to make sure they are aligned.
I originally thought I completely answered my own question and solved my problem. Unfortunately, I only solved one of the problems with my implementation of the external identities authentication method.
Description of the other problem:
I enabled email/password and Google as providers, but when I click on the the option to authenticate with Google, I receive the following text in the browser: "The requested action is invalid."
At the Console in Dev Tools I get the following error:
GET https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=*mykey*&cb=1599165379363 403
The following url is displayed in the URL bar:
https://.firebaseapp.com/__/auth/handler?apiKey=mykey&appName=%5BDEFAULT%5D-firebaseui-temp&authType=signInViaRedirect&providerId=google.com&customParameters=%7B%22hl%22%3A%22en%22%7D&scopes=profile&redirectUrl=https%3A%2F%2Fiap-gcip-hosted-ui-app-engine-app-myserver-uc.a.run.app%2F%3FapiKey%3Dmykey**&v=7.16.0&fw=FirebaseUI-web
mykey and myserver were removed for this post and is not the actual values.
Email/password sign-in works, but not the Google sign-in. What am I missing here?
I want to create an app that only my family members will be using. It needs to access Google Drive files using oauth access (to be precise it will be PHP client).
I've set permissions in Google API Console ./auth/drive.readonly.
I realize that I'll get an unverified app warning, but anyway, when I try to access the resources I get 403 error. Also when accessing for the first time and pasting the URL to get verification code it only says that app will have access to metadata, which is default permission.
Is it possible at all to create this kind of unverified app that will have those "unsafe" access to drive?
If anyone faces the same problem - when requesting access through an API, be it REST or PHP library one needs to specify the permissions app will be using. Those need to match the ones specified in Google Dev Console.
Hi I am trying to start remote GAE shell with
python $GAE_SDK_ROOT/remote_api_shell.py -s your_app_id.appspot.com
"You don't need any additional authentication" says the GAE RemoteAPI page,
yet my command fails miserably with HTTP Error 401: Unauthorized Too many auth attempts.
I think I was able to do start it (with various degree of success for different apps) in some remote past, either with gmail credentials or some auth key from google cloud.
Please share your hints, or, ideally, drop a link to easy to follow step by step guide.
Also I cannot access Datastore Admin for that project
in online console
, if I click It invites to sing in, which fails. Recently, I got owner role, yet project was created by a person with a different email domain.
I took a look in some docs at developers.google and some questions here in stackoverflow and I really would like to found an objective answer about use the Google OAuth Server to authenticate an application and grant access to download docs into a Google Drive account with NO BROWSER interaction.
As far as I could look, docs like "Using OAuth 2.0 for Server to Server Applications", "Using OAuth 2.0 for Devices", answers here, I couldn't found an article saying "Is possible to authorize an application to get files from a common Google Drive account in Devices with no browser...".
Anyone have tried and had success in this jorney?
The Devices flow is meant for applications that run on devices where no browser is present (fancy example could be a wristwatch that shows new G+ notifications) and requires the user to do manual steps on a device that has a browser. Also this is for getting access to data on the user's account.
UPDATE:
As you say you have an embedded application running without a browser available and want to access data on behalf of a user, this is definitely the way to go. This however still needs the user to login (once) on another device with a browser. After you got an access token using this flow, you can then access the Google Drive API either manually or by using some library.
So you want to access data on Google Drive that belongs to a special account and only your application can access it without a browser involved?
A Service Account (the Server-to-Server flow) would be exactly what you need. These however are only for usage on a web server, as otherwise your private keyfile would have to be deployed to a client, where it could easily be extracted.
One thing you could do is use your own web server that fetches data from your Google account using a Service Account and have a client application that only connects to your own web server. This has of course also its downsides, especially when it comes to locking down your web server so no third party clients could access it.
It can be done, but a browser does need to be used. I've successfully gotten OAuth 2.0 working on an IBM i (AS/400, iSeries, System i, whatever the name is today) which doesn't have a browser. I've so far implemented the Calendar and Google Cloud Print APIs.
During the OAuth 2.0 negotiation you will be returned a URL and a code. You need to display the URL for the user to go to, then the code to enter to grant authority for that specific API/scope. I have an example in our documentation here:
http://docs.bvstools.com/home/greentools-for-google-apps/docs/g4g-base-commands/g4gregsvc
But, the issue now is that the drive API is not yet available to devices. But, Google has said that soon it should be.
We use google sites at my company, and I am trying to use google sites API to modify certain pages. The credentials that I use for signing in are: username#companyName.com and a unique password.One more thing to note, is that the url for our sites pages are in the following format: https://sites.google.com/a/companyName/NameOfYourPage
I just started using the Google Sites API, and was looking at one of the examples that they have given in their /samples/sites directory. (Got this after downloading the most recent zip file https://code.google.com/p/gdata-python-client/downloads/list). Right now I was trying to run sites_examples.py.
So when I do run sites_examples.py and enter the site information as given above, I am asked to choose the authorization mechanism. I chose ClientLogin. When I enter the same user name and password (as I mentioned above) to access the sites page, it throws me: Invalid user credentials given.
Why is this happening?
You can get this error if Google detects suspicious activity on your account. To remedy
log in to your Google account with the same credentials
look for the warning from Google that notifies you of suspicious activity
click on the link on the warning on Google's site
follow Google's instructions to enable your client code