I would like to use the Slack Web API to update information of a user in the org. I appear to be getting a successful(200s) responses from the API however the user's information is never actually updated. The API shows no signs in the response that the payload was malformed and that is the cause for the failure to update. Just gives a 200 and then returns the "profile" of the user but without the newest update. Here is the current curl I am making (with tokens and PII scrubbed of course)
Link to Slack Docs for User.profile.set:
https://api.slack.com/methods/users.profile.set
curl -v -X POST -H "Authorization: Bearer xoxp-123123-1231-1231"
-F "user=USERID" -F "name=email" -F "value=jon.temp#gmail.com" https://slack.com/api/users.profile.set
I have also attempted the same request with the a json payload instead of a form like shown above and have had the same result.
The response of this request is the profile of the user without any of the attributes updated (In this case I want to update email)
The problem above stemmed from the organization having "adjusting email" disabled and even though this call was made from an admin account that API endpoint does not support changing the email if its disabled for the Organization. Simply used the SCIM API
https://api.slack.com/scim/v1/Users/
with a similar payload presented in my question.
{
"schemas": [
"urn:scim:schemas:core:1.0"
],
"emails": [
{
"value": "john.temp#www.com",
"primary": true
}
]
}
With that I was able to update the email.
Related
A short description of the issue: userId field is not present in the invitations.list and invitations.get response.
What steps will reproduce the problem?
Create a course in google classroom
Authenticate in google OAuth2.0 playground
Send a request to list all sent invitations.
What is the expected output? What do you see instead? If you see error messages, please provide them. I expected to get the userId as a part of the response. After authentication and sending the request to the "https://classroom.googleapis.com/v1/invitations?courseId=*my course id*" I get the following response:
{
"nextPageToken": "*next page token*",
"invitations": [
{
"courseId": "*course id*",
"role": "STUDENT",
"id": "*invitation id*"
}
]
}
However, the documentation states that there should also be a "userId" field, which I am not seeing here.
The same thing happens when I use the "Try this API" section in the documentation. The response code is 200 but there is no userId.
Answer:
It appears that the only the users that have not accepted an invitation have their user IDs appear.
This could be a bug...
The documentation for the invitations resource doesn't make it clear as to whether this is intended behaviour or not. I used the Try this API feature of the invitations.list method and I was able to retrieve the userId for some users, not not others. I followed up my search and it appears you have already filed this issue with Google on Issue Tracker:
Invitations.list does not return userId field
Things to do:
To make sure that you're always receiving the userId when it is available, you can specify in the request to retrieve all response fields with a wildcard (*). You can test this on the Try this API feature by entering the courseId, expanding Show standard parameters and entering a * in the fields box.
Note: As this appears to be a bug, using the wildcard is not a solution; but something that may be helpful for users if attempting to retrieve a response key that isn't default.
REST Resource: invitations | Google Classroom API
Method invitations.list | Google Classroom API
Invitations.list does not return userId field | Google Issue Tracker
Following the steps for creating incoming webhooks via add to slack button. The final response will look like this:
{
"access_token": "xoxp-XXXXXXXX-XXXXXXXX-XXXXX",
"scope": "incoming-webhook,commands,bot",
"team_name": "Team Installing Your Hook",
"team_id": "XXXXXXXXXX",
"incoming_webhook": {
"url": "https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX",
"channel": "#channel-it-will-post-to",
"configuration_url": "https://teamname.slack.com/services/BXXXXX"
},
....
}
This provides access to team_name, channel the webhook will post to, and a url for configuration.
While this is working great and after initially storing the 'configuration' to my own webapp it displays correctly. But after a someone uses the 'configuration_url' link from the response these previous values like the channel could become obsolete. For example the webhook could be deleted from this link.
My Question is:
Is there a way to reflect this changes in my external app? As far as I can see there is no way to query information for 'incoming webhooks' via an api call from an external web application?
I also could not find any api calls that could change webhook configuration directly without using the provided link.
Its not possible to change the webhook configuration after it is created. The only possible change is that the workspace that installed your Slack app (which contains the webhook) is uninstalled.
If that happens the webhook will no longer work and you will get an error in response.
You can also get notified when you app is uninstalled by listening to the app_uninstalled event.
Or you can also test if your app and webhook is still valid by checking the token you received during the Add to Slack process. Just call the API method auth.test with that token. If it returns the following error than the webhook is no longer valid:
{
"ok": false,
"error": "invalid_auth"
}
I am trying to test the Google Cloud Logging API on the "Try this API" feature that Google Cloud Platform has on their documentation, but I get this response back:
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
I know that my response body is correct because it works with OAuth 2.0 but fails when I use API Key.
Auth 2.0:
Working request using OAuth 2.0
API Key:
Non-Working request using API Key
Google docs says that they generate their own API Key for this "Try this API" feature. https://developers.google.com/explorer-help/
Since Google is using their own API Key, I do not understand why I am getting a response status of PERMISSION_DENIED.
Edit:
Here is a link to the Try this API feature in Google Cloud Platform if you would like to give it a try. https://cloud.google.com/logging/docs/reference/v2/rest/v2/entries/write?apix_params=%7B%22resource%22%3A%7B%22entries%22%3A%5B%7B%22logName%22%3A%22projects%2F%5BPROJECT_ID%5D%2Flogs%2Frequests%22%2C%22resource%22%3A%7B%22type%22%3A%22http_load_balancer%22%2C%22labels%22%3A%7B%7D%7D%7D%5D%7D%7D
Here is the python request that I am using in my code to create an entry:
import requests
entry = {
"entries": [
{
"logName": "projects/[PROJECT_ID]/logs/requests",
"resource": {
"type": "http_load_balancer",
"labels": {}
}
}
]
}
requests.post('https://logging.googleapis.com/v2/entries:write?key=[YOUR_API_KEY]', data=json.dumps(entry))
The API key was created from my user that has "logs writer", "logs viewer", and "logging admin" permissions. This theoretically should be all the permissions I need to make the post request. However, it is still returning a "PERMISSION_DENIED" status.
Any help would be much appreciated. Thank you in advance.
It looks like you are making a request to write data which isn't publicly writable. API Keys have no concept of user, they are only identifying you are allowed to call an API. So it looks like your API key request is working to the extent it can, but the response is telling you: I don't know who you are so I can't let you do this.
OAuth 2.0 is the solution here, as it acts on behalf of your account (you have to give consent), allowing the API to verify you have permission to take this action.
Service accounts are another option, to act on behalf of your project instead of your user, but they aren't practical from a web UI.
According to https://cloud.google.com/resource-manager/docs/authorizing it's possible to authorize requests using an API key. I can't get it to work.
Here's what my request looks like:
curl -H "Content-Type: application/json" -X POST -d '{"key":"<Some Key>"}' https://cloudresourcemanager.googleapis.com/v1beta1/projects
Response:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Any help highly appreciated.
For any request for information that is not public oAuth2 is required. So in that sense the documentation is misleading as an API key is not valid for this kind of request.
You can also check what kind of authorisation any specific api call requires by selecting the specific call and Using the "Try this API"
Example of projects.get
Here is a link to another stack overflow question with an answer explaining where to go from here
Create Google Cloud Project with Cloud Resource Manager API
My application uses Outlook Push Notifications REST API to get updates for a set of users.
The code I use to make the registration is like following:
HTTP POST to:
https://outlook.office.com/api/v2.0/users/<user email>/subscriptions
POST data = {
'#odata.type': '#Microsoft.OutlookServices.PushSubscription',
'Resource': 'https://outlook.office.com/api/v2.0/me/messages',
'NotificationURL': 'https://<my_valid_hostname>/api/subscriptions',
'ChangeType': 'Created, Deleted',
'ClientState': <user UUID>,
}
This code always worked fine, but since Sep 26 it stopped to work for mostly of users. The HTTP request to make a registration to web notification returns HTTP 403 error:
HTTP 403 Error: https://outlook.office.com/api/v2.0/users/<user email>/subscriptions
{
"error": {
"code": "ErrorAccessDenied",
"message":"Access is denied. Check credentials and try again."
}
}
This application is a backend aplication registered in Azure AAD portal and uses a token which allow me to do the requests on behalf of the users.
My token credentials are working fine. I use the same token for Graph API and Outlook API without errors. I refreshed it to see if the error go away, but it doesn't work. The error comes for fresh tokens anyway.
For some users I get no error, it always work. The subscription is created fine and I get the subscription data in JSON returned, as usual.
This make me think that it may be a problem in Microsoft side, but I have no way to check this.
So how can I fix this error for the affected users?
First thing that comes in my mind is that did you forgot to renew your calendar subscriptions? It's something like max. 14 days those are alive. Anytime before expiration you can renew subscriptions and after that you still can revive subscriptions.
In fact now I tested new subscription with my app and I get only 7 days to expiration date.
At this point I got that you are getting error when creating new subscription.. are you sure your access_token is still valid?
For future SO users,
POST https://outlook.office.com/api/v2.0/me/subscriptions
Content-Type: application/json
Authorization: Bearer <access_token>
{
"#odata.type":"#Microsoft.OutlookServices.PushSubscription",
"Resource": "https://outlook.office.com/api/v2.0/<Outlook-Resource>",
"NotificationURL": "<My-Endpoint-Url>",
"ChangeType": "Created,Updated,Deleted"
}
Optional ClientState in body, allows the listener to check the legitimacy of the notification.
Check out the docs for more info.