I followed incoming bot python to send a message with webhook and I want to delete it with Method:delete.
But I get error 401 and following is the error message.
{'error': {'code': 401,
'message': 'Request is missing required authentication credential. '
'Expected OAuth 2 access token, login cookie or other '
'valid authentication credential. See '
'https://developers.google.com/identity/sign-in/web/devconsole-project.',
'status': 'UNAUTHENTICATED'}}
Webhook seems to use key and token as authorization. But I cannot delete the message with the same url (with the target "data-id").
You must have downloaded the credential file. If not then follow this.
Once you download then follow the below steps to generate Auth token.
Set the environment variable
export GOOGLE_APPLICATION_CREDENTIALS=
Run this command on your terminal.
gcloud auth application-default print-access-token
Use generated token in your Postman -> Authorization -> Type OAuth 2.0 -> Access token
OR
In your headers as
headers = {
'Content-Type': "application/json",
'Authorization': "Bearer ",
...
}
It is not possible to delete the messages sent via Webhook in google hangouts chat, or at least that feature is not yet built.
If you are posting a message into a room or sending someone a DM via the project's Appscript code itself (without using Webhook, i.e via spaces.messages.create), then it is possible to delete it using this method spaces.messages.delete (check here)
If you try using the above method (spaces.messages.delete) to delete the message posted using Webhook, then you will get the following error
{
"error": {
"code": 403,
"message": "Request had insufficient authentication scopes.",
"status": "PERMISSION_DENIED"
}
}
This is because the message you are trying to delete was posted by a webhook and not via the appscript code base or using spaces.messages.create and thus the access token generated does not have the privilege to delete the message since it belongs to the appscript project and not the webhook bot.
Hope that clears your question!
Related
I used OAuth 2.0 Client Credentials Flow (2-Legged) to get access token and I followed each step as described in https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow.
But when I send the API request to get access token I received following response
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
https://medium.com/#ellesmuse/how-to-get-a-linkedin-access-token-a53f9b62f0ce
you may check this way to get linkedin access token
Hello Microsoft/Azure/Skype experts,
I'm tasked with accessing presence data from Skype For Business Online accounts from my macOS app (native).
I'm unfortunately stuck and i always get a 403 error when i access the autodiscover request and never get the link to the applications resource
I have been following this documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
STEP 1
We have registered the app in the Azure Management Portal using our Office 365 account credentials.
We have used custome redirect URL (http://localhost)
Allow Implicit Flow is set to true in manifest
We pre-configure the permissions needed for Skype for business
online
STEP 2
Issuing a GET as specified in the documentation to initiate sign in and authorization check.
GET https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=c#####-4d41-485e-871f-0a22aa79e52b&redirect_uri=http://localhost
This returns a 200 OK.
STEP 3
We got the Auto discover URL as described in the documentation.
This is what i get - i use the domain marked in RED.
STEP 4
As per the documentation, they ask me to do this
Requesting an access token using implicit grant flow
So i issue a GET as described
https://login.microsoftonline.com/oauth2/authorize?
response_type=id_token &client_id=######-4d41-485e-871f-0a22aa79e52b
&redirect_uri=http://localhost
&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b
&resource=https://webdirin1.online.lync.com
Now this shows the sign in page, i sign in and then it throws an error
AADSTS90014%3a+The+required+field+%27nonce%27+is+missing.
I researched and could not fix this error.
So after lots of research and looking at this Microsoft documentation LINK (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#requesting-individual-user-consent) , apparently there is another way of getting the bearer token.
STEP 4 - SECOND TRY
I then Request individual user consent by sending the SCOPE parameter for Skype for Business.
I then issue a GET request to
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#######-4d41-485e-871f-0a22aa79e52b&response_type=code&redirect_uri=http://localhost&response_mode=query&scope=https://api.skypeforbusiness.com/User.ReadWrite&state=12345
This returns an access code which i use in next step to get the TOKEN
STEP 5 - Get the bearer TOKEN
Issue a POST to following URL
https://login.microsoftonline.com/common/oauth2/v2.0/token With the
following data in POST body
"grant_type": "authorization_code", "client_id":
"######-4d41-485e-871f-0a22aa79e52b", "scope":
"https://api.skypeforbusiness.com/User.ReadWrite", "code":
"OAQABAAIAAACEfexX.........", "redirect_uri": "https://localhost"
This returns the bearer token in the following response JSON
{
"access_token" = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1........w4b-- gnWG_iOGtQ";
"expires_in" = 3599;
"ext_expires_in" = 3599;
scope = "https://api.skypeforbusiness.com/User.ReadWrite";
"token_type" = Bearer;
}
STEP 6
Yay! Got the bearer token at laaast!
Now back to the main documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
And where we do this - 'Resending an autodiscovery request with the bearer token'
We execute a GET request to
https://webdirin1.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Now this, as per the documentation should return this JSON
{
"_links":{
"self":
{"href":"https://webdirX.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user"},
"applications":
{"href":"https://webpoolXY.infra.lync.com/ucwa/oauth/v1/applications"}
}
}
BUT i GET A 403: PERMISSIONS denied error
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page
using the credentials that you supplied.</h3>
</fieldset></div>
So thus i have never got the applications url and I have checked the manifest, registration and i have no idea, why i get this error.
Any inputs would be appreciated.
For step 4, you need to specify nonce=somestring in the URL. Typically this should be a securely random value that is only used once. It can contain any value.
Also, you are only requesting an id token. Set response_type=id_token+token.
Getting auth token from uber is a two step process.
Please refer Uber Auth API
Ask the uber user to authorize : call GET https://login.uber.com/oauth/v2/authorize?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}
Provide your client_id and redirect_uri specific to your website. If the authorization is successful, you will be redirected to your site with the code in the query parameter.
The the code you get in step 1 to retrieve auth token.
Send an HTTP POST request to https://login.uber.com/oauth/v2/token. Following should be the json you send to server:
{
"client_secret": "{client_secret}",
"client_id": "{client_id}",
"grant_type": "{authorization_code}",
"redirect_uri": "{redirect_uri}",
"code": "{insert authorization code obtained in previous step}"
}
In the step two I always get a error 400 with "invalid grant type" message. Please suggest where am I going wrong.
You need to send the parameter as form-data, not JSON. Take a look at the curl example in section 3 here: https://developer.uber.com/docs/authentication
The authorization and authentication documentation doesn't mention anything about JSON, therefore application/x-www-form-urlencoded media type is to be used to send the HTTP POST request to the /oauth/v2/token API endpoint
I implemented the client Side of OpenIDConnect authentication/provisioning/federation for few OAuth2-OpenIdConnect providers. But I fail to get Google OpenID People https://developers.google.com/+/api/openidconnect/getOpenIdConnect working.
I have no problem with the 1st part of OpenID Authentication/Authorization and get the Identity token from JSONWEBtoken without trouble. Nevertheless I fail to access the $identityApiUrl. The odd thing is that the old google's userinfo API works!!! Only the new one fails with an authorization error.
For PeopleAPI I used a Bearer token reusing the access_token, I got with my authorization request. Exactly like I do with the old API.
Here after a short extract from my code with the URL and scopes I used, as well as the error, I get when replaying manually with a curl the request.
Questions:
Is there a special authentication method for OpenIdConnect People API ?
Do I need to request special authorization in the application console ?
Extract from code with API's URL
// main IDP configuration URLs
protected $openidconnect = true; // Google supports OpenID-Connect
protected $authTokenUrl = 'https://accounts.google.com/o/oauth2/auth';
protected $accessTokenUrl= 'https://www.googleapis.com/oauth2/v3/token';
// I fail to get Google People OpenIdConnect API to work :(
//protected $identityApiUrl= 'https://www.googleapis.com/plus/v1/people/me/OpenIdConnect';
protected $identityApiUrl= 'https://www.googleapis.com/oauth2/v1/userinfo';
// OAuth2 action-1: getAuthUrl($state) build authorization token url
protected $scopes = ['openid','email','profile']; // request authentication & email
The error code, when replaying the request with curl
[apache#vz-bzh GeoToBe]$ curl -X GET -H "Authorization: Bearer ya29.5ABSl_75eP_zYFho_E-wVjPlZJc1XfY398HZqJjMxvRxBEWteLKZwNeh2v0BPwWuoH1iLpESeBQvFw" https://www.googleapis.com/plus/v1/people/me/openIdConnect
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration."
}
}
you need to enable the "Google+ API" under APIs & auth in the Google API console.
I am using the PayPal REST API for the first time and trying to get an authentication token but keep getting an "Invalid credentials error".
I am following Step 2 in the documentation found here:
https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/
I am using the Chrome extension "Advanced rest client"
Here are the values entered in the rest client:
Header:
content-type:application/x-www-form-urlencoded
Accept:application/json
Form data
grant_type:client_credentials
clientId:ASF6RRBP0uTq7FnC90tpFx7vfA-Pliw8uQDjv5RZ10Y_NVspuc88pUPLN6yM
secret: EAdx7BDKzWczDomYG2QDHu8jhaAXj4xDZLHadvL5aRfesjwo5c81zbSpRxuE
When I send the request I get the following error:
{
error: "invalid_client"
error_description: "Invalid client credentials"
}
Can anyone help me to figure what I am doing wrong here?
Form data should only contain
grant_type=client_credentials
and then add header
Authorization: Basic put base64of(clientid:secret)here
don't pass client id and secret in form data.