I'm trying to explore the Google Identity Toolkit API using the Google API Explorer. The API hints that "No auth required", however when I try to execute a request there is an error message:
This method requires you to be authenticated. You may need to activate the toggle above to authorize your request using OAuth 2.0.
If I try to use the OAuth 2.0 toggle and Authorise the API I get a 400 error:
Error: invalid_request
Missing required parameter: scope
But Google Identity Toolkit API does not declare any scopes.
Please can someone help?
UPDATE:
Further errors I get when using the API Explorer: When trying to execute the getAccountInfo request, I pass a request body with the localId field populated. The response I get is:
400 OK
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "invalid",
"message": "INVALID_SERVICE_ACCOUNT"
}
],
"code": 400,
"message": "INVALID_SERVICE_ACCOUNT"
}
}
Here is the list of Google API scopes:
https://developers.google.com/identity/protocols/googlescopes#oauth2v2
This completely omits Identity Kit.
Tying in a random string into the scopes box produces an error:
I have guessed up that the scope should be https://www.googleapis.com/auth/identitytoolkit by looking at the pattern.
And this scope does not cause an error. So this means it is a valid scope, even though it is undocumented.
That said, I used an API request of:
POST https://www.googleapis.com/identitytoolkit/v3/relyingparty/downloadAccount?fields=kind%2CnextPageToken%2Cusers&key={YOUR_API_KEY}
{
"maxResults": 999
}
And it produced:
200 OK
{
"kind": "identitytoolkit#DownloadAccountResponse"
}
So I will say that I have successfully executed this query while using an undocumented feature. However, it appears that the result from the server is incorrect.
This should answer your question, although the result is simply shining light on a broken server implementation.
I have not reported the bugs / undocumented feature in this answer and would appreciate assistance in that effort.
You may find how to use Google Identity Toolkit from the official site. If you really want to manually try Google Identity Toolkit API, you need to enable the API in your Google Developers Console project, create an ApiKey in the project, and call the API using a command tool like curl. The request syntax should follow the one shown in the Google API Explorer.
Related
I am trying to fetch data from Google Sheets via the Azure Data Factory. I have a data flow configured, and a Google Sheets Linked Service configured as well. The Google Sheets Linked Service is using an API key that has no Application Restrictions, and for API restrictions, it is restricted to Google Sheets. When I test the connection, it is successful. However, when I try to fetch a spreadsheet using the data flow in debug mode, I get the error:
at Source 'GoogleSheetsOutput': Failure to read most recent page request: DF-REST_001 - Error response from server: Some({
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}), Status code: 403. Please check your request url and body. (url:https://sheets.googleapis.com/v4/spreadsheets/<my_spreadsheet_id>/values/Sheet1!A2:B3,request body: None, request method: GET)
I made a service account, and shared the google sheet with the service account e-mail, and I also shared it with the admin on the account, which is where the API Key was made.
Any ideas what I need to do here? I would also prefer to use oauth / service account instead if possible, so I am happy to go down that route if there is some documentation I can follow.
"error": { "code": 403, "message": "The caller does not have permission", "status": "PERMISSION_DENIED" }
I tried to repro this and got the same error.
To solve this, I changed access of my google sheets from restricted to Anyone with the link
It worked and data is previewed without error.
I've got project, where I have to login through google sign in. I have created google project. Set up client/secret keys. I got to the point where I'm making post request to my web app server and sending there the accessToken:
OAuth2ConnectionFactory<Google> connectionFactory = (OAuth2ConnectionFactory<Google>) connectionFactoryLocator().getConnectionFactory(Google.class);
AccessGrant accessGrant = new AccessGrant(accessToken);
Connection<Google> connection = connectionFactory.createConnection(accessGrant);
The request is:
GET https://www.googleapis.com/plus/v1/people/me
Accept: application/json, application/*+json
Authorization: Bearer etc.
Here I got exception: 403 Forbidden. I had to manually track what the actual request is done and made rest request manually to replicate the issue with given headers.
Here is the result I'm getting:
"code": 403, "message": "Legacy People API has not been used in
project ... before or it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=...
then retry. If you enabled this API recently, wait a few minutes for
the action to propagate to our systems and retry."
First of all the link fails to load. I didn't find any "Legacy People API". Only new People API.
I wonder if there is any solution to this problem? I have enabled People API and waited for long enough but the same error remains.
EDIT 1:
I think the project spring-social is dead. Will rewrite login logic and kick spring-social out of it..
ME TOO . this my problem. I'm waiting 6 hours
"code": 403, "message": "Legacy People API has not been used in project
Try using the Google Identity Platform OAuth API instead of the Legacy People API.
Request URL:
https://content.googleapis.com/games/v1/players/[CORRECT_PLAYER_ID]?access_token=[CORRECT_APPLICATION_ACCESS_TOKEN]
The application is Server and set up like here:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
The only response is:
{
"error": {
"code": 500,
"message": null
}
}
In API Explorer I have:
...
"code": 401,
"message": "User has not completed registration."
...
What is wrong with my use case? How I can workaround Verification of Google Play Services User ID?
A 500 response is a server-side error, which sounds more like a bug than a question. It looks like they have a place to report bugs here.
I think this might not execute through the APIs Explorer this way because you haven't registered your project with the credentials being used; it doesn't currently have a way to use your own credentials instead.
We are using our own logging solution because stackdriver is su...bpar. I want to pull the metrics on how many unacknowledged messages there are in the pubsub. Started to read the docs on that and they are all over the place.
Found this page:
https://cloud.google.com/monitoring/api/metrics
Despite being under the api it does not describe any api calls, but does contain the description of the metric I want to extract.
Now I am thinking I need to use the monitoring api to extract what I need somehow:
https://cloud.google.com/monitoring/api/ref_v3/rest/
So I use the api explorer to try a couple of methods:
https://developers.google.com/apis-explorer/#search/monitoring/monitoring/v3/monitoring.projects.groups.list
I query and gives me an available url:
GET https://monitoring.googleapis.com/v3/projects/myprojectname/groups?key={YOUR_API_KEY}
I go to my project's console (api & credentials page) and generate an api key without restrictions and paste it in trying to curl.
curl https://monitoring.googleapis.com/v3/projects/myproject/groups?key=myrandomkeylkjlkj
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Why is this happening? How can I get the metrics? I went to the url provided but it explains oauth token creation and has nothing regarding the api keys. I just need to curl things to make sure I am going the right way.
Why does this have to be so hard? Killed several hours of my life trying to get this.
curl -H "Authorization: Bearer $(gcloud config config-helper --format='value(credential.access_token)')" https://monitoring.googleapis.com/v3/projects/myproject/groups
The google verification api is giving me a 503 error "An unexpected error occurred. Please try your request again." whenever I try to verify a domain using the TAG_MANAGER method.
This occurs when I try to use the API via the PHP client library and also when I use Google's API explorer. However, if I log in to Google Webmaster Tools and add the site, using Tag Manager as the verification method, I am able to successfully verify myself.
I've attached debugging information from the API explorer below, but it's very light on detail. My support request in the webmaster central forum has been met with deafening silence, but I'm not sure where else to ask.
Request
POST https://www.googleapis.com/siteVerification/v1/webResource?verificationMethod=TAG_MANAGER&key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer ya29.iAC-QBa-7nzvS2lpFFmfcej2Y0suhiWHgS8SivKN9jpYWffljsRV7rbL
X-JavaScript-User-Agent: Google APIs Explorer
{
"site": {
"identifier": "http://unit1-28leanyerdriveleanyer.com",
"type": "SITE"
},
"owners": [
"loboyle#raywhite.com"
]
}
Response
503 Service Unavailable
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "An unexpected error occurred. Please try your request again."
}
],
"code": 503,
"message": "An unexpected error occurred. Please try your request again."
}
}
https://www.googleapis.com/siteVerification/v1/webResource?verificationMethod=TAG_MANAGER&key={YOUR_API_KEY}
may need to be
https://www.googleapis.com/siteverification/v1/webResource?verificationMethod=TAG_MANAGER&key={YOUR_API_KEY}
also, a few additional notes
For Google to use your Google Tag Manager container snippet code for Webmaster Tools verification, the code must be placed immediately after the opening tag of your page.
The method you provided is used for verifying a site or domain, be sure you intend to verify a site, because this is what your request currently contains.
This method requires you to be authenticated (OAuth 2.0)
http://code.google.com/apis/accounts/docs/OAuth2.html
Ensure you have visited the following link
http://www.google.com/tagmanager/features.html
I finally stumbled across the fix for this today. The problem was that the service account running the requests needs to have "View and Manage" permissions on the applicable Tag Manager account, not just on the container that is actually being used. Only view access is required to the actual container.
While this isn't exactly desirable (we have 20+ containers for different sites/applications within the one account), it does resolve the problem and allow the Tag Manager site verification to work as intended.
I'm not sure whether the documentation has been changed since I originally had this problem or whether I just missed it. The required permissions are unexpected and the response code is misleading (a 403 would make more sense).
Check if you've enabled "Maintenance Mode" on your domain you're trying to verify using Google. Disable it and you're done.