When executing the courses.courseWork.studentSubmissions.modifyAttachments method in the Google Classroom API, a 403 error is returned when I try to add the attachment to the student's submission.
GoogleJsonResponseException:
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "#ProjectPermissionDenied The Developer Console project is not permitted to make this request.",
"reason" : "forbidden"
} ],
"message" : "#ProjectPermissionDenied The Developer Console project is not permitted to make this request.",
"status" : "PERMISSION_DENIED"
}
The call is being made from an authenticated student account and being added as a Link resource. The Developer Console project DOES have the Google Classroom API enabled, and other calls to the Google Classroom API are working fine, such as courses.list and courses.courseWork.studentSubmissions.get. What am I missing? The same error is returned when using the Try it! app in the Google Classroom documentation site.
When modifying assignments/courseWork or student submissions, only the Developer console project that created those objects can modify them. This means that only projects that created the corresponding course work can modify them, otherwise a 403 PERMISSION_DENIED error is returned. You can easily determine if the course work item is associated with the Developer Console project making the request by checking the associatedWithDeveloper property on the Google Classroom course work response.
It took me a while to figure this out myself, but the best way to go in my opinion is to first create the coursework (i.e. assignment or question) itself with Google Script or using the Classroom API. The coursework is then associated with the correct console project and you are cleared to manage the submissions from thereon.
All Classroom API methods may return a PERMISSION_DENIED (HTTP 403) error if an end user does not meet prerequisites for access. The message accompanying the error contains an error message to help you identify the cause and direct users to take the appropriate action.
ProjectPermissionDenied indicates that the request attempted to modify a resource associated with a different Developer Console project.
Possible Action: Indicate that your application cannot make the desired request. It can only be made by the Developer Console project of the OAuth client ID that created the resource.
Related
My app needs to create a Google Calendar and manage events in it for users. Google API Console allows to create a consent form for this scope:
https://www.googleapis.com/auth/calendar.app.created
It is supposed to allow creation of secondary calendars and events in those calendars. Description reads:
Make secondary Google calendars, and see, create, change, and delete
events on them
However, after a user gives permission through the consent form etc, I am getting PERMISSION_DENIED when I try to create a calendar (I am using the REST api https://www.googleapis.com/calendar/v3/calendars)
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"errors": [
{
"message": "Insufficient Permission",
"domain": "global",
"reason": "insufficientPermissions"
}
],
"status": "PERMISSION_DENIED"
}
}
My code and the rest of the plumbing (authorization code, access token etc) works because if I use this scope:
https://www.googleapis.com/auth/calendar
I am able to create the calendar.
So, anybody knows if https://www.googleapis.com/auth/calendar.app.created is deprecated or something? It is not listed in the V3 calendar documentation but I was hopping that it continue to work. I hate to ask the user for full permission to all calendars since I only want to create and access a secondary calendar and that scope supposed to do exactly what I need.
Thoughts?
As you can see under OAuth 2.0 Scopes for Google APIs, https://www.googleapis.com/auth/calendar.app.created is not a valid scope for Calendar API v3.
The documentation for Calendars:insert states that the only valid scope for creating a new calendar is https://www.googleapis.com/auth/calendar
You notice yourself that if you try to create a calendar with https://www.googleapis.com/auth/calendar.app.created - be it on OAuth2 playground or elsewhere - the request fails with a 403 error
CONCLUSION
Unfortunately https://www.googleapis.com/auth/calendar.app.created is not a valid scope, the acceptance of this scope on OAuth2 playground is a bug.
https://www.googleapis.com/auth/calendar.app.created might not seem as valid scope - but works for me.
Successfully could create new calendar with that scope, then manage events within it, and calendar itself appears on list of calendars in calendar.google.com
Can't really help much without knowing exactly the flow you have on creating and executing requests to google. Also keep in mind it worked for me with server side app. Using latest library provided by google for PHP.
The luis resources that I created aren't showing up in the Luis portal (posted a question here) so decided to use the REST APIs to configure things manually. With the REST endpoints I was able to import apps. However, I wasn't able to add LU resource to the imported apps despite that the APIs return success.
Below is the call.
POST https://westus.api.cognitive.microsoft.com/luis/api/v2.0/apps/<appid>/azureaccounts
{
"azureSubscriptionId": "<id>",
"resourceGroup": "<rg name>",
"accountName": "<resource name>"
}
returns 201 CREATED
{
"code": "Success",
"message": "Operation Successful"
}
However, a subsequent GET call returns empty result.
GET https://westus.api.cognitive.microsoft.com/luis/api/v2.0/apps/<appid>/azureaccounts
tried the GET call a couple hours after and it is still returning empty result. What is going on?
It sounds like there's something wrong with your azure account and/or your luis.ai account. There are two places to raise support requests to handle these types of matters. First is uservoice on LUIS.ai:
While issues raised here are typically routed back to the bot framework support team, once there, they can be escalated.
Secondly, you can raise the issue in Azure:
You can follow this link HERE to get to that blade quickly.
I am facing following issue when i try to update application on Luis using following request:
https://westus.api.cognitive.microsoft.com/luis/api/v2.0/apps/app-id-here
header:
Ocp-Apim-Subscription-Key:paid-subscription key
body:
{
"name": "Name of luis app",
"description": "string"
}
I am getting following error:
{
"statusCode": 401,
"message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription."
}
I am using paid subscription from Azure portal with westus region. Still facing this issue.
However, This key works when I try to get top scoring intent using following request:
https://westus.api.cognitive.microsoft.com/luis/v2.0/apps/luis-app-id?subscription-key=subscription-key-azure&timezoneOffset=-360&q=hi
This is really weird as sunscription key works for GET request but not for PUT or POST request.
Any suggestions?
PS: I am using paid subscription key.
The (subscription) keys created with a Cognitive Service LUIS resource in Azure Portal, even when added to with Assign resource in luis.ai, can only be used for runtime queries on a defined app.
The authoring endpoints on LUIS Programmatic APIs v2.0 - to create and manage apps and their elements - can only be used with the Authoring Key available in the luis.ai portal.
More information can be found in Authoring and query prediction endpoint keys in LUIS
It looks like you have two issues you are working thru here.
First, the API you are trying to post to should read "https://[location].api.cognitive.microsoft.com/luis/api/v2.0/apps/{appId}/publish". From the looks of it, you are missing the 'publish' at the end of your API call.
Second, the paid subscription key needs to be added to your LUIS app. Can you confirm it has been added? If not, follow these steps to do so:
Click Manage => Keys and Endpoints.
Next, click 'Assign resource'.
A window will pop up allowing you to select the tenant, subscription, and the key to use.
Click OK.
Click 'Publish' to make the newly generated endpoint accessible.
Make sure you add subscription primary key value in my request and also make sure you have associated your API with the product which you used the Primary key
I am new with the "outlook" api. i want to get all calender event,contact and mail from "outlook account".
but i does not get appropriate result with "outlook" account its working fine with "office365" account
i follow this documentation for get all required data
and i create application for getting data from here
but every time when i login with my outlook account it's give me an error like this.
Please help me out.
Thanks in advance...
Just ran into the same problem and found an explanation here. It appears we're going to have to wait for the accounts to be enabled unless you request a testing account as described in the link. Confirmed the same results when using the non-enabled account in the Outlook Oauth Sandbox.
From the first link
Because enabling mailboxes on Outlook.com for the Outlook REST API happens over a period of time, your existing Outlook.com account may take a while to get enabled. To test your app accessing data on Outlook.com mailboxes that have already been enabled, you can request a new, enabled Outlook.com developer preview account by emailing outlookdev#microsoft.com.
If your app accesses Outlook.com mailbox data, it should handle scenarios where the user's mailbox has not yet been enabled for the Outlook REST API. In such situations, when you make a REST request, you would get an error like the following:
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: “REST API is not yet supported for this mailbox.
Step 1 :
Click the Below Link :
https://oauthplay.azurewebsites.net/?code=M657b8bab-e543-f849-134c-0a2f85179a67&state=17661047-2a14-4c90-9edd-0119f841b559
Step 2:
Step 3 :
Step 4 :
Step 5 :
I am migrating an application to the new Google Marketplace.
To do so I have created a project in the Google API Console.
To test the installation flow, I need to share the project with a test account. I have added this account as a member of the project ("Permissions" tab of the project).
My test account has been sent an invitation to join the project.
The problem is when he accepts the invitation, he gets an error pop up (title : server error, content: undefined)
When I track the call with firebug, I can see that I have a call that fails
https://cloud.google.com/console/m/teams/showinvitation?pid=xxx&token=xxx&authuser=0
the response of this call is
{"code":5,"details":"ACCOUNT_DISABLED: Account disabled","status":400,"message":"5"}
Does someone know what this means ? Is my test email a disabled account ? Is my project a disabled account ?
Lou