When I try to use the rtm.connect method with own token, tester returns me a false response.
URL : https://slack.com/api/rtm.connect?token=xoxp-532016xxxxx-53xxxxxx-536743xxxxxx-9211bedc4bfe9ddfexxxxxxxxxxxxxx&pretty=1
{
"ok": false,
"error": "missing_scope",
"needed": "rtm:stream",
"provided": "identify,incoming-webhook,channels:history,im:history,channels:read,im:read,team:read,users:read,users:read.email,users.profile:read,chat:write:user,files:write:user"
}
What am I missing in request? Why does this missing_scope error occur? I already followed the Slack documentation.
You need to first create user bot. Follow this link and create one.
Then you will get Bot User OAuth Access Token under Install App in left Navigation bar.
Use this Bot User OAuth Access Token for above request.
Related
My user account can use the Google Classroom web UI to see all the announcements for a given course. Trying to pull them programmatically using the Google Classroom API.
I've set up an app with Oauth consent screen covering (for test purposes) ALL the scopes listed under the Google Classroom API, and can run the consent flow with my user account to get an access token.
I can successfully GET course details by curl'ing https://classroom.googleapis.com/v1/courses/<my course ID> using the access token obtained from the oauth flow. However, when I GET https://classroom.googleapis.com/v1/courses/<my course ID>/announcements with the same token, I get the following:
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "ACCESS_TOKEN_SCOPE_INSUFFICIENT",
"domain": "googleapis.com",
"metadata": {
"method": "google.classroom.v1.Work.ListAnnouncements",
"service": "classroom.googleapis.com"
}
}
]
}
}
Behaviour is same in using both client libraries as well as raw REST calls.
Am I missing an auth scope (I switched them all on), am I just not allowed to do this since I'm not the course owner, or am I doing something else wrong? Advice please!
You apear to be using the courses.get method
In order to access this method your application needs to be authorized with one of the following scopes.
You also appear to be using the courses.announcements.list method
This method requires that your application be authorized with one of the following scopes.
The error message "Request had insufficient authentication scopes." means exactly what it says. The access token you are using was not authorized with one of the scopes needed for the courses.announcements.list endpoint there for you can not use it.
You need to delete the access token you have now and request authorization of the user using the proper scope for this method. Always make sure to delete your old token. When changing scopes in code your app does not always request authorization again if you just change the scopes in the code. You need to force it to request authorization again.
All the scopes
you should not be requesting all of the scopes of the user only the scopes that you need. If you only need readonly access make sure not to request write.
I had forgotten that my code explicitly defines the scopes when configuring the client that then builds the oauth request URL:
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope)
Changed to
config, err = google.ConfigFromJSON(b, classroom.ClassroomCoursesReadonlyScope, **classroom.ClassroomAnnouncementsReadonlyScope**)
and it works fine.
I am trying to get the User account information for which I am trying to Test using Slack Tester.
api.slack.com/methods/users.profile.get/test
when I give my Token and click on Test I am getting the error below:
{
"OK": false,
"error": "missing_scope",
"needed": "users.profile:read",
"provided": "identify,bot,incoming-webhook"
}
Your token is missing the required scopes.
As the error message says you need the scope users.profile:read to run the API method users.profile.get.
To get a token with the needed scope you need to add the scope to your Slack app and reinstall into the workspace.
Also this API method will not work with bot tokens. You need to provide a user token aka Oauth Access Token.
Following the steps for creating incoming webhooks via add to slack button. The final response will look like this:
{
"access_token": "xoxp-XXXXXXXX-XXXXXXXX-XXXXX",
"scope": "incoming-webhook,commands,bot",
"team_name": "Team Installing Your Hook",
"team_id": "XXXXXXXXXX",
"incoming_webhook": {
"url": "https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX",
"channel": "#channel-it-will-post-to",
"configuration_url": "https://teamname.slack.com/services/BXXXXX"
},
....
}
This provides access to team_name, channel the webhook will post to, and a url for configuration.
While this is working great and after initially storing the 'configuration' to my own webapp it displays correctly. But after a someone uses the 'configuration_url' link from the response these previous values like the channel could become obsolete. For example the webhook could be deleted from this link.
My Question is:
Is there a way to reflect this changes in my external app? As far as I can see there is no way to query information for 'incoming webhooks' via an api call from an external web application?
I also could not find any api calls that could change webhook configuration directly without using the provided link.
Its not possible to change the webhook configuration after it is created. The only possible change is that the workspace that installed your Slack app (which contains the webhook) is uninstalled.
If that happens the webhook will no longer work and you will get an error in response.
You can also get notified when you app is uninstalled by listening to the app_uninstalled event.
Or you can also test if your app and webhook is still valid by checking the token you received during the Add to Slack process. Just call the API method auth.test with that token. If it returns the following error than the webhook is no longer valid:
{
"ok": false,
"error": "invalid_auth"
}
I'm working on a intranet-based application and I want to use Google services. Currently I have successfully implemented Google Authentication with "Sign-In for Websites" using JavaScript client-side authentication. My users can now sign in or sign up with their Google accounts.
Now I want to use Google API to create and share Google Sheets with my users. These documents will be created with a specific Google account and then shared with my users.
This is why I want to use this server-slide flow to get a one-time authorization code and exchange it for a refresh token:
https://developers.google.com/identity/sign-in/web/server-side-flow
This refresh token will be stored in my database allowing me to user Google services on behalf of this offline user.
Using JavaScript library, I was able to get the one-time authorization code that I send to my server with a AJAX request.
auth2.grantOfflineAccess({'redirect_uri': 'postmessage'}).then(grantOfflineAccessCallback);
var grantOfflineAccessCallback = function(authResult) {
var auth_code = authResult.code;
// Exchange the one-time authorization code for tokens
$.post(...);
}
On server-side I use Google API PHP Client (v2.0.0-RC6) to acquire an access and refresh token.
$this->client = new Google_Client();
$this->client->setClientId($this->clientId);
$this->client->setClientSecret($this->clientSecret);
$this->client->setAccessType('offline');
$this->client->setApprovalPrompt('force');
$response = $this->client->fetchAccessTokenWithAuthCode($oneTimeCode);
I wasn't able to exchange the authorization code.
Client error: `POST https://www.googleapis.com/oauth2/v4/token` resulted in a `400 Bad Request` response:
{
"error": "invalid_request",
"error_description": "Missing parameter: redirect_uri"
}
On this page we can read:
On the server, exchange the auth code for access and refresh tokens.
Use the access token to call Google APIs on behalf of the user.
On the JAVA example code:
REDIRECT_URI: // Specify the same redirect URI that you use with your web
// app. If you don't have a web version of your app, you can
// specify an empty string.
Because the application I working on is an intranet application, I tried to specify an empty string for this redirect_uri parameter before calling fetchAccessTokenWithAuthCode() method:
$this->client->setRedirectUri('');
... result in Redirect URI must be absolute.
Can we use this hybrid server-slide flow without callback URL?
Is there any solution to my problem?
Thanks,
Edit:
redirect_uri is where the user will be redirected to after he signed in. This URL must be registered in the Google Project (developers console). So redirect_uri is NOT the callback...!
Problem is now solved with:
$this->client->setRedirectUri('http://same.url.as.in.developers.console/');
I am searching the google plus with api
Here is my Url:
https://www.googleapis.com/plus/v1/activities?query=internet%20marketing&access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
here is response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Here is my API CONSOLE screen http://i.stack.imgur.com/jO27J.png
Can Anyone tell what permission I need to setup for my app in api console. ?
This is a problem with your access token, not with your project configuration.
The insufficient permissions error is returned when you have not requested the scopes you need when you retrieved your access token. At a guess, since you are using the Google+ API and the YouTube API, you may have only requested the YouTube scope and not both, ie:
Check you have requested both:
https://www.googleapis.com/auth/youtube
https://www.googleapis.com/auth/plus.login
and not just the first one.
You can check which scopes you have requested by passing your access_token to this endpoint:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN
I can't check the token in your example because it has expired (access tokens expire after one hour). Also, please do not post access tokens publicly as they allow others access to your data - they should be kept secret and treated with care.
Incidentally, https://www.googleapis.com/plus/v1/activities?query=QUERY is an unauthenticated call, so you could pass your API key for your project rather than an access token. If you make the call with https://www.googleapis.com/plus/v1/activities?query=QUERY&key=API-KEY, then you wouldn't need to request scopes or fetch an access token at all.
If you haven't seen it already, you can try out the API calls you would like to make at the OAuth 2.0 Playground:
https://developers.google.com/oauthplayground/
That's a good place to see what works and what doesn't.
According to #Lee answer, now the Google V3 OAuth AccessToken validating endpoint is:
https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=<access_token>
You can refer google document below: (In OAUTH 2.0 ENDPOINTS Tab)
https://developers.google.com/identity/protocols/OAuth2UserAgent#validate-access-token
JavaScript
var OAUTH2_SCOPES = [
'https://www.googleapis.com/auth/youtube',
https://www.googleapis.com/auth/plus.login
];
to retrieve comments from the YouTube API add https://www.googleapis.com/auth/plus.login this into OAUTH2_SCOPES array