I try to implement the microsoft auth into my application using Laravel Socialite, but since I'm working in a multi-tenant environment, I need to assign a user to a organisation. Is there anything such a microsoft organisation id or a domain name I can access in the docs? I'm unable to find it in the docs.
Also I try to get the street, postal and city and wasn't able to access that as well, but this is not as critical as the company identifier.
I found this thread, but it handles over Google, so maybe the approach might be similar:
How do I get a user's organization id when they login with Google oauth?
As I searched, I also found this docs, which seems to list all available fields of oauth: https://learn.microsoft.com/de-de/azure/active-directory/develop/id-tokens
https://learn.microsoft.com/en-us/graph/auth-v2-user#4-use-the-access-token-to-call-microsoft-graph
According to this docs: https://learn.microsoft.com/en-gb/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-permission-scopes you can add tenant details to the request including the id, display name and verified domains.
I am using Socialite in Laravel to login with Twitter.
I know that not all twitter users have an email attached to their account, but for my application the user does need an email address. I am fine to block logins from people who do not have an email attached, but at the moment every user does have the email field set to null.
I am using this function to redirect to twitter:
return Socialite::driver($provider)->redirect();
I have already tried using scopes like this:
return Socialite::driver($provider)->scopes(['email'])->redirect();
But twitter is the only provider that does not allow scopes.
The callback returns the email address for other providers like facebook and google, but there seems to be something that I am missing while using twitter.
For OAuth1 there was a setting somewhere to enable the option to return the email field aswell, but since twitter accepts OAuth2 I can not find this setting anymore in the Twitter developers panel.
Any help would my appreciated since most of the information about this topic is outdated.
The solution was found in the twitter developers dashboard.
First of all go to the settings of your app.
Then you have to fill in a link to your privacy policy & terms page.
After that also enable OAuth 1.0 en then an option pops up to also receive the email address from the user that is trying to log in.
Twitter's new Oauth 2.0 user authentication does not currently (at the time of writing this answer) provide access to the user's email address, and will require an additional scope to be added. This is on the Twitter API roadmap and is a known feature request.
You can still use OAuth 1.0A and set the option to request the user's email address.
i write some code to connect with google api Doubleclick bid manager
I download client_secrets.json at https://console.cloud.google.com/apis/credentials? then run some code like
require 'google/apis/doubleclickbidmanager_v1'
require 'google/api_client/client_secrets'
service = Google::Apis::DoubleclickbidmanagerV1::DoubleClickBidManagerService.new
service.authorization = Google::Auth.get_application_default(['https://www.googleapis.com/auth/doubleclickbidmanager'])
service.download_line_items
it response some errors like:
Sending HTTP post https://www.googleapis.com/doubleclickbidmanager/v1/lineitems/downloadlineitems?
403
#https://www.googleapis.com/doubleclickbidmanager/v1/lineitems/downloadlineitems == 403 (354 bytes) 1091ms>
Caught error unauthorizedApiAccess: You are not authorized to use DoubleClick Bid Manager API. Please contact dbm-support#google.com.
Error - #
Google::Apis::ClientError: unauthorizedApiAccess: You are not authorized to use DoubleClick Bid Manager API. Please contact dbm-support#google.com.
And when i run api at https://developers.google.com/apis-explorer, it return "You are not authorized to use DoubleClick Bid Manager API. Please contact dbm-support#google.com." too
Some one know this errors, plz check and help me
When your application requests private data, the request must be authorized by an authenticated user who has access to that data. Every request your application sends to the Google DoubleClick Bid Manager API must include an authorization token. The token also identifies your application to Google.
This is what the error means by
"You are not authorized to use DoubleClick Bid Manager API.
Make sure that you include the following scope when requesting authentication of the user.
https://www.googleapis.com/auth/doubleclickbidmanager
More info can be found here and there is documentation here on how to get it working with ruby you will need to alter the example there for your api as this is for calendar.
Note about service accounts.
Service accounts must be pre-authorized in order to work. In the case of Google drive you can take the service account email address and share a folder on your google drive with it. Basically you share data with the service account granting it access to the data. Not all google apis support service account authentication. Youtube api, Doubleclick, and blogger I think addsence or adWords as well, are a few that do not support service account authentication as there is no way to share the data with a user without them responding to the share request.
For Eg: Using google drive api i made an API call to get permission from user and generate access token and got user details using that token. In that case before getting permission from user if i logged in into multiple google accounts in my browser and i tried through particular mail Id through my app. I need to display only that mail id for permission , Not to display all the logged in mail ids. How to filter for particular mail id through api call.
My sample api call:
https://accounts.google.com/o/oauth2/auth?client_id=CLIENT_ID +&redirect_uri=REDIRECT_URI &scope=email+profile+https://www.googleapis.com/auth/drive&response_type=code&access_type=offline
I just removed prompt=select_account keyword from this api call. but it still display all accounts. How to filter for particular mail id?
You add the login_hint parameter with an account value to the authentication request.
I am using https://maps.googleapis.com/maps/api/geocode/json? link with server key and user IP to find the latitude and longitude of any address, when I'm trying I find the error as
I have a server access key from google and I have put my server's IP address in the their white list.
The URL that I am trying to access via PHP CURL is:
https://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&sensor=true&key=XXXXXXXXXXXX
The result that I am getting:
Array ([error_message] => This IP, site or mobile application is not authorized to use this API key. [results] => Array ( ) [status] => REQUEST_DENIED)
Is there anything that I need to configure.The geocoding API is also switched on.
I had the same issue and I found this.
On the url, it requires the server key in the end and not the api key for the app.
So Basically, you just add the server key in the end of the URL like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&sensor=true&key=SERVERKEY
Now, to obtain the server key, just follow these steps:
1) Go to Developer Console https://code.google.com/apis/console/
2) In the Credentials, under Public API Access, Create New key
3) Select the server key from the option.
4) Enter your IP Address on the field and if you have more ip addresses, you can just add on every single line.NOTE: Enter the IP Address only when you want to use it for your testing purpose. Else leave the IP Address section blank.
5) Once you are done, click create and your new Server Key will be generated and you can then add that server key to your URL.
Last thing is that, instead of putting the sensor=true in the middle of the URL, you can add it in the end like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&key=SERVERKEY&sensor=true
This will definitely solve the issue and just remember to use the server key for Places API.
EDIT
I believe the web URL has changed in the past years. You can access developers console from here now - https://console.developers.google.com/apis/dashboard
Navigate to developers console - https://console.developers.google.com/ or use the link from details to navigate directly to API dashboard.
Under developer console, find Label from the left navigation panel
Select project
Choose Credentials from the left Navigation panel
You could create credentials type from the Top nav bar as required.
Hope this answer will help you and other viewers. Good Luck .. :)
Choose key
API Restriction tab
Choose API key
Save
Choose Application Restriction -> None
Save
In addition to the API key that is assigned to you, Google also verifies the source of the incoming request by looking at either the REFERRER or the IP address. To run an example in curl, create a new Server Key in Google APIs console. While creating it, you must provide the IP address of the server. In this case, it will be your local IP address. Once you have created a Server Key and whitelisted your IP address, you should be able to use the new API key in curl.
My guess is you probably created your API key as a Browser Key which does not require you to whitelist your IP address, but instead uses the REFERRER HTTP header tag for validation. curl doesn't send this tag by default, so Google was failing to validate your request.
The Google Places API does not currently support Android or iOS keys generated from the Google APIs Console. Only Server and Browser keys are currently supported.
You're trying to use an API KEY which you restricted in a way that won't allow this action.
According to Google:
Note: If you need to call web, web service, and/or mobile APIs from the same (client-side) app, create and restrict multiple keys.
So the right thing to do is to create another API KEY, and choose the correct restrictions for this matter. In your case, choose "IP addresses" (under "Application restrictions"), and use "ADD AN ITEM" to add your server ip.
Notice that leaving a blank list won't work, and will result in google changing your restrictions to "None".
Also, don't forget to add the relevant APIs under "API restrictions" (in your case "Geocoding API").
One last thing - Google is blocking the use of this API until you link your app to Google Cloud Billing Account. So if you didn't do it yet, once you successfully get a response, it will say you have to do it first (it has a free starting package).
Google Place API requires the referer HTTP header to be included when making the API call.
Include HTTP header "Referer:yourdomain.com" and this should fix the response issues.
You create an key with out referer
dont enter the referer address
For the latest version of the API the exact opposite seems to be true for me.
When calling the url https://maps.googleapis.com/maps/api/geocode/json?address=<address>&key=<key> I was getting the following error
You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account
Once I switched the order to https://maps.googleapis.com/maps/api/geocode/json?key=<key>&address=<address> it worked fine.
Note that the error message received above was the message I got when going directly to the URL in the browser. When I called the API from a software program I received an HTML response with basically the following message:
We're sorry... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
Also, the corresponding API should be enabled for the given project
https://console.developers.google.com/apis/library?project=projectnamehere
For iOS or Android apps, the key needs an extra privilege granted.
Go to the Google Console -> APIs and Services -> Library. Tap the Places library for your platform and then tap Enable.
See https://developers.google.com/maps/gmp-get-started#enable-api-sdk
The reason this error is occurring because of the restrictions you have added when you create add the sha1 fingerprint on google cloud console , remove the fingerprints from android or ios then save .(the ip of that mobile phone will no longer be restricted)
Authentication, quotas, pricing, and policies
Authentication
To use the Directions API, you must first enable the API and obtain the proper authentication credentials. For more information, see Get Started with Google Maps Platform.
Quotas and pricing
Review the usage and billing page for details on the quotas and pricing set for the Directions API.
Policies
Use of the Directions API must be in accordance with the API policies.
more know : visit:--- https://developers.google.com/maps/documentation/directions/start?hl=en_US
url = https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving&key=AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY
add only in AppDelegate like
GMSServices.provideAPIKey("AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY")
and remove the key in this url.
now url is
https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving
Disable both direction api and geocoding api and re-enable.
it works for only 5-10 seconds and than automatically disabled itself.
it means you have only 5-10 sec to test you assignment.