I am trying to get the User account information for which I am trying to Test using Slack Tester.
api.slack.com/methods/users.profile.get/test
when I give my Token and click on Test I am getting the error below:
{
"OK": false,
"error": "missing_scope",
"needed": "users.profile:read",
"provided": "identify,bot,incoming-webhook"
}
Your token is missing the required scopes.
As the error message says you need the scope users.profile:read to run the API method users.profile.get.
To get a token with the needed scope you need to add the scope to your Slack app and reinstall into the workspace.
Also this API method will not work with bot tokens. You need to provide a user token aka Oauth Access Token.
Related
I am trying to get an access token for google OAuth with scope https://www.googleapis.com/auth/playdeveloperreporting.
But it's shows an errors like "Some requested scopes cannot be shown: [https://www.googleapis.com/auth/playdeveloperreporting].", Error 400: invalid_scope.
In my OAuth consent screen. I added scope. check the blow image.
In Google scope list - https://developers.google.com/identity/protocols/oauth2/scopes
Missing this scope https://www.googleapis.com/auth/playdeveloperreporting.
How can I get an access token with the scop https://www.googleapis.com/auth/playdeveloperreporting?
Thanks.
My user account can use the Google Classroom web UI to see all the announcements for a given course. Trying to pull them programmatically using the Google Classroom API.
I've set up an app with Oauth consent screen covering (for test purposes) ALL the scopes listed under the Google Classroom API, and can run the consent flow with my user account to get an access token.
I can successfully GET course details by curl'ing https://classroom.googleapis.com/v1/courses/<my course ID> using the access token obtained from the oauth flow. However, when I GET https://classroom.googleapis.com/v1/courses/<my course ID>/announcements with the same token, I get the following:
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "google.classroom.v1.Work.ListAnnouncements",
"service": "classroom.googleapis.com"
}
}
]
}
}
Behaviour is same in using both client libraries as well as raw REST calls.
Am I missing an auth scope (I switched them all on), am I just not allowed to do this since I'm not the course owner, or am I doing something else wrong? Advice please!
You apear to be using the courses.get method
In order to access this method your application needs to be authorized with one of the following scopes.
You also appear to be using the courses.announcements.list method
This method requires that your application be authorized with one of the following scopes.
The error message "Request had insufficient authentication scopes." means exactly what it says. The access token you are using was not authorized with one of the scopes needed for the courses.announcements.list endpoint there for you can not use it.
You need to delete the access token you have now and request authorization of the user using the proper scope for this method. Always make sure to delete your old token. When changing scopes in code your app does not always request authorization again if you just change the scopes in the code. You need to force it to request authorization again.
All the scopes
you should not be requesting all of the scopes of the user only the scopes that you need. If you only need readonly access make sure not to request write.
I had forgotten that my code explicitly defines the scopes when configuring the client that then builds the oauth request URL:
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope)
Changed to
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope, **classroom.ClassroomAnnouncementsReadonlyScope**)
and it works fine.
I have an app that uses the Google Calendar API and I seem to have a corrupt/defunct access token and/or refresh token which is resulting in the following error:
Signet::AuthorizationError
Authorization failed. Server message: { "error": "invalid_grant", "error_description": "Bad Request" }
Code for the authorization:
client_id = Google::Auth::ClientId.new(CLIENT_ID, CLIENT_SECRET)
token_store = EncryptingTokenStore.new(TokenStore.new)
scope = "https://www.googleapis.com/auth/calendar"
authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store, callback_url)
authorizer.get_credentials(CALENDAR_ID)
On investigation the UserRefreshCredentials we get back from authorizer object has an expires_at date in the past (11/01/2021).
I deleted the offending refresh token that we have stored, revoked access via the google account settings, then reauthenticated the user account with the app to reapprove offline access to Google Calendar again. This did not give me a new access and refresh token as expected. The expires_at is still 11/01/2021. We have valid refresh tokens in storage but for some reason Google is still picking up the old details despite that refresh token no longer existing. So I need to find a way to refresh or overwrite the UserRefreshCredentials that the Google API is using.
Other steps I have tried:
I tried to refresh the token from within a production console with some methods that come with the ruby google client gem but this fails with the same invalid_grant/Bad request error that is at the root of this issue.
I also tried to refresh the token with a POST request to the oauth2 endpoint:
https://oauth2.googleapis.com/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token
but this also fails with the same invalid_grant/Bad request error.
If anyone can shed any light that would be much appreciated.
When I try to use the rtm.connect method with own token, tester returns me a false response.
URL : https://slack.com/api/rtm.connect?token=xoxp-532016xxxxx-53xxxxxx-536743xxxxxx-9211bedc4bfe9ddfexxxxxxxxxxxxxx&pretty=1
{
"ok": false,
"error": "missing_scope",
"needed": "rtm:stream",
"provided": "identify,incoming-webhook,channels:history,im:history,channels:read,im:read,team:read,users:read,users:read.email,users.profile:read,chat:write:user,files:write:user"
}
What am I missing in request? Why does this missing_scope error occur? I already followed the Slack documentation.
You need to first create user bot. Follow this link and create one.
Then you will get Bot User OAuth Access Token under Install App in left Navigation bar.
Use this Bot User OAuth Access Token for above request.
I am trying to fetch user events from facebook but I am having some problem witht he request. I can access their profile image and their UID but for some reason when I try to access the events I get the following error:
{
"error": {
"type": "QueryParseException",
"message": "An active access token must be used to query information about the current user."
}
}
I have an active access token, that's what I am using to access the UID and profile pic but for some reason the events do not show up.
This is my call:
events
my login button looks like this:
<fb:login-button perms="user_events"></fb:login-button>
It also throws an error after login in.
The error is this:
The application must ask for a valid extended permission.
The invalid permissions requested were: .
I think your call url should look like this:
http://graph.facebook.com/me/events?access_token=[Your oAuth token]