I'm using the google plus ruby quickstart to add "sign in with google" to a small sinatra application. I am able to successfully request the authorization code client side, but the request to exchange the code for a token fails. I've replaced all of my application's code with the code in the example repo, but I receive the same error.
# received the authorization code
# exchange it for a token
$authorization.fetch_access_token!
Error
Signet::AuthorizationError - Authorization failed. Server message:
{
"error" : "invalid_request",
"error_description" : "Required parameter is missing: grant_type"
}
I know that things are failing inside signet but i'm not sure how to inspect the request to see what is wrong.
Have you tried to set the grant_type to the refresh_token before you fetch the token from google?
I've used the same client in a rails app and shimming the grant_type into the signet auth object works.
client.authorization.grant_type = 'refresh_token'
client.authorization.fetch_access_token!
=> {"access_token"=>"foo", "token_type"=>"Bearer", "expires_in"=>3600, "id_token"=>"foo"}
Related
In my Google OAuth request using .Net HttpPost refresh_token value is missing.
Reference: https://developers.google.com/identity/protocols/oauth2/web-server#exchange-authorization-code
My input HTTP post request -
...google oauth post request details..url - (https://accounts.google.com/o/oauth2/token)...
and the postData - (client_id=<client_id>&client_secret=<client_secret_key>&grant_type=authorization_code&redirect_uri=<redirect_url>&code=<authorization_code>&access_type=offline&prompt=consent&approval_prompt=force)
Note: I have a valid response with access_token. However, refresh_token object value with empty record.
Please help.
I already reviewed these links - Not receiving Google OAuth refresh token
The call to exchange the authorization code for an access token and refresh token looks as follows.
HTTP POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}&client_secret={ClientSecret}&redirect_uri={redirectURI}&grant_type=authorization_code
You dont use access_type , approval_prompt, prompt as part of the exchange for the authorization code those are included in the HTTP GET request that shows the consent screen.
Here you can add access_type, if you have created web credentials client on google developer console.
HTTP GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline
If your interested in seeing how the calls are built up this might help. Understanding Google OAuth 2.0 with curl
I need to create request for getting data from Google Analytics API in Postman. I managed to generate access token with playground platform but I need permanent refresh token (in playground I can generate only 24h token).
I tried to generate token in Console API:
I've created project
Add analytics API in my project
Generate client ID and secret code
But I don't know which redirect URL using. Default value that was generate in JSON is urn:ietf:wg:oauth:2.0:oob","http://localhost
Than I've generated authorization code with request (from browser):
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics&redirect_uri=http://localhost&response_type=code&client_id=XXXX
And when I tried to generate access_token with POST request in Postman, sending such keys:
code:XXXXXX
redirect_uri:urn:ietf:wg:oauth:2.0:oob (also tryed http://localhost)
client_id:YYYYY
client_secret:ZZZZZZ
scope:https://www.googleapis.com/auth/analytics
grant_type:authorization_code
And got error
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
How should I set grant for Postman? Could you help me to resolve issue and understand what I do wrong
I managed to resolve my issue. It should be added redirect_url https://www.getpostman.com/oauth2/callback
I'm trying to connect with Magento 1.X Rest Api, but when I try to do a get request on:
http://magentohsot.com.br/admin/oauth_authorize?oauth_token=XXXXXX
I get the error: An error occurred. Your authorization request is invalid.
I already checked the oauth consumer key and oauth consumer secret and they are right.
To generate the oauth_token I did a get request in Postman with this:
http://magentohost/oauth/initiate?oauth_consumer_key=xxxx&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1475102900&oauth_nonce=5wq5DG&oauth_version=1.0&oauth_signature=nWhmHcih/DvtXuDOjjvJJVnWrss=&oauth_callback=xxxx
How can I fix this?
I'm trying to setup a sign in via google+ within our mobile app.
So we have a Android client that fetchs a verification code for the oauth google api.
It then sends the verification_code back to rails and rails is responsible for getting the access token / refresh token pair and then talking to the api.
I'm having issue with validation the verification_code.
At first it would return
{
"error" : "redirect_uri_mismatch"
}
So after reading a bit it seems that we should not specify a redirect_uri for android tokens but when I try to set redirect_uri to nil it fails with
{
"error" : "invalid_request",
"error_description" : "Missing parameter: redirect_uri"
}
I also tried by setting it to an empty string instead of nil and got the uri_mismatch again.
I tried to do a regular auth with a verification code obtained with the oauth playground and it works from there.
A bit of code
#authorization = CLIENT_SECRETS.to_authorization
#authorization.clear_credentials!
#authorization.grant_type = 'authorization_code'
#authorization.code = authorization_code
#authorization.redirect_uri = nil
#authorization.fetch_access_token!
Any help would be appreciated!
The Redirect URIs you send needs to match the one that you have set up in google apis console.
APIs & auth -> credentials
Ok so actually it was kinda of hidden but I found it.
So you need to set the redirect uri to the "out of band" uri set up within the credentials.
urn:ietf:wg:oauth:2.0:oob
The Client doesn't actually sets it to that value but I guess google defaults it to it.
The current signet gem does not allow redirect_uri to be set to that value so I added a PR to the main repo, In the mean time I'm using my fork and it works fine.
https://github.com/google/signet/pull/35
In google adwords, ClienLogin method is deprecated. I need to switch over to Oauth2 authentication method
My example code is below,
:method: OAUTH2_JWT
:user_agent: test
:developer_token: "*********"
:oauth2_issuer: "*********#developer.gserviceaccount.com"
:oauth2_secret: notasecret
:oauth2_keyfile: '*********-privatekey.p12'
:client_id: *********.googleusercontent.com
:oauth2_prn: *********#developer.gserviceaccount.com
:client_customer_id: *********
When i running the request , i am getting error as below
Authorization failed. Server message: (Signet::AuthorizationError)
{
"error" : "access_denied",
"error_description" : "Requested scopes not allowed: https://adwords.google.com/api/adwords/"
}
Anyone tell me solution to fetch the access token.
An OAuth2 + Google service account means that you have a Google Apps domain (e.g. you use GMail enterprise).
I recommend you to watch the Adwords API workshop on OAuth2
The OAuth2 playground is also helpful for testing purposes, before you try to use it straight from your app.