I am attempting to write some code in webDNA to connect to the google drive api. Using the service account seems to be the best solution for the given problem. From what I have read the process is... create the JWT, send the JWT to google to get a token response, then send the taken response to call api methods.I believe my issue is with the private key.
I build and encrypt the header:
[text]header={"alg":"RS256","typ":"JWT"}[/text]
[text]header=[encrypt method=Base64][header][/encrypt][/text]
[text]header=[db_base64URL varName=header][/text][!]custom function to deal with special characters[/!]
Next build and encrypt the claim(added white space for readability):
[text]claim={
"iss":"xxx",
"scope":"https://www.googleapis.com/auth/drive",
"aud":"https://www.googleapis.com/oauth2/v4/token",
"exp":[Math][cTime]+3600[/Math],
"iat":[cTime]
}[/text]
[text]claim=[encrypt method=Base64][claim][/encrypt][/text]
[text]claim=[db_base64URL varName=claim][/text]
Those sections seem to be correct, now to build the signature:
[text]p_key=-----BEGIN PRIVATE KEY-----xxxx-----END PRIVATE KEY-----\n[/text]
[text]sig=[encrypt method=SHA256][header].[claim].[p_key][/encrypt][/text]
[text]sig=[encrypt method=Base64][sig][/encrypt][/text]
[text]sig=[db_base64URL varName=sig][/text]
I have tried moving the [p_key] around, outside the sha256 encryption and inside, with and without the '.', I don't get an error till I try to send it to google using [TCPConnect] and [TCPSend] here:
[text show=T]response=[!]
[/!][TCPconnect host=accounts.google.com&SSL=T&port=443][!]
[/!][TCPsend skipheader=T]POST /o/oauth2/token HTTP/1.1[crlf][!]
[/!]Host: accounts.google.com[crlf][!]
[/!]Content-Type: application/x-www-form-urlencoded[crlf][!]
[/!]Content-Length: [countchars][sendData][/countChars][crlf][!]
[/!]Connection: close[crlf][!]
[/!][crlf][!]
[/!][sendData][crlf][!]
[/!][/TCPsend][!]
[/!][/TCPconnect][/text]
When the response is shown it is displayed as:
{
"error": "invalid_grant",
"error_description": "Invalid JWT Signature."
}
This error message is less that helpful, from what I have read it could mean one(or more) of any number of things and google's documentation on this is not exactly helpful. If anyone has any experience using the google apis through webDNA I would appreciate any help you could give!
Related
I'd like to know if there's an easy fix for this error that I'm getting while trying to add support for Google sign-in to my website, since I can only reproduce it while on a Laravel-based environment. Vanilla PHP applications do run just fine.
This is my relevant code:
if ($request->has('googleToken')) {
$client = new Google_Client(['client_id' => env('GOOGLE_PLATFORM_CLIENT_ID') ]);
$payload = $client->verifyIdToken($credentials['googleToken']);
if (!$payload) {
return response([ 'error' => 'Invalid token, please try using form-based authentication.' ], Response::HTTP_FAILED_DEPENDENCY);
}
$user['googleToken'] = $credentials['googleToken'];
}
I know I'm doing too relaxed validations, but please just focus on the fact that I'm just testing and I plan to change this code in the near future.
The code above, receives its data through an Axios PUT request from the frontend with the payload looking like this:
{
googleToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE5ZmUyYTdiNjc5NTIzOTYwNmNhMGE3NTA3OTRhN2JkOWZkOTU5NjEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwiYXpwIjoiNTkyODkzNjE3ODYzLXRscDdvaDByaTk2dTZxZGxrOXYwbHAyanQyNDlkdDNsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiYXVkIjoiNTkyODkzNjE3ODYzLXRscDdvaDByaTk2dTZxZGxrOXYwbHAyanQyNDlkdDNsLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTE1NTg0MDg0NTE2OTMxOTQzODU..."
mailAddress: "user#mail.com"
}
The problem is that the payload would simply return false. I decided to try to investigate the issue, so I went to the definition of verifyIdToken contained within Google_Client and, from there, jumped over to the function that finally returns to its parent, which is verifyIdToken from the class Verify.
Inside of that class, there's a pretty loose try/catch block in which I decided to try adding a generic exception case so that I could quickly print the error message for debugging. I did, and this is the output I got:
OpenSSL unable to verify data: error:0909006C:PEM routines:get_name:no start line
This is what's failing internally, and from this point on, I don't really have an idea about how to proceed since the error feels very cryptic, or at least it's not in my field of knowledge.
The OpenSSL error you quoted indicates that your client was not able to read any/further PEM-encoded data. Refer to https://www.openssl.org/docs/man1.1.1/man3/PEM_read.html.
OpenSSL unable to verify data: error:0909006C:PEM routines:get_name:no start line
Here,
'PEM routines' represents the library within OpenSSL
'get_name' is the function
'no start line' is the reason
Is you client able to access the necessary certificates/keys?
I'm trying to connect my server to Google's API but I keep getting the following error.
google.auth.exceptions.RefreshError: ('invalid_scope: h is not a valid audience string.', u'{\n "error" : "invalid_scope",\n "error_description" : "h is not a valid audience string."\n}')
I've looked around but I just can't seem to get why google's supplied code is giving me that error. I think it's a problem with my service.json, but I can't pinpoint what it is.
This is the code, which is pretty much swiped from Google with very limited changes.
from google.oauth2 import service_account
import googleapiclient.discovery
SCOPES = 'https://www.googleapis.com/auth/drive.metadata.readonly'
SERVICE_ACCOUNT_FILE = 'service.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
drive = googleapiclient.discovery.build('drive', 'v3', credentials=credentials)
response = drive.files().list(
pageSize=10,fields="nextPageToken, files(id, name)").execute()
print(response)
What I'm looking to do is automatically download a spreadsheet to local using Google's API maybe once an hour without user verification.
I'm having this error.
It looks like scopes is expected to be iterable, so when a single string is given, the library processes each letter separately (the first being 'h').
Try changing line 4 to add brackets:
SCOPES = ['https://www.googleapis.com/auth/drive.metadata.readonly']
Hi i have been using google shortner for a month & have tried shortening urls near about 50 times & were successful. but today when i tried shortening url for the same task, it showed me the error
object(stdClass)#9 (1) {
["error"]=> object(stdClass)#11 (3) {
["errors"]=> array(1) { [0]=> object(stdClass)#12 (4) {
["domain"]=> string(11) "usageLimits"
["reason"]=> string(23) "dailyLimitExceededUnreg"
["message"]=> string(76) "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
["extendedHelp"]=> string(36) "https://code.google.com/apis/console" }
}
["code"]=> int(403)
["message"]=> string(76) "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup." }
}
I am not able to understand what it is???
i have signed up already & using shortner service for a month. please help me out with this problem
Google limits service volume for developer who has no API key applied. Just go to developer console, apply your key, and use it in your code.
I found Google url shorter API supports only approximately three to four hundred times re-direct service for ANONYMOUS user. After that, you have to register a developer account via https://console.developers.google.com/, setup correctly, get the specified API key, and use it in your code.
Hope this helps.
Whenever I call Bing Translation API [HTTP] to translate some text, first time it works fine, and second time onwards it gives me 'bad request' [status code 400] error. If I wait for 10 or so minutes and then try again, then first request is successful, but second one onwards same story. I have a free account [2million chars translation] with Bing Translation APIs, are there any other limitations calling this API?
Thanks, Madhu
Answer:
hi, i missed to subscribing to Microsoft Translator DATA set subscription. Once i get the same, then things have solved. i.e; once i have signed up for https://datamarket.azure.com/dataset/bing/microsofttranslator then things are working.
i was generating the access_token correctly, so that is not an issue.
thanks, madhu
i missed to subscribing to Microsoft Translator DATA set subscription. Once i get the same, then things have solved. i.e; once i have signed up for https://datamarket.azure.com/dataset/bing/microsofttranslator then things are working.
i was
thanks, madhu
As a note to anyone else having problems, I figured out that the service only allows the token to be used once when using the free subscription. You have to have a paid subscription to call the Translate service more than once with each token. This limitation is, of course, undocumented.
I don't know if you can simply keep getting new tokens -- I suspect not.
And regardless of subscription, the tokens do expire every 10 minutes, so ensure you track when you receive a token and get a new one if needed, e.g. (not thread-safe):
private string _headerValue;
private DateTime _headerValueCreated = DateTime.MinValue;
public string headerValue {
get {
if(_headerValueCreated < DateTime.Now.AddMinutes(-9)) {
var admAuth = new AdmAuthentication("myclientid", "mysecret");
_headerValue = "Bearer " + admAuth.GetAccessToken();
_headerValueCreated = DateTime.Now;
}
return _headerValue;
}
}
Is there a way to validate that a Skype username is valid in a web app? (form validation upon account creation)
By valid, I do not mean by using regular expressions. We can easily check to see if it is 6-22 characters, starts with a letter, etc. I want to verify that either:
the username entered actually calls the user inputting it, similar to when we validate email by sending an email with a link to verify it or
verify that there exists in the Skype database a user with that username.
This may not be very reliable, but the following endpoint will give you different responses based on the availability of a Skype username: https://login.skype.com/json/validator. Here are two examples of (at the time of this writing) an unavailable and available username:
# Request (unavailable):
curl -iX POST -H" Application/json" https://login.skype.com/json/validator?new_username=borist
# Response:
{
"status": 406,
"status_text": "valid",
"data": {
"markup": "Skype Name not available",
"alternatives": true,
"fieldDetails": "<label>Suggestions<\/label><ul><li><label><input class=\"skypeNameSuggestion\" type=\"radio\" name=\"selectSkypeName\" value=\"borist92\"\/>borist92<\/label> <\/li><li><label><input class=\"skypeNameSuggestion\" type=\"radio\" name=\"selectSkypeName\" value=\"borist176\"\/>borist176<\/label> <\/li><li><label><input class=\"skypeNameSuggestion\" type=\"radio\" name=\"selectSkypeName\" value=\"borist417\"\/>borist417<\/label> <\/li><\/ul>"
}
}
# Request (available)
curl -iX POST -H" Application/json" https://login.skype.com/json/validator?new_username=boris3294a
# Response
{
"status":200,
"status_text":"valid",
"data":{"markup":"",
"alternatives":false,
"fieldDetails":""}
}
I guess you'll have to do exactly what you said: “similar to when we validate email by sending an email with a link to verify it”
I'd dig into Skype4py, you'll find an example of searching for someone.
So you can do:
some kind of early validation by searching for that person
sending him/her a txt message with a key/link to verify your user
See: need an python script that uses skype4py to send an instant message
Building off of pho79's answer, I have made a gist. The code simply checks to see if the message returned says that the name is unavailable meaning that it is in use. There are some other messages it sends back for other errors, so this is what I went with.
import requests
def checkName(name):
values = { "new_username" : name }
r = requests.post("https://login.skype.com/json/validator", values)
return "not available" in r.json()[u'data'][u'markup']