Google CardDAV API 403 Error - google-api

I've been trying to use Google's CardDAV APIs (and I've successfully gotten CalDAV access working). Unfortunately, I keep getting a 403 error when trying to discover the user's current-user-principal. FWIW, I have gone to Google's Developer Console and set up client information and it seems to work perfectly fine for CalDAV access.
Here is a snippet of the HTTP traffic for CardDAV:
PROPFIND https://www.googleapis.com:443/.well-known/carddav/
Depth: 0
Content-Type: text/xml
Brief: T
Authorization: Bearer ya29.1.AADtN_UD1CVKpIQPsyB4HzoKVxt4L5kPFXU3GucMTfJmJj9t0pzZqX1i3Xx748Y
<?xml version="1.0" encoding="utf-8"?>
<x0:propfind xmlns:x0="DAV:">
<x0:prop>
<x0:current-user-principal />
<x0:principal-URL />
<x0:resourcetype />
</x0:prop>
</x0:propfind>
vvvvvvvvvvvv
HTTP PROPFIND Status(403) Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<errors xmlns="http://schemas.google.com/g/2005">
<error>
<domain>GData</domain>
<code>insufficientPermissions</code>
<internalReason>Insufficient Permission</internalReason>
</error>
</errors>
If anyone has some insight as to why this might be happening, it would be greatly appreciated.
Red

You need to request access for Google Carddav API, i.e. https://www.googleapis.com/auth/carddav
I fear that still might not be enough rights, because even with that permission (and also the permission for https://www.googleapis.com/auth/contacts) I get empty reports for my addressbook. That's very strange. Even after putting a contact with my client.

I have been playing around with this today and succeeded just now.
I am using two oauth scopes
https://www.googleapis.com/auth/carddav
https://www.google.com/m8/feeds
I was getting a 403 when just using the second one.
I then do a depth 1 propfind on getetag and then a multiget to get the vcards.
The response is super speedy.
p.s. With the URL you are using you will also get an http-redirect

Related

XMLHttpRequest fail on AWS Amplify for requesting HTML

I am trying to use Jquery's ajax method to request a document to load into my page on AWS amplify. I get a 403 error from Amplify, even though the script and requested document are hosted on the same site.
I tried this from the Chrome Developer console within my web page:
$.ajax({type:"GET", url : "/_status_normal.inc"}).done(r=>console.log(r));
Response:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>K1EQ6385K38BZRWK</RequestId>
<HostId>rebHmO5sssss/pqNIomerEo/mVbCVliqu6sycTOXfc=</HostId>
</Error>
How do I make a simple XMLHTTPRequest using jQuery with AWS Amplify?
The '/' is wrong when requesting these local resources. The proper request is:
$.ajax({type:"GET", url : "_status_normal.inc"}).done(r=>console.log(r));
API Gateway is the AWS method of setting up HTTP GET/POST requests and disabling CORS.
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html

Sending SOAP Header along with main body to SOAP server using Spring Boot

As a SOAP newbie I am following the same tutorial as given in Spring boot - Server did not recognize the value of HTTP Header SOAPAction. The tutorial can be found in https://howtodoinjava.com/spring-boot/spring-soap-client-webservicetemplate/amp/
Currently I am able to send the SOAP payload with the request needed. The server is responding to say I have not authenticated.
I therefore am trying to send the SOAP header with authentication detail along with this SOAP payload. See below examples.
Firstly, I have successfully managed to get the tutorial working. The request was sent with SOAP Action and response received.
Sent request [SaajSoapMessage {http://server.windeed.co.za/windeedengine/}CheckDeedsOfficeStatus]
The response is that I have not authenticated/sent authentication details correctly. I therefore created the Authentication Object with all the necessary details in order to marshall and make part of the SOAP message.
I tried the below:
ObjectFactory of = new ObjectFactory();
WinDeedCredentials cred = of.createWinDeedCredentials();
cred.setUsername("Test");
cred.setPassword("Test123");
cred.setCompany("COMPANY");
cred.setRequester("SOAP");
CheckDeedsOfficeStatus cdo = of.createCheckDeedsOfficeStatus();
CheckDeedsOfficeStatusResponse dr = (CheckDeedsOfficeStatusResponse)sc.callWebService(cdo,"http://server.windeed.co.za/windeedengine/CheckDeedsOfficeStatus");
The goal is to achieve this:
POST /windeedengine3/client.asmx HTTP/1.1
Host: server.windeed.co.za
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://server.windeed.co.za/windeedengine/CheckDeedsOfficeStatus"
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<WinDeedCredentials xmlns="http://server.windeed.co.za/windeedengine/">
<Username>string</Username>
<Password>string</Password>
<Company>string</Company>
<Requester>string</Requester>
</WinDeedCredentials>
</soap:Header>
<soap:Body>
<CheckDeedsOfficeStatus xmlns="http://server.windeed.co.za/windeedengine/" />
</soap:Body>
</soap:Envelope>
Currently, with the missing Authentication details, I am told I haven't authenticated correctly.
The expected result is the correct response from the server: Online or Offline. What is the correct way?
I forgot to even revisit this topic. The problem was solved but I do not have the details immediately with me and need to travel to access them.
Prior to making the webservice call => sc.callWebService, it is important to inject the SOAP header details. I injected the xml header from SOAP UI into the code. Viola! It worked. Previously the MarshallSendAndReceive method was used with only the SoapActionCallback method. If I recall, I modified this to use WebServiceMessageCallback with an explicit definition of the xml header prior to making the webservice call.

Response for preflight has invalid HTTP status code 404

This is the responce i am getting when trying to upload a file from my client(PHP),My server is on WebApi which is hosted in one server.In my webapi i have allowed all CORS related things still i am getting this error.
Have you checked this tutorial?
Maybe when you say
In my webapi i have allowed all CORS related things
you didn't do that correctly, or maybe you enabled too many options at the same time.
It's hard to give you more details without access to your actual configuration.
There are also many posts on the same subject here on SO, have you checked them?

Invalid_grant error on trying to get access token googleapi

I'm following the steps here . I've got the authorization code in the browser, but get a:
** Access error: protocol error: "Server error: HTTP/1.0 400 Bad Request"
when I generate my request to try and obtain my token. I changed the target to http so that I could trace the http request in wireshark and I get this with line wrap added:
POST /oauth2/v3/token HTTP/1.0
Accept: */*
Accept-Charset: utf-8
Host: www.googleapis.com
User-Agent: REBOL
Content-Type: application/x-www-form-urlencoded
Content-Length: 251
code=url-encoded-my-authorisation-code&
client_id=my-client-id.apps.googleusercontent.com&
client_secret=my-client-secret&
redirect_uri=urn-blah-blah&
grant_type=authorization_code
which looks good to me.
When I use the http instead, I get this message
{"error":"internal_failure","error_description":"SSL is required to perform this operation."}
but unfortunately it's not telling me if my request is otherwise off to help me with the ssl request.
PS: I've progressed further. I removed the URL encoding from the redirect_uri and now I get an invalid_grant error. Before this it complained of a missing scheme for the redirect_uri.
On one occasion I did success in obtaining an access token but I've not been able to reproduce this. I saw my app listed in those I've granted access tokens. I removed my app and tried to grant again but keep failing.
My clock is correct so that's not the issue. The oauth2 playground works fine and as far as i can tell I'm doing the same but without success.
Mine is an installed app so I can't provide my credentials to the playground as a way to trust their redirect_uri is not provided and I get an error.
It seems that there is a limit on refresh_tokens and although removing the app from those with authority to access my calendar did not work, deleting my project from the https://console.developers.google.com/ and recreating them worked. My code then ran successfully without any changes.
Try change url to get info about token from Google use https://www.googleapis.com/oauth2/v3/tokeninfo?access_token={accessToken}
Be careful vith version api

getting autodiscover URL from Exchange email address

I'm starting with an address for an Exchange 2007 server:
user#domain.exchangeserver.org
And I attempted to send an autodiscover request, as documented at MSDN.
I attempted to use the generic autodiscover address documented at the TechNet White Paper.
So, using curl on PHP, I sent the following request:
<Autodiscover
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
<Request>
<EMailAddress>user#domain.exchangeserver.org</EMailAddress>
<AcceptableResponseSchema>
http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a
</AcceptableResponseSchema>
</Request>
</Autodiscover>
to the following URL:
https://domain.exchangeserver.org/autodiscover/autodiscover.xml
But got no response, just an eventual timeout.
I also tried:
https://autodiscover.domain.exchangeserver.org/autodiscover/autodiscover.xml
With the same result.
Now, since my larger goal is to use Autodiscover with Exchange Web Services, and since all of the EWS URLs typically use the same sub-domain as the Outlook Web Access address, I thought I'd see if the same were true for autodiscovery URLS. Since the OWA URL is:
OWA: https://wmail.domain.exchangeserver.org
I tried:
https://wmail.domain.exchangeserver.org/autodiscover/autodiscover.xml
And sure enough, I got back the expected response.
However, I only knew the OWA sub-domain because it's the server I have access to and that I'm using to test everything. I would not know it for sure or be able to guess it if this were a live app and the user was entering in their own Exchange email.
I know that the autodiscover settings must be available without knowing the OWA URL, because I can enter:
user#domain.exchangeserver.org
into Apple Mail on Snow Leopard and it finds everything without trouble.
So the question is...
Should https://domain.exchangeserver.org/autodiscover/autodiscover.xml have worked, and I just missed a step when trying to connect to it? Or,
Is there some trick (maybe involving pinging the email address?) that Apple Mail and other clients use to resolve the address to the OWA subdomain before sending the autodiscover request?
Thanks to anyone who knows or can take a wild guess.
After a bit more banging my head against the Google, I found the following very helpful article on MSDN:
http://msdn.microsoft.com/en-us/library/ee332364.aspx
Specifically the section "Calling Autodiscover"
I'm still trying to figure out how to do a Active Directory Service Connection Point search via LDAP, but step 4, for my server at least, worked like a charm:
The application sends an unauthenticated GET request to http://autodiscover.contoso.com/autodiscover/autodiscover.xml. (Note that this is a non-SSL endpoint).
If the GET request returns a 302 redirect response, it gets the
redirection URL from the Location HTTP
header, and validates it as described
in the section “Validating a
Potentially Unsafe Redirection URL”
later in this article.
Sure enough, a request sent to:
http://domain.exchangeserver.org/autodiscover/autodiscover.xml
sent back a 302 redirect URL:
https://wmail.domain.exchangeserver.org/autodiscover/autodiscover.xml
But this article gives a series of steps, so anyone wanting to implement autodiscover for an Exchange client has 5 things to try before giving up.

Resources