401 Unauthorized on Google Photos API with API Key - google-api

Trying to build an Angular 6 application to display all photos from a particular Google Photos album. Before implementing the Angular portion, I wanted to see if I could get the data from a cURL command, using the API key I created and gave access to the Photos API.
cURL:
curl -X GET \
'https://photoslibrary.googleapis.com/v1/mediaItems?pageSize=1&key=[API KEY]' \
-H 'Accept: application/json' \
This is based on the samples from Google's documentation here: https://developers.google.com/photos/library/reference/rest/v1/mediaItems/list
However, adding my valid API key results in the following error:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Is there additional data required besides the API key to get this working? Is it even possible to use an API key in this manner, or does it require using OAuth 2.0 and all the additional hoops that come with it?

You need to obtain an OAuth AccessToken to add as an HTTP Header in your request.
Here's a breakdown of the process I've used that has worked, with the caveat that it periodically gets 401 errors from the mediaItems requests. It seems that Google is throttling the requests and denies a few if they're coming too fast.

Related

AuthCanceled: Problem with Instagram oauth2 because of redirect_uri

TL;DR: It seems to me that the problem is in the "redirect_state" query parameter in the redirect_uri. Instagram fails oauth2 requests with any query params.
I tried both drf-social-oauth2 and django-rest-framework-social-oauth2 python packages, with the same result.
I receive a 400-response from Instagram API:
400 Client Error: Bad Request for url: https://api.instagram.com/oauth/access_token
Reproducing the process from the console I get more details. A body of the response is:
{"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
Steps to reproduce the behaviour:
Set "Valid OAuth Redirect URIs" in an "Instagram Basic Display" app.
https://api.mydomain.com/auth/complete/instagram/
https://api.mydomain.com/auth/complete/instagram
Redirect my client to the URL:
https://api.instagram.com/oauth/authorize
?client_id=<my_client_id>
&redirect_uri=https://api.mydomain.com/auth/complete/instagram/?redirect_state=<value>
&scope=user_profile,user_media
&response_type=code
When the client is redirected, copy code from the URL.
Then I reproduce the libraries' request:
curl -X POST \
https://api.instagram.com/oauth/access_token \
-F client_id=<my_client_id> \
-F client_secret=<my_app_secret> \
-F grant_type=authorization_code \
-F redirect_uri="https://api.mydomain.com/auth/complete/instagram/?redirect_state=<value>" \
-F code=<code_copied_from_clients_url>
Receive 400-response:
{"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
In my Instagram profile (https://www.instagram.com/accounts/manage_access/) I see successfully added my Instagram business app.
Expected behaviour
At step 5 I expect to receive an access_token and a user_id:
{"access_token": "<access_token>", "user_id": <user_id>}
And it works this way, only in case I remove test=test from the both: auth URL from the 2nd step and the 4th step.
Additional context
I use python 3.9.7 with:
Django==3.2.10
social-auth-app-django==5.0.0
social-auth-core==4.1.0
django-oauth-toolkit==1.6.1
My Facebook/Instagram app didn't published ("App Mode: Development"). But my Instagram accounts (which I use for testing) is added as a Tester into the Facebook/Instagram app.
I even tried to put test instead of redirect_state query parameter, and it doesn't work too.
My app settings:
I'm not sure that the problem is in the library. Maybe in my Instagram business app configuration. But I don't have any clue to get how to fix it.

How to pull pubsub metrics from google api

We are using our own logging solution because stackdriver is su...bpar. I want to pull the metrics on how many unacknowledged messages there are in the pubsub. Started to read the docs on that and they are all over the place.
Found this page:
https://cloud.google.com/monitoring/api/metrics
Despite being under the api it does not describe any api calls, but does contain the description of the metric I want to extract.
Now I am thinking I need to use the monitoring api to extract what I need somehow:
https://cloud.google.com/monitoring/api/ref_v3/rest/
So I use the api explorer to try a couple of methods:
https://developers.google.com/apis-explorer/#search/monitoring/monitoring/v3/monitoring.projects.groups.list
I query and gives me an available url:
GET https://monitoring.googleapis.com/v3/projects/myprojectname/groups?key={YOUR_API_KEY}
I go to my project's console (api & credentials page) and generate an api key without restrictions and paste it in trying to curl.
curl https://monitoring.googleapis.com/v3/projects/myproject/groups?key=myrandomkeylkjlkj
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Why is this happening? How can I get the metrics? I went to the url provided but it explains oauth token creation and has nothing regarding the api keys. I just need to curl things to make sure I am going the right way.
Why does this have to be so hard? Killed several hours of my life trying to get this.
curl -H "Authorization: Bearer $(gcloud config config-helper --format='value(credential.access_token)')" https://monitoring.googleapis.com/v3/projects/myproject/groups

Issue while generating access token using OAuth2 Service Accounts

We're having an issue in generating access token using OAuth2 Service Account for Google Apps marketplace users. The token generated here would be used in accessing Google APIs(Contacts, Calendar, Mail, Admin SDK APIs) and thus all the Google Integrations within our Services are failing. This has started failing abruptly from March 9th 8AM PST. Can you please consider this as high priority and let us know the reason for the issue or if we have missed something here. We are getting API response as
{ "error": "invalid_request" }
Please find the below sample request with all the headers and params for 2 sample requests for "https://www.googleapis.com/oauth2/v4/token"(as in documentation) and "https://accounts.google.com/o/oauth2/token" endpoints. Both result in a error message with responses { "error": "internal_failure", "error_description": "Invalid Value"} and { "error": "invalid_request" } respectively.
P.S: The service email address,private key files used for generating the below signature in the sample requests works if we use respective Google Client libraries. But we are making use of Google's REST APIs. We've created a sample application in Google APIs console for testing with new service account details and this results in the same exception.
URL:
https://www.googleapis.com/oauth2/v4/token
Headers:
Content-Type:application/x-www-form-urlencoded
BODY:
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjQvdG9rZW4iLCJzdWIi
OiJqYWdzQHNvbHV0aW9udGVzdC5jb20iLCJzY29wZSI6Imh0dHBzOi8vbWFpbC5nb29nbGUuY29t
LyIsImlzcyI6IjQ2OTU3MTY1OTAxNUBkZXZlbG9wZXIuZ3NlcnZpY2VhY2NvdW50LmNvbSIsImV4
cCI6MTQ1NzU5NTkwMCwiaWF0IjoxNDU3NTkyMzAwfQ==.VrsqS0nYSUVZn_SwMi7UJEYLDqRcWLzPrF9o6av-t1IYZbRkTybEdcnwWeUfnYXl_F88gFTllmRg
LSTBahM5gqpZrEAaWrRiDEVTo6rcN3hWm7MHcmZbwgdJB8B0ObV0Ivp5aTdLC5HcqsOumJvYpDCF
SyGU8StSg9pDujERzOo=
Response:
code:400
{
"error": "internal_failure",
"error_description": "Invalid Value"
}
URL:
https://accounts.google.com/o/oauth2/token
Headers:
Content-Type:application/x-www-form-urlencoded
BODY:
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9vYXV0aDIvdjQvdG9rZW4iLCJzdWIi
OiJqYWdzQHNvbHV0aW9udGVzdC5jb20iLCJzY29wZSI6Imh0dHBzOi8vbWFpbC5nb29nbGUuY29t
LyIsImlzcyI6IjQ2OTU3MTY1OTAxNUBkZXZlbG9wZXIuZ3NlcnZpY2VhY2NvdW50LmNvbSIsImV4
cCI6MTQ1NzU5NTkwMCwiaWF0IjoxNDU3NTkyMzAwfQ==.VrsqS0nYSUVZn_SwMi7UJEYLDqRcWLzPrF9o6av-t1IYZbRkTybEdcnwWeUfnYXl_F88gFTllmRg
LSTBahM5gqpZrEAaWrRiDEVTo6rcN3hWm7MHcmZbwgdJB8B0ObV0Ivp5aTdLC5HcqsOumJvYpDCF
SyGU8StSg9pDujERzOo=
Response:
code:400
{
"error": "invalid_request"
}
EDIT:Sample request as in the documentation. This code was working for us for the past 2 years and suddenly it stopped working yesterday.
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
Content-Type: application/x-www-form-urlencoded
grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI3NjEzMjY3OTgwNjktcjVtbGpsbG4xcmQ0bHJiaGc3NWVmZ2lncDM2bTc4ajVAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvcHJlZGljdGlvbiIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTMyODU3MzM4MSwiaWF0IjoxMzI4NTY5NzgxfQ.ixOUGehweEVX_UKXv5BbbwVEdcz6AYS-6uQV6fGorGKrHf3LIJnyREw9evE-gs2bmMaQI5_UbabvI4k-mQE4kBqtmSpTzxYBL1TCd7Kv5nTZoUC1CmwmWCFqT9RE6D7XSgPUh_jF1qskLa2w0rxMSjwruNKbysgRNctZPln7cqQ
It worked after changing the sun.misc.BASE64Encoder encoding part in my code for generating jwt token.
byte[] encode = BASE64Encoder.encode(data).replaceAll("\n", "").getBytes();
(or)
Change your BASE64Encoder encoding part while generating jwt token from sun.misc.BASE64Encoder to org.apache.commons.codec.binary.Base64 as
Base64 encoder = new Base64();
byte[] encode = encoder.encodeBase64(data);
Add comments if you anyone need any clarifications.
This solution was provided by Google.

How to send auth_token in Http header

I am trying to create rest based webservices, which I want to secure them using spring security Oauth2.
What I found is then, in oauth2 we have to send auth_token in query string.
But my need is to send in header.
I have searched a lot, but I didn't get the answer which I need.
Is there anybody who can help?
Reference link [ http://www.beingjavaguys.com/2014/10/spring-security-oauth2-integration.html
]
You can test sending the access token for example using Curl:
curl -H "Authorization: Bearer <ACCESS_TOKEN>" http://www.example.com
With this you should be able to see, if server is working as expected. How to do it in client application depends on the programming language you are using.

Google Documents List API - problem retrieving a list of documents

I'd like to get a list of my documents from google docs api. First I get a authValue using ClientLogin, then I send a request to that url https://docs.google.com/feeds/documents/private/full with header set to "Authorization: GoogleLogin auth=authValue", but I always get a response "Authorization required". What should I do?
Make sure you request the token with the "writely" service when performing ClientLogin. Also, make sure that you're sending the token provided after Auth= in the ClientLogin response.
Authorization: GoogleLogin auth=DQAAA...

Resources